标准摘要
[中文适用范围]: 本文件提供的指南旨在帮助组织评估信息安全绩效和信息安全管理体系的有效性,以满足ISO/IEC 27001:2013, 9.1的要求。它规定了:a) 信息安全绩效的监视和测量;c) 监视和测量结果的分析和评估;b) 信息安全管理体系(ISMS)有效性的监视和测量,包括其过程和控制;本文件适用于所有类型和规模的组织。 [外文原描述]: ISO/IEC 27004:2016 provides guidelines intended to assist organizations in evaluating the information security performance and the effectiveness of an information security management system in order to fulfil the requirements of ISO/IEC 27001:2013, 9.1. It establishes: a) the monitoring and measurement of information security performance; b) the monitoring and measurement of the effectiveness of an information security management system (ISMS) including its processes and controls; c) the analysis and evaluation of the results of monitoring and measurement. ISO/IEC 27004:2016 is applicable to all types and sizes of organizations.
英文名称Information technology - Security techniques - Information security management - Monitoring, measurement, analysis and evaluation