美文网首页
ISO27001-阅读笔记-3

ISO27001-阅读笔记-3

作者: 折戟尘风 | 来源:发表于2020-07-22 11:19 被阅读0次

    4 Information security management system

    4.1 General requirements

    The organization shall establish, implement, operate, monitor, review, maintain and improve a documented ISMS within the context of the organization’s overall business activities and the risks it faces. For the purposes of this International Standard the process used is based on the PDCA model shown in Figure 1.
    再次强调建立ISMS是需要在业务活动以及其面临的风险范围内。

    4.2 Establishing and managing the ISMS

    4.2.1 Establish the ISMS

    标准为企业在建立ISMS列出了一些要求:

    1. Define the scope and boundaries of the ISMS in terms of the characteristics of the business, the organization, its location, assets and technology, and including details of and justification for any exclusions from the scope.
      有理可依的定义ISMS的边界和范围。

    看到这里

    看到这里,我发现我的积累并不能支持我去看27001,或者我的经验不够,不够支撑我能够跳出一个技术人员的角度去看一个信息安全管理体系的建设。甚至都不能说明白ISMS是啥,更别说去梳理,了解ISMS的边界和范围。所以,这个暂时停更。

    相关文章

      网友评论

          本文标题:ISO27001-阅读笔记-3

          本文链接:https://www.haomeiwen.com/subject/esuikktx.html