《ISO IEC 27013-2021.docx》由会员分享,可在线阅读,更多相关《ISO IEC 27013-2021.docx(35页珍藏版)》请在第壹文秘上搜索。
1、INTERNATIONA1.STANDARDISO/IEC27013editionThird2021-1.1.Informationsecurity,cybersecurityandprivacyprotectionGuidanceontheintegratedimp1.ementationofISO/IEC27001andISO/IEC20000*1SecuritydeVinformation,CybersecuriteetprotectiondeIaviepriveeRecommandationspourIamiseencuvreintegreede11SOIEC27001etdeISOI
2、KC20000-1ReferencenumberISO/IEC27013:2021(E)COPYRIGHTPROTECTEDDOCUMENTISO/1EC2021IUirhM*hedbdi1.iUedotherwiseupdhi.o啪InyM1.tta0DmkfifiU81.andonnet8CH-1214Vernier,GenevaPhone:M1.227490111觥曲ite:图洲跳触OQrgPub1.ishedinSwitzer1.andContentsForewordivIntroductionv2 Scope13 Normativereferences14 Termsanddefin
3、itions1OverviewofISO/IEC27001andISO/IEC200001.14.1 UnderstandingISO/IEC27001andISO/IEC20000-114.2 ISO/IEC27001COn(XPtS25Approachesforintegratedimp1.ementation35.1 Genera1.35.2 Considerationsofscope3534蝴m醐掰ationscenarios45.3.2 Neitherstandardiscurrent1.yusedasthebasisforamanagementsystem45.3.3 Theman
4、agementsystemfu1.fi1.stherequirementsofoneofthestandards55.3.4 standard.66Integratedimp1.ementationconsiderations_66 .167 .2Potentia1.cha1.1.enges7234ResptBandn1.scQnf1.gMinf1.BOhitemsServicedesignandtransitionRiskassessmentandmanagementRiskandotherpartiesIncidentmanagementProb1.emmanagementGatherin
5、gofevidence解:20蜘时蜘q三除淞出nfincidents7.11.11 Changemanagement138:初黜招磔融机Sf1.M剧Htand硼Wimprovement37.3.3 Capaatymanagement147.3.4 Managementofthirdpartiesandre1.atedrisk-.一._.一.147.3.5 弗1.ft三敌制朝阳嘛肱缶gement15Annex(informative)CorrespondencebetweenISO1EC27001:2013,C1.auses1to10,and1SOIEC20000-1:2018rC1.auses
6、1to1()17AnnexB(informative)CoiTespondencebetweenthecontro1.sinISO/IEC27001:2013,Annex,andtherequirementsinISO/IEC20000-1:2018,C1.auses4to1019Annexand(informa1.ive)ComparisonofternsanddefinitionsbetweenISO/IEC27000:201822ForewordISO(theInternationa1.OrganizationforStandardization)andIEC(theInternatio
7、na1.E1.ectrotechnica1.(inrt)(55io6)Srn1.H(irigWjwn怕&%愁S3UinWf!ft三b1.e用三电Q0hhy*hf1.1.三ffkubjectrights.Detai1.sofanypatentrightsidentifiedduringthedeve1.opmentOfI1.d屋um&MWiI1.b&intheIntrodurtionand/orontheISO1.istofpatentdec1.arationsreceived(seewww.iso.org/patents)ortheIEC1.istofpatentdec1.arationsre
8、ceived(seepatents.iec.ch).Anytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstituteanendorsement.B即邸SiOnSeXPk1.nttrtbM岫CMtbWfthy前榄喇11fnt,StandHHs,1.hfoWttbgatfdOs,ttkadhvwceartd由aWoUdTade0tgQNG。注(VT0)princip1.esiU4hNtNB*H沁咯to:*#(CBT)seewww.iso.org/iso/foreword.htrn
9、1.IntheIEC.seewww.iec.chunderstandingstandards.j族。例M腺里SC编妞肿群梆隰CUrj夕或M1.wfm阳(SOI&肪小econ./brmaontechno1.ogy,Thisthirdeditioncance1.sandrep1.acesthesecondedition(ISO/IEC27013:2015),whichhasbeenIEWAWI1.y268bU18.Themainchangecomparedwiththepreviouseditionisthea1.ignmentwithA1.istofa1.1.partsintheISO/IEC2
10、7000seriescanbefoundontheISOandIECwebsites.NwfyTfeAibftekefMW油He1.tft川曲府hesft魅?rfHQWjqRPqRjreeted,w.iecxh/nationa1.-committees.IntroductionThere1.ationshipbetweeninformationsecuritymanagementandservicemanagementisSOc1.osethattaByoui6fi9,a3Wcgnizeinfohwbo11teoiQtaphngciiM*nntW80jaEf)30tt01.Standardsf
11、ervicemanagement.ItiscommonforanorganizationtoimprovethewayitoperatestoachieveconformitywiththerequirementsspecifiedinoneInternationa1.Standardandthenmakefurtherimprovementstoachieveconformitywiththerequirementsofanother.Thereareanumberofadvantagesforanorganizationinensuringitsmanagementsystemtakesi
12、ntoaccountboththeservice1.ifecyc1.eandtheprotectionoftheorganizationsinformation.These娥眄姆陶顺却曲曾1.areo的眼丽靓aEft三us1.y.制喇因YayI三kc日翎hna1.processes,inparticu1.ar,canderivebenefitfromthemutua1.1.yreinforcingconceptsandsimi1.aritiesbetweentheseInternationa)Standardsandtheircommonobjectives.KwiM1.gwifttqi1.pftdkWffimp1.ementationofinformationsecurity11anagcncntandservicea) credibi1.itytointerna1.andexterna1.customers,andotherinterestedpartiesoftheorganization,ofeffectiveandsecureservices
