标准编号:ISO/IEC 27003:2010
中文名称:信息技术 安全技术 信息安全管理系统实施指南
英文名称:Information technology — Security techniques — Information security management system implementation guidance
发布日期:2010-02
标准范围
This International Standard focuses on the critical aspects needed for successful design and implementationof an Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2005. It describesthe process of ISMS specification and design from inception to the production of implementation plans. Itdescribes the process of obtaining management approval to implement an ISMS, defines a project toimplement an ISMS (referred to in this International Standard as the ISMS project), and provides guidance onhow to plan the ISMS project, resulting in a final ISMS project implementation plan.This International Standard is intended to be used by organizations implementing an ISMS. It is applicable toall types of organization (e.g. commercial enterprises, government agencies, non-profit organizations) of allsizes. Each organization's complexity and risks are unique, and its specific requirements will drive the ISMSimplementation. Smaller organizations will find that the activities noted in this International Standard areapplicable to them and can be simplified. Large-scale or complex organizations might find that a layeredorganization or management system is needed to manage the activities in this International Standardeffectively. However, in both cases, the relevant activities can be planned by applying this InternationalStandard.
标准预览图
立即下载标准文件