标准摘要
[中文适用范围]: 本国际标准为组织中启动、实施、维护和改进信息安全管理制定了指导方针和一般原则。 本国际标准概述的目标为普遍接受的信息安全管理目标提供了一般指导。 本国际标准的控制目标和控制措施旨在满足风险评估确定的要求。 本国际标准可以作为制定组织安全标准和有效安全管理实践的实用指南,并帮助建立对组织间活动的信心。 [外文原描述]: ISO/IEC 17799:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 17799:2005 contains best practices of control objectives and controls in the following areas of information security management: security policy;organization of information security;asset management;human resources security;physical and environmental security;communications and operations management;access control;information systems acquisition, development and maintenance;information security incident management;business continuity management;compliance. The control objectives and controls in ISO/IEC 17799:2005 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 17799:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.
英文名称Information technology - Security techniques - Code of practice for information security management