标准摘要
[中文适用范围]: 此第 3 类技术报告 (TR) 为信息安全经理以及信息系统、服务和网络经理提供有关信息安全事件管理的建议和指导。 本 TR 包含 11 个条款,其组织方式如下。 第 1 条描述了范围,后面是第 2 条中的参考文献列表以及第 3 条中的术语和定义。 第 4 条提供了信息安全事件管理的一些背景,后面是第 3 条中的优点和关键问题的摘要。 5. 第 6 条中提供了信息安全事件及其原因的示例。 第 7 条中描述了信息安全事件管理的规划和准备,包括文档制作。 描述了信息安全事件管理方案的操作使用第 8 条中描述了信息安全管理的审核阶段,包括确定吸取的经验教训以及对安全和信息安全事件管理方案的改进。 第 9 条中描述了改进阶段,即对安全和信息安全进行已确定的改进第 10 条中描述了事件管理计划。 最后,TR 在第 11 条中给出了简短摘要。 附件 A 包含示例信息安全事件和事件报告表,附件 B 包含一些用于评估信息不利后果的示例大纲指南安全事件,纳入报告表格。 附件之后是参考书目。 [外文原描述]: ISO/IEC TR 18044:2004 provides advice and guidance on information security incident management for information security managers and for information system managers. ISO/IEC TR 18044:2004 provides information on the benefits to be obtained from and the key issues associated with a good information security incident management approach (to convince senior corporate management and those personnel who will report to and receive feedback from a scheme that the scheme should be introduced and used); information on examples of information security incidents, and an insight into their possible causes;a description of the planning and documentation required to introduce a good structured information security incident management approach; a description of the information security incident management process*. * Quick, co-ordinated and effective responses to an information security incident require extensive technical and procedural preparations. Information security incident responses may consist of immediate, short- and long-term actions. Any actions undertaken as the response to an incident should be based on previously developed, documented and accepted security incident response procedures and processes, including those for post-response analysis.
英文名称Information technology - Security techniques - Information security incident management