《ISO IEC TS 27110-2021.docx》由会员分享,可在线阅读,更多相关《ISO IEC TS 27110-2021.docx(22页珍藏版)》请在第壹文秘上搜索。
1、ISO/IECTSTECHNICA1.27110SPECIFICATIONeditionFirst2021-02Informationtechno1.ogy,cybersecurityandprivacyprotection一Cybersecurityframeworkdeve1.opmentguide1.inesSecuritede!information,CybersecuriteetprotectiondeIavieprivee1.ignesdirectricesre1.ativesa!e1.aborationduncadreenmaturedecybersecurityISO/IECT
2、S丽耐博JISO/IEC2021COPYRIGHTPROTECTEDDOCUMENTIS0/1EC2021M11cheivdi1.itedotherwiseS1.Rnrirftuw!rryH可11cho。城et1.u1.IOHai(Xt)Iinra”;ItmUrphrtimtoccPXin品ptittjc;ItmnPOstingontheinternetoranInunnu1.withoutpriorwrittenpermission.PermissioncanberequestedfromeitherISOatUieaddressbe1.oworISO*smemberhodyinthecou
3、ntryoftherrcucstcr.三cB1.andonnct8r,GenevaPhone:t41227490111辆jtc:用洲部砾o.orgPub1.ishedinSwitzer1.andContentsConcepts35.1Genera1.3IntroductionCScone.v13Normativereferences14Termsanddefinitions1cOverview1Respond-.62324r)CreatingacybersecurityframeworkAnnexA(informative)Considerationsinthecreationofacyber
4、securityframeworkAnnexB(informative)ConsiderationsintheintegrationofacybersecurityframeworkBib1.iographyForewordISO(theInternationa1.OrganizationforStandardization)andIEC(theInternationa1.E1.ectrotechnica1.(ironnwm&MiJformISOthBjififiqJatetwtfd1.bpn1.entstaf1.tiajtitona1.NStandirdsbodiesthttaughmitt
5、eesestab1.ishedbytherespectiveorganizationtodea1.withparticu1.arfie1.dsoftechnica1.activity.ISOandIECmitteesco1.1.aborateinfie1.dsofmutua1.interest.Othernj11adonaramationsrgovernmenta1.andnon-governmenta1.,in1.iaisonwithISOand1EC,a1.soTheproceduresusedtodeve1.opthisdocumentandthoseintendedforitsfurt
6、hermaintenanceare咽的阳Hg节es1.9tfBMJ映丽F4o屈甲融飒群曲曲q用珞脸COE晶帆edcdtheeditoria1.ru1.esofthe1SOIECDirectives.Part2(seewww.iso.org/direc1.ives).曲蹴的ig袒Wn用补品陆趣IJi烟标a依曲帆俄强精MC曲廨蜘的眦%y能嘱网删Ubjeetrights.Detai1.sofanypatentrightsidentifiedduringthedeve1.opmentot4h4oinktwMbeintheIntroductionand/orontheISO1.istofPa1.eHVk
7、FUonsreceived(seewww.iso.org/pa1.ents)ortheIEC1.istofpatentdec1.arationsreceived(seePaterHSjeCCh).nytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstituteanendorsement.tp侬SiOnSeX岬EtbcfC(WbwftMya三nRnt,ofChdards,thftnnQ11ng血outISSpodtiaif1.mmhihdWoHd存Organization(VVr
8、TO)princip1.esintheTechnica1.BarrierstoTrade(TBT)1seewww.iso.org/iso/foreword.htm1.Sgftft喉gSC祕A碎/giithtionsOrgairisxuDjnspbo1.1.angffe1.oopDiwithandhM)bhcdUmfce,cybersecurityframeworkstohe1.porganizeandcommunicatecybersecurityactivitiesoforganizations.ngedwi啊股Bf捌醐露廉期g帝啷娜螂恕tua1.Theseorganizationsprod
9、ucingthecybersecurityframeworksarereferredtoascybersecurityframework序跳鼾SjCyfii1.嵋?UrityO幅1.ffi)nsandindividua1.sthenuseorreferencethecybersecurityGiventhattherearcmu1.tip1.ecybersecurityframeworkcreators,therearcamu1.titudeofcybersecuritystructurestomeethcirrcqunenicnts.Thesecybersecurityframeworkst
10、henbecomecompetinginterestsforfiniteresources.Theadditiona1.effortcou1.dbebetterspentimp1.ementingcybersecurityandcombatingthreats.Thegoa1.ofthisdocumentistoensureaminimumsetofconceptsareusedtodefinecybersecurityframeworkstohe1.peasetheburdenofcybersecurityframeworkcreatorsandcybersecurityframeworku
11、sers.Asthisdocument1.imitsitse1.fwithaminimumsetofconcepts,its1.engthiskepttoaminimumonpurpose.Thisdocumentisnotintendedtosupersedeorrep1.acetherequirementsofanISMSgiveninISO1EC27001.Theprincip1.esofthisdocumentareasfo1.1.ows: exib1.etoa1.1.owformu1.tip1.etypesofcybersecurityframeworkstoexist; compa
12、tib1.etoa1.1.owformu1.tip1.ecybersecurityframeworkstoa1.ign;and interoperab1.e-toa1.1.owformu1.tip1.eusesofacybersecurityframeworktobeva1.id.Theaudienceofthisdocumentiscybersecurityframeworkcreators.Informationtechno1.ogy,cybersecurityandprivacyprotectionCybersecurityframeworkdeve1.opmentguide1.ines
13、1ScopeThisdocumentspecifiesguide1.inesfordeve1.opingacybersecurityframework.Itisapp1.icab1.etoNoFanatiyetr,Irerferetocestorsregard1.essoftheirorganizations*type,sizeornature.加剧皿网&佝症曜西Shisr电晒内nt.此F场因HnrCfM曲:设硼2a.diQbnaia独邸P1.iCS.国entundatedreferences,the1.atesteditionofthereferenceddocument(inc1.udinganyamendments)app1.ies.南了啖2却叫cw用MWjOnM腋脱愣SecuritytechniquesInformationsecuritymanagementISO/IECTS27100.Informationtechno1.ogyCybersecurityOverviewandconcepts3TermsanddefinitionsForthepurposesofthisdocument,thetennsanddefinitionsgiveninISO/IEC27000,ISO/IECTS2
