Английская Википедия:ISO/IEC 27003

Материал из Онлайн справочника
Версия от 13:53, 24 марта 2024; EducationBot (обсуждение | вклад) (Новая страница: «{{Английская Википедия/Панель перехода}} {{More citations needed|date=September 2022}} '''ISO/IEC 27003''' Information technology — Security techniques — Information security management systems — Guidance. It is part of a family of standards of information security management system (ISMS), which is a systematic approach to securing sensitive information,<ref>{{cite web|url=https://www.iso.org/isoiec-27001-information-s...»)
(разн.) ← Предыдущая версия | Текущая версия (разн.) | Следующая версия → (разн.)
Перейти к навигацииПерейти к поиску

Шаблон:More citations needed ISO/IEC 27003 Information technology — Security techniques — Information security management systems — Guidance. It is part of a family of standards of information security management system (ISMS), which is a systematic approach to securing sensitive information,[1] of ISO/IEC. It provides standards for a robust approach to managing information security (infosec) and building resilience.[2] It was published on February 1, 2010, and revised in April 2017. It is currently not certifiable and is not translated into Spanish.

This standard appears in ISO/IEC 27000-series (more information can be found in ISO/IEC 27000). The ISO/IEC 27003 standard provide guidance for all the requirements of ISO/IEC 27001, but it does not have detailed descriptions regarding “monitoring, measurement, analysis and evaluation” and information security risk management. Also, Provides recommendations, possibilities and permissions in relation to them. It is not the intention of this standard to provide general guidance on all aspects of information security.

What is the standard about?

This standard is about:[3]

  • This document provides explanation and guidance on ISO/IEC 27001:2013.

This standard is applicable to all types of organizations regardless of size.

Terms and structure

The terms and definitions given in this standard are defined within the standard ISO/IEC 27000. The ISO/IEC 27003 standard is structured as follows:[4]

  • Leadership
  • Planning
  • Support
  • Operation
  • Performance evaluation
  • Improvement

In addition to that, it has 1 annex (A):

  • Annex A - (informative) Policy framework

References

External links

Шаблон:ISO standards