- 註冊時間
- 2012-1-6
- 積分
- 8440
- 精華
- 0
- 帖子
- 1525
- 閱讀權限
- 100
- 最後登錄
- 2024-12-11
- UID
- 5
- 帖子
- 1525
- 主題
- 739
- 記錄
- 1
- 分享
- 0
- 日誌
- 213
- 閱讀權限
- 100
- 最後登錄
- 2024-12-11
- 在線時間
- 2326 小時
|
本帖最後由 hlperng 於 2014-4-7 15:46 編輯
配合ISO管理系統標準格式與架構統一,讓組織的不同管理系統彼此容易接軌與整合,ISO 27001:2013《資訊安全管理系統要求》已經遵循ISO/IEC指令1、ISO專屬附錄SL之國際管理系統標準章節架構規定,於2013年10月完成改版發行。
資訊安全管理系統國際標準系列,ISO/IEC 27000 ~ ISO/IEC 27015,總共15份,其中ISO/IEC 27012並沒有正式發行,ISO/IEC 27000為概觀與詞彙,ISO/IEC 27001(管理系統要求) 與ISO/IEC 27008 (認證要求)等兩份為要求文件,其餘12份為指導綱要文件(guidelines),其中ISO/IEC 27002(控制要項)、ISO/IEC 27003(執行指引)、ISO/IEC 27004(量測)、ISO/IEC 27005(資安風險管理)四份為支援PDCA的文件,ISO/IEC 27007(管理系統稽核)、ISO/IEC 27008(技術稽核)、與ISO/IEC 27009(第三方稽核與驗證機構)三份為稽核指導綱要,ISO/IEC 27010(組織間溝通)、ISO/IEC 27011(通訊產業)、27013(資訊安全管理與資訊服務管理)、27014(資訊安全治理)、27015(財務服務)、27016(組織經濟學)、ISO/IEC 27017(雲端運算服務)、ISO/IEC 27018(公共雲個人識別資訊保護)、ISO/IEC 27019(能源產業過程控制系統)為不同產業適用的資訊安全管理系統標準。其他與資訊安全技術相關的標準,包括ISO/IEC 27021(安全管理專業職能規範)、ISO/IEC 27031:2011(確保永續營運之資訊與通訊)、ISO/IEC 27032:2012(資通安全)、ISO/IEC 27033(網路安全)、ISO/IEC 27034(應用安全)、ISO/IEC 27035:2011(事故管理)、ISO/IEC 27036:2013(供應者關係資訊安全)、ISO/IEC 27037:2012(數位證據)、ISO/IEC 27038:2014(數位纂輯)、ISO/IEC 27039(入侵偵測與預防系統)、ISO/IEC 27040(儲存安全)、ISO/IEC 27041(事故調查方法)、ISO/IEC 27042(數位證據分析與解釋)、ISO/IEC 27043(事故調查原則與過程)、ISO/IEC 27044(安全資訊與事件管理)、ISO/IEC 27050(電子發現)、ISO 27799:2008(健康資訊安全管理)。
資訊安全管理系統標準系列,已發行詳細的標準編號與名稱:- ISO/IEC 27000:2014, Information technology – Security techniques – Information security management systems – Overview and vocabulary (ed. 3.0, 取代 ISO/IEC 27000:2012 ed. 2.0,取代ISO/IEC 27000:2005 ed. 1.0)
- ISO/IEC 27001:2013, Information technology – Security techniques – Information security management systems – Requirements (ed. 2.0, 取代 ISO/IEC 27001:2005 ed. 1.0)
- ISO/IEC 27002:2013, Information technology – Security techniques – Code of practice for information security controls (ed. 2.0, 取代 ISO/IEC 27002:2005 ed. 1.0)
- ISO/IEC 27003:2010, Information technology – Security techniques – Information security management system implementation guidance (ed. 1.0)
- ISO/IEC 27004:2009, Information technology – Security techniques – Information security management – Measurement (ed. 1.0)
- ISO/IEC 27005:2011, Information technology – Security techniques – Information security risk management (ed. 2.0, 取代 ISO/IEC 27005:2008 ed. 1.0)
- ISO/IEC 27006:2011, Information technology – Security techniques – Requirements for bodies providing audit and certification of information security management systems (ed. 2.0, 取代 ISO/IEC 27006:2007)
- ISO/IEC 27007:2011, Information technology – Security techniques – Guideances for information security management systems auditing (ed. 1.0)
- ISO/IEC TR 27008:2011, Information technology – Security techniques – Guidelines for auditors on information security controls (ed. 1.0)
- ISO/IEC WD 27009:2014, The Use and Application of ISO/IEC 27001 for Sector/Service-Specific Third-Party Accredited Certification
- ISO/IEC 27010:2012, Information technology – Security techniques – Information security management for inter-sector and inter-organizational communications (ed. 1.0)
- ISO/IEC 27011:2008, Information technology – Security techniques – Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 (ed. 1.0)
- ISO/IEC 2012, (proposed for eGovernment services but was canceled)
- ISO/IEC 27013:2012, Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 (ed. 1.0)
- ISO/IEC 27014:2013, Information technology – Security techniques – Governance of information security (ed. 1.0)
- ISO/IEC TR 27015:2012, Information technology – Security techniques – Information security management guidelines for financial services (ed. 1.0)
- ISO/IEC TR 27016:2014, Information technology - Security techniques - Information security management - Organizational ecomomics (ed. 1.0)
- ISO/IEC 27017 (draft), Information technology - Security techniques - Guidelines on information security controls for the use of cloud computing services based on ISO/IEC 27002
- ISO/IEC 27018 (draft), Information technology - Security techniques - Code of practice for PII protection in public cloud acting as PII processors
- ISO/IEC TR 27019:2013, Information technology - Security techniques - Information security management guidelines based on ISO/IEC 27002 for process controls specific to the energy industry) (ed. 1.0)
- ISO/IEC 27021 (nwip), Information technology - Security techniques - Specification for competence of information security management professionals
- ISO/IEC 27031:2011, Information technology - Security techniques - Guidelines for information and communications technology readiness for business continuity
- ISO/IEC 27032:2013, Information technology - Security techniques - Guidelines for cybersecurity
- ISO/IEC 27033:2009, Information technology - Security techniques - Network security
- ISO/IEC 27034:2011, Information technology - Security techniques - Application security
- ISO/IEC 27035:2011, Information technology - Secuirity techniques - Information security incident management
- ISO/IEC 27036:2013, IT Security - Security techniques - Information security for supplier relationships
- ISO/IEC 27037:2012, Information technology - Security techniques - Guidelines for identification, collection, acquisition, and preservation of digital evidence
- ISO/IEC 27038:2014, Information technology - Security techniques - Sepcification for digital redaction
- ISO/IEC 27039 (draft), Information technology - Security techniques - Selection, deployment and operation of intrution detection and prevention systems (IDPS)
- ISO/IEC 27040 (draft), Information technology - Security techniqes - Storage security
- ISO/IEC 27041 (draft), Information techhnology -Security techniques - Guidelines for ance on assuring suitability and adequacy of incident investigative methods
- ISO/IEC 27042 (draft), Information technology - Security techniques - Guidelines for the analysis and interpretation of digital evidence
- ISO/IEC 27043 (draft), Information technology - Security techniques - Incident investigation principles and processes
- ISO/IEC 27044 (draft), Information technology - Security techniques - Guideline for security information and event management (SIEM)
- ISO/IEC 27050 (draft), Information technology - Security techniques - Electronic discovery
- ISO 27799:2008, Health information - Infornation security management in health using ISO/IEC 27002
|
|