Introduction and risk assessment of information security management standard ISO2700 1:2005
I. Formulation of ISO2700 1 Information Security Management System Standards
With the continuous development of global informatization, information security has gradually become the focus of attention, and various institutions, organizations and individuals around the world are exploring how to ensure information security. Britain, the United States, Norway, Sweden, Finland, Australia and other countries have formulated their own information security standards, and the International Organization for Standardization (ISO) has also issued ISO 17799, ISO 13335, ISO 15408 and other international standards and technical reports related to information security. At present, in information security management, the British standard ISO2700:2005 has become the most widely used and typical information security management standard in the world, which was formulated under the guidance of BDD/2 Information Security Management Committee of BSI/DISC. ф o27001standard was initiated by the British Ministry of Trade and Industry at1993BS 7799-1:1995 "Practical Rules for Information Security Management" was first published in Britain at19950. It provides a set of comprehensive implementation rules composed of information security best practices, and its purpose is to determine. 1998 Britain published the second part of the standard, Information Security Management System Specification, which stipulated the requirements of information security management system and information security control. It is the basis of organizing a comprehensive or partial evaluation of information security management system, and can also be used as the basis of formal certification scheme. ф o2700: 2005-1and ISO2700: revised in 2005-20 and reissued in19999. The version 1999 takes into account the recent development of information processing technology, especially in the fields of network and communication, and also emphasizes information security and information security responsibilities involved in business. In February, 2000, 65438, ISO 2700: 2005-1:kloc-0/999 "Implementation Rules for Information Security Management" was approved by the International Organization for Standardization (ISO) and officially became an international standard-ISO/IEC17799-/kloc-0. On September 5, 2002, the draft of ISO2700:2005-2:2002 was finally released as a formal standard after extensive discussion, and ISO2700:2005-2: 1999 was abolished. At present, ISO2700:2005 standard has been recognized by many countries and is a representative international information security management system standard. At present, except Britain, countries such as the Netherlands, Denmark, Australia and Brazil all agree to use this standard. Japanese, Swiss, Luxemburg and other countries have also expressed interest in ISO2700:2005 standard, and Taiwan Province and Hongkong are also promoting the standard. Government agencies, banks, securities companies, insurance companies, telecom operators, network companies and many multinational companies in many countries have adopted this standard to systematically manage their information security. As of September 2002, there are 142 organizations in the world that have passed the ISO2700:2005 information security management system certification.
Catalogue summary
basic knowledge
00 Information Security Event Highlights
0 1 Terms and definitions related to information security
1.0 1 information security
1.02 confidentiality
1.03 integrity
......
Basic knowledge of 02 BS 7799, ISO 17799 and ISO2700 1
Introduction to ISO 17799: 2005
Basic knowledge of ISO 17799
Introduction of ISO27000 series standards
The basis of risk assessment
......
03 basic knowledge of information security management system certification and accreditation
What are the types of ISMS unqualified?
What should be done in the planning stage of ISMS internal audit?
Is ISMS certification valid for life?
What should the ISMS audit report include?
......
China Information Security Laws, Regulations and Standardization
Standardization of Information Security in China
China Information Security Laws and Regulations
05 Information Security Qualification Examination Related Knowledge
5. 1 CISP
5.2 CISSP
5.3 BS7799 chief auditor
5.4 ITIL
5.5 CISA
5.6 Technical documents related to information security
Standard understanding
Understanding and Guide of ISO 27001:2005: 2005 Standard (in Chinese and English)
catalogue
Introduction to 0
1 range
2 reference standard
3 Terms and definitions
4 information security management system
5 management responsibilities
6 internal information security management system audit
7 information security management system management review
8 the improvement of information security management system
Appendix a
Appendix b
Appendix c
philology
Introduction to ISO270065438 +0:2005: 2005
07 ISO 17799:2005 Standard Understanding and Guide (Chinese and English)
catalogue
Introduction to 0
1 range
2 Terms and definitions
3 standard structure
4 Risk assessment and treatment
5 security policy
6 information security organization
7 Asset management
8 human resources security
9 Physical and environmental safety
10 communication and operation management
1 1 access control
Acquisition, development and maintenance of 12 information system
13 information security incident management
14 business continuity management
15 compliance
Introduction to ISO 17799: 2005
Other reference standards for information security management
Introduction of ASNZS 4360
Introduction of ISO 15408 Standard
Brief introduction of ISOIEC TR 13335
NIST SP 800-30 Information Technology System Risk Management Guide
Introduction of SSE-CMM
Import practice
Establish an information security management system based on ISO2700 1.
09. 1 Policy formulation and process planning
09.2 ISMS file
09.3 Risk Assessment and Selection Control
09.4 ISMS system audit and management review
09.5 Certification Application and Audit Preparation
10 information security management system file template
10. 1 information security management system manual
10.2 information security management system program file
10.3 information security management system operation file
10.4 general information security management system records
1 1 Introduction to information security risk assessment standards
Formulate 1 1. 1 information security risk assessment standards.
1 1.2 BS7799 and ISO 13335
1 1.3 high
11.4 NIST sp800-30IT system risk management guide
1 1.5 octave method
1 1.6 system safety engineering capability maturity model SSE-CMM
1 1.7 as the risk management guide of NZS4360.
1 1.8 Other information security assessment standards
12 Information Security Policy Compilation and Typical Policy Selection
12. 1 information security policy basics
12.2 preparation and implementation of information security policy
12.3 typical information security policy set
Policy template
ISO27000 consultation
ISO27000 standard
ISO27000 laws and regulations
ISO27000 related information
/shownews.asp? id=49