标准摘要
[中文适用范围]: 本文档为考虑购买网络保险作为风险处理选项以在组织的信息安全风险管理框架内管理网络事件影响时提供指导。本文档提供以下方面的指导:a) 考虑购买网络保险作为风险处理选项以分担网络风险;c) 被保险人和保险公司之间共享数据和信息,以支持与网络保险单相关的承保、监控和索赔活动;b) 利用网络保险协助管理网络事件的影响;d) 在与保险公司共享相关数据和信息时利用信息安全管理系统。本文档适用于所有类型、规模和性质的组织,以协助组织规划和购买网络保险。 [外文原描述]: This document provides guidelines when considering purchasing cyber-insurance as a risk treatment option to manage the impact of a cyber-incident within the organization’s information security risk management framework, as well as leveraging the organization’s ISMS when sharing relevant data and information with an insurer. This document gives guidelines for: a) considering the purchase of cyber insurance as a risk treatment option to share cyber risks; b) leveraging cyber insurance to assist in managing the impact of a cyber incident; c) sharing of data and information between the insured and an insurer to support underwriting, monitoring and claims activities associated with a cyber insurance policy; d) leveraging an ISMS when sharing relevant data and information with an insurer. This document is applicable to organizations that intend to purchase cyber insurance, regardless of type, size or sector.
英文名称Information security, cybersecurity and privacy protection - Guidelines for applying ISO/IEC 27001 and related standards in support of cyber insurance