|
ISO 27001:2013 is an information security standard that was published on the 25th September 2013.〔(【引用サイトリンク】title=ISO/IEC 27001:2013 - Information technology -- Security techniques -- Information security management systems -- Requirements )〕 It supersedes ISO/IEC 27001:2005, and is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.〔(【引用サイトリンク】 accessdate=27 January 2015 )〕 It is a specification for an information security management system (ISMS). Organisations which meet the standard may gain an official certification issued by an independent and accredited certification body on successful completion of a formal audit process. ==Structure of the standard== The official title of the standard is "Information technology— Security techniques — Information security management systems — Requirements". 27001:2013 has ten short clauses, plus a long annex, which cover: :1. Scope of the standard :2. How the document is referenced :3. Reuse of the terms and definitions in ISO/IEC 27000 :4. Organizational context and stakeholders :5. Information security leadership and high-level support for policy :6. Planning an information security management system; risk assessment; risk treatment :7. Supporting an information security management system :8. Making an information security management system operational :9. Reviewing the system's performance :10. Corrective action :Annex A: List of controls and their objectives. This structure mirrors the structure of other new management standards such as ISO 22301 (business continuity management); this helps organisations who aim to comply with multiple standards, to improve their IT from different perspectives. Annexes B and C of 27001:2005 have been removed. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「ISO/IEC 27001:2013」の詳細全文を読む スポンサード リンク
|