ISO/IEC TR 18044:2004 信息技术 安全技术 数据安全事项管理

标准编号：ISO/IEC TR 18044:2004

中文名称：信息技术 安全技术 数据安全事项管理

英文名称：Information technology — Security techniques — Information security incident management

发布日期：2004-10

标准范围

ISO/IEC TR 18044:2004为信息安全经理和信息系统经理提供了关于信息安全事件管理的建议和指导。ISO/IEC TR 18044:2004规定关于良好的信息安全事件管理方法将获得的好处和与之相关的关键问题的信息（说服公司高级管理层和将向计划报告并接受计划反馈的人员应引入和使用该计划）；关于信息安全事件实例的信息，以及对其可能原因的洞察；描述引入良好的结构化信息安全事件管理方法所需的规划和文档；信息安全事件管理流程的描述*。*要对资讯保安事故作出迅速、协调和有效的反应，需要广泛的技术和程序准备。信息安全事件响应可能包括即时、短期和长期行动。为响应事件而采取的任何行动都应基于先前开发、记录和接受的安全事件响应程序和流程，包括响应后分析程序和流程。

ISO/IEC TR 18044:2004 provides advice and guidance on information security incident management for information security managers and for information system managers.ISO/IEC TR 18044:2004 provides

• information on the benefits to be obtained from and the key issues associated with a good information security incident management approach (to convince senior corporate management and those personnel who will report to and receive feedback from a scheme that the scheme should be introduced and used);
• information on examples of information security incidents, and an insight into their possible causes;
• a description of the planning and documentation required to introduce a good structured information security incident management approach;
• a description of the information security incident management process*.

* Quick, co-ordinated and effective responses to an information security incident require extensive technical and procedural preparations. Information security incident responses may consist of immediate, short- and long-term actions. Any actions undertaken as the response to an incident should be based on previously developed, documented and accepted security incident response procedures and processes, including those for post-response analysis.

标准预览图