Information technology — Security techniques — Code of practice for information security management
1 Scope
This International Standard establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined in this International Standard provide general guidance on the commonly accepted goals of information security management.
The control objectives and controls of this International Standard are intended to be implemented to meet the requirements identified by a risk assessment. This International Standard may serve as a practical guideline for developing organizational security standards and effective security management practices and to help build confidence in inter-organizational activities.
2 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
2.1 asset
anything that has value to the organization
[ISO/IEC 13335-1:2004]
anything that has value to the organization
[ISO/IEC 13335-1:2004]
2.2 control
means of managing risk, including policies, procedures, guidelines, practices or organizational
structures, which can be of administrative, technical, management, or legal nature
NOTE Control is also used as a synonym for safeguard or countermeasure.
means of managing risk, including policies, procedures, guidelines, practices or organizational
structures, which can be of administrative, technical, management, or legal nature
NOTE Control is also used as a synonym for safeguard or countermeasure.
2.3 guideline
a description that clarifies what should be done and how, to achieve the objectives set out in policies
[ISO/IEC 13335-1:2004]
a description that clarifies what should be done and how, to achieve the objectives set out in policies
[ISO/IEC 13335-1:2004]
2.4 information processing facilities
any information processing system, service or infrastructure, or the physical locations housing them
2.5 information security
preservation of confidentiality, integrity and availability of information; in addition, other properties,
such as authenticity, accountability, non-repudiation, and reliability can also be involved
preservation of confidentiality, integrity and availability of information; in addition, other properties,
such as authenticity, accountability, non-repudiation, and reliability can also be involved
2.6 information security event
an information security event is an identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of safeguards, or a previously
unknown situation that may be security relevant
[ISO/IEC TR 18044:2004]
an information security event is an identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of safeguards, or a previously
unknown situation that may be security relevant
[ISO/IEC TR 18044:2004]
Link Download
ISO 27000 =
https://mega.co.nz/#!MpBg0CJY!bSi17iV5JsuTmRZOrQYruWasiGMvpmvh8Ydq5-A72IE
ISO 27001 =
https://mega.co.nz/#!U0JRiCCR!UzIIUl4mTaobCNkZ32DqQxlytn5HEhMhV5VZwfxKaEo
ISO 27002 =
https://mega.co.nz/#!FkBllDwB!TrWa1G4014zmF3CmrgZn1QRiEZ1_AhLj1EANtLZHPEI
ISO 27003 =
https://mega.co.nz/#!VpBA1YhD!AzCQdnQwon_astnSZ4D9NyReOrUE-rg-mFgeLXu3XwM
ISO 27005 =
https://mega.co.nz/#!o0A31BAC!NBYshhXKcXE7_GpeUSh5pzhIHXRJb6XMIOxs3jbuQHg
ISO 27006 =
https://mega.co.nz/#!VtQHXLYY!QCNJpD9_C8VTLxU3A9_BMUnzuZ5XbdAQcWx0bzsb9wM
Please Follow Our Blog ^_^
the ISO 27003 is missing. Would you please reupload it? :)
BalasHapusPlease follow my page for more updates
BalasHapusISO 27001 Consultant