睿地可靠度論壇(TW-REDI Forum)

 找回密碼
 立即註冊
查看: 10803|回復: 1
打印 上一主題 下一主題

資訊安全管理系統 (ISMS) 國際標準系列 [複製鏈接]

Rank: 7Rank: 7Rank: 7

UID
5
帖子
1525
主題
739
記錄
1
分享
0
日誌
213
閱讀權限
100
最後登錄
2024-12-11
在線時間
2326 小時
跳轉到指定樓層
樓主
發表於 2014-4-7 10:32:54 |只看該作者 |倒序瀏覽
本帖最後由 hlperng 於 2014-4-7 15:46 編輯

配合ISO管理系統標準格式與架構統一,讓組織的不同管理系統彼此容易接軌與整合,ISO 27001:2013《資訊安全管理系統要求》已經遵循ISO/IEC指令1、ISO專屬附錄SL之國際管理系統標準章節架構規定,於2013年10月完成改版發行。

資訊安全管理系統國際標準系列,ISO/IEC 27000 ~ ISO/IEC 27015,總共15份,其中ISO/IEC 27012並沒有正式發行,ISO/IEC 27000為概觀與詞彙,ISO/IEC 27001(管理系統要求) 與ISO/IEC 27008 (認證要求)等兩份為要求文件,其餘12份為指導綱要文件(guidelines),其中ISO/IEC 27002(控制要項)、ISO/IEC 27003(執行指引)、ISO/IEC 27004(量測)、ISO/IEC 27005(資安風險管理)四份為支援PDCA的文件,ISO/IEC 27007(管理系統稽核)、ISO/IEC 27008(技術稽核)、與ISO/IEC 27009(第三方稽核與驗證機構)三份為稽核指導綱要,ISO/IEC 27010(組織間溝通)、ISO/IEC 27011(通訊產業)、27013(資訊安全管理與資訊服務管理)、27014(資訊安全治理)、27015(財務服務)、27016(組織經濟學)、ISO/IEC 27017(雲端運算服務)、ISO/IEC 27018(公共雲個人識別資訊保護)、ISO/IEC 27019(能源產業過程控制系統)為不同產業適用的資訊安全管理系統標準。其他與資訊安全技術相關的標準,包括ISO/IEC 27021(安全管理專業職能規範)、ISO/IEC 27031:2011(確保永續營運之資訊與通訊)、ISO/IEC 27032:2012(資通安全)、ISO/IEC 27033(網路安全)、ISO/IEC 27034(應用安全)、ISO/IEC 27035:2011(事故管理)、ISO/IEC 27036:2013(供應者關係資訊安全)、ISO/IEC 27037:2012(數位證據)、ISO/IEC 27038:2014(數位纂輯)、ISO/IEC 27039(入侵偵測與預防系統)、ISO/IEC 27040(儲存安全)、ISO/IEC 27041(事故調查方法)、ISO/IEC 27042(數位證據分析與解釋)、ISO/IEC 27043(事故調查原則與過程)、ISO/IEC 27044(安全資訊與事件管理)、ISO/IEC 27050(電子發現)、ISO 27799:2008(健康資訊安全管理)。
資訊安全管理系統標準系列,已發行詳細的標準編號與名稱:
  • ISO/IEC 27000:2014, Information technology – Security techniques – Information security management systems – Overview and vocabulary (ed. 3.0, 取代 ISO/IEC 27000:2012 ed. 2.0,取代ISO/IEC 27000:2005 ed. 1.0)
  • ISO/IEC 27001:2013, Information technology – Security techniques – Information security management systems – Requirements (ed. 2.0, 取代 ISO/IEC 27001:2005 ed. 1.0)
  • ISO/IEC 27002:2013, Information technology – Security techniques – Code of practice for information security controls (ed. 2.0, 取代 ISO/IEC 27002:2005 ed. 1.0)
  • ISO/IEC 27003:2010, Information technology – Security techniques – Information security management system implementation guidance (ed. 1.0)
  • ISO/IEC 27004:2009, Information technology – Security techniques – Information security management – Measurement (ed. 1.0)
  • ISO/IEC 27005:2011, Information technology – Security techniques – Information security risk management (ed. 2.0, 取代 ISO/IEC 27005:2008 ed. 1.0)
  • ISO/IEC 27006:2011, Information technology – Security techniques – Requirements for bodies providing audit and certification of information security management systems (ed. 2.0, 取代 ISO/IEC 27006:2007)
  • ISO/IEC 27007:2011, Information technology – Security techniques – Guideances for information security management systems auditing (ed. 1.0)
  • ISO/IEC TR 27008:2011, Information technology – Security techniques – Guidelines for auditors on information security controls (ed. 1.0)
  • ISO/IEC WD 27009:2014, The Use and Application of ISO/IEC 27001 for Sector/Service-Specific Third-Party Accredited Certification
  • ISO/IEC 27010:2012, Information technology – Security techniques – Information security management for inter-sector and inter-organizational communications (ed. 1.0)
  • ISO/IEC 27011:2008, Information technology – Security techniques – Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 (ed. 1.0)
  • ISO/IEC 2012, (proposed for eGovernment services but was canceled)
  • ISO/IEC 27013:2012, Information technology – Security techniques – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 (ed. 1.0)
  • ISO/IEC 27014:2013, Information technology – Security techniques – Governance of information security (ed. 1.0)
  • ISO/IEC TR 27015:2012, Information technology – Security techniques – Information security management guidelines for financial services (ed. 1.0)
  • ISO/IEC TR 27016:2014, Information technology - Security techniques - Information security management - Organizational ecomomics (ed. 1.0)
  • ISO/IEC 27017 (draft), Information technology - Security techniques - Guidelines on information security controls for the use of cloud computing services based on ISO/IEC 27002
  • ISO/IEC 27018 (draft), Information technology - Security techniques - Code of practice for PII protection in public cloud acting as PII processors
  • ISO/IEC TR 27019:2013, Information technology - Security techniques - Information security management guidelines based on ISO/IEC 27002 for process controls  specific to the energy industry) (ed. 1.0)
  • ISO/IEC 27021 (nwip), Information technology - Security techniques - Specification for competence of information security management professionals
  • ISO/IEC 27031:2011, Information technology - Security techniques - Guidelines for information and communications technology readiness for business continuity
  • ISO/IEC 27032:2013, Information technology - Security techniques - Guidelines for cybersecurity
  • ISO/IEC 27033:2009, Information technology - Security techniques - Network security
  • ISO/IEC 27034:2011, Information technology - Security techniques - Application security
  • ISO/IEC 27035:2011, Information technology - Secuirity techniques - Information security incident management
  • ISO/IEC 27036:2013, IT Security - Security techniques - Information security for supplier relationships
  • ISO/IEC 27037:2012, Information technology - Security techniques - Guidelines for identification, collection, acquisition, and preservation of digital evidence
  • ISO/IEC 27038:2014, Information technology - Security techniques - Sepcification for digital redaction
  • ISO/IEC 27039 (draft), Information technology - Security techniques - Selection, deployment and operation of intrution detection and prevention systems (IDPS)
  • ISO/IEC 27040 (draft), Information technology - Security techniqes - Storage security
  • ISO/IEC 27041 (draft), Information techhnology -Security techniques - Guidelines for ance on assuring suitability and adequacy of incident investigative methods
  • ISO/IEC 27042 (draft), Information technology - Security techniques - Guidelines for the analysis and interpretation of digital evidence
  • ISO/IEC 27043 (draft), Information technology - Security techniques - Incident investigation principles and processes
  • ISO/IEC 27044 (draft), Information technology - Security techniques - Guideline for security information and event management (SIEM)
  • ISO/IEC 27050 (draft), Information technology - Security techniques - Electronic discovery
  • ISO 27799:2008, Health information - Infornation security management in health using ISO/IEC 27002

