ISO/IEC 27002:2005 信息技术 安全技术 信息安全管理实施规程
标准编号:ISO/IEC 27002:2005
中文名称:信息技术 安全技术 信息安全管理实施规程
英文名称:Information technology — Security techniques — Code of practice for information security management
发布日期:2005-06
标准范围
ISO/IEC 27002:2005包括ISO/IEC 17799:2005和ISO/IEC 17799:2005/Corl.1:20 07。其技术内容与ISO/IEC 17799:2005相同。ISO/IEC 17799:2005/Cor.1:20 07将标准的参考编号从17799更改为27002。ISO/IEC 27002:2005为在组织中启动、实施、维护和改进信息安全管理建立了指导方针和一般原则。概述的目标为普遍接受的信息安全管理目标提供了一般指导。ISO/IEC 27002:2005包含以下信息安全管理领域的控制目标和控制的最佳实践:安全策略;信息安全组织;资产管理;人力资源保障;物理和环境安全;通信和运营管理;访问控制;信息系统的获取、开发和维护;信息安全事件管理;业务连续性管理;合规。ISO/IEC 27002:2005中的控制目标和控制旨在满足风险评估确定的要求。ISO/IEC 27002:2005旨在作为制定组织安全标准和有效安全管理实践的共同基础和实用指南,并帮助建立对组织间活动的信心。
ISO/IEC 27002:2005 comprises ISO/IEC 17799:2005 and ISO/IEC 17799:2005/Cor.1:2007. Its technical content is identical to that of ISO/IEC 17799:2005. ISO/IEC 17799:2005/Cor.1:2007 changes the reference number of the standard from 17799 to 27002.ISO/IEC 27002:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 27002:2005 contains best practices of control objectives and controls in the following areas of information security management:
- security policy;
- organization of information security;
- asset management;
- human resources security;
- physical and environmental security;
- communications and operations management;
- access control;
- information systems acquisition, development and maintenance;
- information security incident management;
- business continuity management;
- compliance.
标准预览图
