ISO/IEC 27000:2009 信息技术 安全技术 信息安全管理系统 综述和词汇

标准编号：ISO/IEC 27000:2009

中文名称：信息技术 安全技术 信息安全管理系统 综述和词汇

英文名称：Information technology — Security techniques — Information security management systems — Overview and vocabulary

发布日期：2009-05

标准范围

ISO/IEC 27000:2009提供了信息安全管理系统的概述，这些系统构成了信息安全管理系统（ISMS）系列标准的主题，并定义了相关术语。通过实施ISO/IEC 27000:2009，所有类型的组织（例如商业企业、政府机构和非营利组织）都有望获得:ISMS标准系列概述；信息安全管理系统简介（ISMS）；计划-执行-检查-行动（PDCA）流程的简要描述；和了解ISMS标准系列中使用的术语和定义。ISO/IEC 27000:2009的目的是提供术语和定义，并介绍ISMS标准系列:定义ISMS和此类系统认证人员的要求；为整体计划-执行-检查-行动（PDCA）流程和要求提供直接支持、详细指导和/或解释；解决ISMS的特定部门指南；和解决ISMS的合格评定。

ISO/IEC 27000:2009 provides an overview of information security management systems, which form the subject of the information security management system (ISMS) family of standards, and defines related terms. As a result of implementing ISO/IEC 27000:2009, all types of organization (e.g. commercial enterprises, government agencies and non-profit organizations) are expected to obtain:

1. an overview of the ISMS family of standards;
2. an introduction to information security management systems (ISMS);
3. a brief description of the Plan-Do-Check-Act (PDCA) process; and
4. an understanding of terms and definitions in use throughout the ISMS family of standards.

The objectives of ISO/IEC 27000:2009 are to provide terms and definitions, and an introduction to the ISMS family of standards that:

1. define requirements for an ISMS and for those certifying such systems;
2. provide direct support, detailed guidance and/or interpretation for the overall Plan-Do-Check-Act (PDCA) processes and requirements;
3. address sector-specific guidelines for ISMS; and
4. address conformity assessment for ISMS.

标准预览图