Rank: 7Rank: 7Rank: 7

UID
5
帖子
1525
主題
739
記錄
1
分享
0
日誌
213
閱讀權限
100
最後登錄
2024-12-11
在線時間
2326 小時
沙發
發表於 2014-4-7 11:35:55 |只看該作者

資訊安全管理系統 (ISMS) CNS 國家標準系列

本帖最後由 hlperng 於 2014-4-7 11:39 編輯

經濟部標檢局發行之資訊安全管理相關 CNS 國家標準系列如下:
  • CNS 27000:2013,資訊技術 - 安全技術 - 資訊安全管理系統 - 概觀及詞彙 (Information technology - Security techniques - Information security management systems - Overview and vocabulary)(等同ISO/IEC 27000:2009)
  • CNS 27001:2007,資訊技術 - 安全技術 - 資訊安全管理系統 - 要求事項 (Information technology - Security techniques - Information security management systems - Requirements)(等同ISO/IEC 27001:2005)
  • CNS 27002:2007,資訊技術 - 安全技術 - 資訊安全管理之作業規範 (Information technology - Security techniques - Code of practice for information security management)(等同ISO/IEC 27002:)
  • CNS 270032013:,資訊技術 - 安全技術 - 資訊安全管理系統實作指引(Information technology - Security techniques - Information security management system implementtion guidance) (等同ISO/IEC 27003:2010)
  • CNS 27004:2013,資訊技術 - 安全技術 - 資訊安全管理 - 量測 (Information technology - Security techniques - Information security management - Measurement)(等同ISO/IEC 27004:2009)
  • CNS 27005:2013,資訊技術 - 安全技術 - 資訊安全風險管理 (Information technology -Security techniques - Information security risk management)(等同ISO/IEC 27005:2011)
  • CNS 27006:2010,資訊技術 - 安全技術 - 提供資訊安全管理系統稽核與驗證機構之要求 (Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems) (等同ISO/IEC 27006:2007)



您需要登錄後才可以回帖 登錄 | 立即註冊

Archiver|手機版|睿地可靠度論壇(TW-REDI Forum)   

GMT+8, 2024-12-22 21:46 , Processed in 0.033892 second(s), 9 queries .

Powered by Discuz! X2

© 2001-2011 Comsenz Inc.

回頂部