《ISO IEC 27032-2023.docx》由会员分享,可在线阅读,更多相关《ISO IEC 27032-2023.docx(15页珍藏版)》请在第壹文秘上搜索。
1、INTERNATIONA1.STANDARDISO/IEC27032editionSecond2023-06CybersecurityGuide1.inesforInternetsecurityCybersecurity1.ignesdirectricesre1.atives1.a*curiCdsurin1.ernetReferencenumberISO/IEC27032:2023(E)ISO/IEC2023COPYRIGHTPROTECTEDDOCUMENTIS0/1EC2023IUirhM*hedbdi1.iUedotherwiseupdhi.o啪InyM1.tta0DmkfifiU81.
2、andonnet8CH-1214Vernier,GenevaPhone:M1.227490111觥ftte:丽丽BQrgPub1.ishedinSwitzer1.andContentsForewordIntroductionv2 Scope13 Normativereferences14 Termsanddefinitions5 崛阑8愕WatWeenIntemetsecurtty1Websecurity,networksecurityand4cybersecurity5OverviewofInternetsecurity7Interestedpart1.es871(Genera1.87.2U
3、se111J7.8CGafffatmiaitdauthoritiesstaDdardizationorganisations107.51.awenforcementagencies1037.6Internetserviceproviders10Internetsecurityriskassessmentandtreatment118.1Genero1.118.2ThreatsIISecurityguide1.inesfortheInternet1391Gccro1.-139.2Contro1.sforInternetsecurity149.2.2 ohci三iforInternetsecuri
4、ty.-149.2.3 Accesscontro1.149.2.4 Education,awarenessandtraining15强筋肝itym硼HWnagement59.2.7 Supp1.iermanagement179.2.8 BusinesscontinuityovertheInternet189.2.10 VffY3fi(ityprotectionman9f,et189.2.11 Networkmanagement209.2.12 Protectionagainstma1.ware21纥:也随IWcaUonm科娜肺Ie!egis1.atgnandComPIianCereqUirem
5、enH_9.2.15 USeOfCryPtOgraPhy229.2.16 App1.icationsecurityforInternet-facingapp1.ications.一.229.2.17 Endpointdevicemanagement9.2.18 Monitoring-24Annex(informative)Cross-referencesbetweenthisdocumentandISO/IEC2700225,三-一,-“B-,*-IntroductioncommonInternetsecuritythreats,suchas:-zerodayattacks;hacking;a
6、ndInternetguidancewithindocumentprovidestechnica1.andnon-technica1.contro1.sforaddressingthepreventingattacks;respondingtoattacks.documenta1.soandfocusesPreservationasconfidentia1.ityccountabi1.ity,non-repudiationinformationre1.iabi1.ityThisinc1.udesInternetsecurityguidancefor:-po1.icies;processes;a
7、ndtechnica1.specificationdocunient.andthegiiide!inesapp!icab1.earenecessari1.yarereferencedDetai1.edsupportingCritica1.doesinfrastnictureornationa1.security.However1OrganizationscontroIsmentionedsystemsThisdocument27701,i1.1.ustrate:ConCePtSfromISO/IEC27002,theISO/IEC27033series,ISO/IECTS27100Intern
8、et-facingSyStemSJntemetsecuritycontro1.scitedin-1K2,addressingcyber-securityreadinessforISOIEC2023-A1.1.rightsreservedhefocusofthisdocumentistoaddressInternetsecurityissuesandprovideguidanceforaddressing socia1.engineeringattacks; privacyattacks; thepro1.iferationofma1.icioussoftware(ma1.ware),spywa
9、reandotherpotentia1.1.yunwantedsoftware.Thesecurityrisks,thisinc1.udingcontro1.sfor: preparingforattacks; detectingandmonitoringattacks;andTheguidancefocusesonprovidingindustrybestpractices,broadconsumerandemp1.oyeeeducationtoassistinterestedpartiesinp1.ayinganactivero1.etoaddresstheInternetsecurity
10、cha1.1.enges.ThetheInternetotheronproperties,Suchofauthenticity,integrityandavai1.abi1.ityofandoverthatcana1.sobeinvo1.ved.-ro1.es; methods; app1.icab1.etechnica1.contro1.s.Giventhisstanda&scontro1.sprovidedtoeachataHigh-Ieve1.withinthedocumentforfurtherguidance.SeeAnnexAforthecorrespondencebetweent
11、hecontro1.scitedinthisdocumentandthoseinISO/IEC27002.Thisdocumentnotspecifica1.1.yaddresscontro1.sthatmostofthecanrequireforinthisdoCUrnentcanbeapp1.iedtosuchsystems.andISO/IECUsestoexisting there1.ationshipbetweenInternetsecurity,websecurity,networksecurityandcybersecurity;detai1.edguidanceonj3nmut
12、11xaei01a1.trarBfrk.aUscttjby1.owarrtahseMisncfu11B1.s.itiscritica1.toaddressthere1.evantsecurityrisks.CybersecurityGuide1.inesforInternetsecurity1ScopeThisdocumentprovides:anexp1.anationcybersecurity;ofthere1.ationshipbetweenInternetsecurity,websecurity,networksecurityandanoverviewofIntenietsecurit
13、y;identificationofinterestedpartiesandadescriptionOftheirro1.esinInternetsecurity;一high-1.eve1.guidanceforaddressingcommonInternetsecurityissues.?hi5南州WftiV七甲WhHEsorganizationsthatusetheInternet.2Ws回睡啊咻明即住9hisrt用ent.幅屈曲Hnre脑脸小将丽釉fteediH6na1.iSip1.ies.曲ftentundatedreferences,the1.atesteditionofthereferenceddocument(inc1.udinganyamendments)app1.ies.性济瞰T3P2ewm/0照0J岫脱次ZSecuritytechniquesInformationsecuritymanagement3TermsanddefinitionsForthepurposesofthisdocument,thetermsanddefinitionsgiveninISO/IEC27000,andthefo1.1.owingapp1.y.ISOandIECmaintaintermino1.ogydatabasesforuseinstandardizationatt
