ISO/IEC 17799:2005(E) lnformation technology -Security techniques-Code of practice for information security management

ISO/IEC 17799:2005(E) lnformation technology -Security techniques-Code of practice for information security management
1Scope
This International Standard establishes guidelines and general principles for initiating,implementing,maintaining. and improving information security management in an organization."The objectivesoutlined in this International Standard provide general guidance on the commonly accepted goals ofinformation security management.
The control objectives and controls of this International Standard are intended to be implemented tomeet the requirements identified by a risk assessment. This International Standard may serve as apractical guideline for developing organizational security standards and effective security managementpractices and to help build confidence in inter-organizational activities.
2 Terms and definitions
For the purposes of this document, the following terms and definitions apply.2.1
asset
anything that has value to the organization[ISO/IEC 13335-1:2004]
2.2
control
means of managing risk,including policies,procedures,guidelines,practices or organizationalstructures, which can be of administrative, technical, management, or legal nature
NOTE Control is also used as a synonym for safeguard or countcrmcasure.
2.3
guideline
a description that clarifies what should be done and how, to achieve the objectives sct out in policics[ISO/IEC 13335-1:2004]
2.4
information processing facilities
any information processing system, service or infrastructure, or the physical locations housing them2.5
information security
preservation of confidentiality, integrity and availability of information;in addition,other properties,such as authenticity, accountability, non-repudiation, and reliability can also be involved

ISO/IEC 17799:2005(E) lnformation technology -Security techniques-Code of practice for information security management

ISO/IEC 17799:2005(E) lnformation technology -Security techniques-Code of practice for information security management

标准下载地址: