ISO/IEC 27003:2010 信息技术 安全技术 信息安全管理系统实施指南

标准编号：ISO/IEC 27003:2010

中文名称：信息技术 安全技术 信息安全管理系统实施指南

英文名称：Information technology — Security techniques — Information security management system implementation guidance

发布日期：2010-02

标准范围

ISO/IEC 27003:2010侧重于根据ISO/IEC 27001:2005成功设计和实施信息安全管理系统（ISMS）所需的关键方面。它描述了ISMS规范和设计从开始到制定实施计划的过程。它描述了获得管理层批准以实施ISMS的过程，定义了实施ISMS（在ISO/IEC 27003:2010中称为ISMS项目）的项目，并提供了如何规划ISMS项目的指导，从而形成最终的ISMS项目实施计划。

ISO/IEC 27003:2010 focuses on the critical aspects needed for successful design and implementation of an Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2005. It describes the process of ISMS specification and design from inception to the production of implementation plans. It describes the process of obtaining management approval to implement an ISMS, defines a project to implement an ISMS (referred to in ISO/IEC 27003:2010 as the ISMS project), and provides guidance on how to plan the ISMS project, resulting in a final ISMS project implementation plan.

标准预览图