标准摘要
[中文适用范围]: 本国际标准为组织信息安全标准和信息安全管理实践提供了指南,包括考虑组织的信息安全风险环境的控制措施的选择、实施和管理。 本国际标准旨在供以下组织使用: a) 在实施基于 ISO/IE C 27001 的信息安全管理体系的过程中选择控制措施, b) 实施普遍接受的信息安全控制措施; c) 制定自己的信息安全管理指南。 [外文原描述]: ISO/IEC 27002:2013 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s). It is designed to be used by organizations that intend to: select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001; implement commonly accepted information security controls; develop their own information security management guidelines.
英文名称Information technology - Security techniques - Code of practice for information security controls