BS-ISO-IEC-13335-1-2004.pdf
《BS-ISO-IEC-13335-1-2004.pdf》由会员分享,可在线阅读,更多相关《BS-ISO-IEC-13335-1-2004.pdf(38页珍藏版)》请在三一文库上搜索。
1、BRITISH STANDARD BS ISO/IEC 13335-1:2004 Information technology Security techniques Management of information and communications technology security Part 1: Concepts and models for information and communications technology security management ICS 35.040 ? Licensed Copy: sheffieldun sheffieldun, na,
2、Thu Nov 23 04:13:28 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS ISO/IEC 13335-1:2004 This British Standard was published under the authority of the Standards Policy and Strategy Committee on 13 December 2004 BSI 13 December 2004 ISBN 0 580 44899 1 National foreword This British Standard reproduces
3、 verbatim ISO/IEC 13335-1:2004 and implements it as the UK national standard. It supersedes BS ISO/IEC TR 13335-1:1996 and BS ISO/IEC TR 13335-2:1997 which are withdrawn. The UK participation in its preparation was entrusted to Technical Committee IST/22, IT Security techniques, which has the respon
4、sibility to: A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references The British Standards which implement international publications referred to in this document may be found in the BSI Catalogue under the section entitled “International S
5、tandards Correspondence Index”, or by using the “Search” facility of the BSI Electronic Catalogue or of British Standards Online. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. Compliance with a British Stan
6、dard does not of itself confer immunity from legal obligations. aid enquirers to understand the text; present to the responsible international/European committee any enquiries on the interpretation, or proposals for change, and keep the UK interests informed; monitor related international and Europe
7、an developments and promulgate them in the UK. Summary of pages This document comprises a front cover, an inside front cover, the ISO/IEC title page, pages ii to vi, pages 1 to 28, an inside back cover and a back cover. The BSI copyright notice displayed in this document indicates when the document
8、was last issued. Amendments issued since publication Amd. No. DateComments Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 04:13:28 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Reference number ISO/IEC 13335-1:2004(E) INTERNATIONAL STANDARD ISO/IEC 13335-1 First edition 2004-11-15 Information t
9、echnology Security techniques Management of information and communications technology security Part 1: Concepts and models for information and communications technology security management Technologies de linformation Techniques de scurit Gestion de la scurit des technologies de linformation et des
10、communications Partie 1: Concepts et modles pour la gestion de la scurit des technologies de linformation et des communications BS ISO/IEC 133351:2004 Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 04:13:28 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ii Licensed Copy: sheffieldun sheffieldun,
11、 na, Thu Nov 23 04:13:28 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ISO/IEC 13335-1:2004(E) iii Contents Page TABLE OF CONTENTS iii FOREWORD. iv INTRODUCTION.v 1SCOPE1 2DEFINITIONS 1 3SECURITY CONCEPTS AND RELATIONSHIPS5 3.1SECURITY PRINCIPLES.5 3.2ASSETS.5 3.3THREATS6 3.4VULNERABILITIES.8 3.5IMPACT
12、.8 3.6RISK.9 3.7SAFEGUARDS9 3.8CONSTRAINTS.10 3.9SECURITY ELEMENT RELATIONSHIPS.11 4OBJECTIVES, STRATEGIES AND POLICIES13 4.1ICT SECURITY OBJECTIVES AND STRATEGY14 4.2POLICY HIERARCHY16 4.3CORPORATE ICT SECURITY POLICY ELEMENTS.18 5ORGANIZATIONAL ASPECTS OF ICT SECURITY20 5.1ROLES AND RESPONSIBILITI
13、ES20 5.1.1Organizational roles, accountabilities and responsibilities.20 5.1.2ICT security forum 23 5.1.3Corporate ICT security officer23 5.1.4ICT users.24 5.2ORGANIZATIONAL PRINCIPLES25 5.2.1Commitment 25 5.2.2Consistent approach25 5.2.3Integrating ICT security26 6ICT SECURITY MANAGEMENT FUNCTIONS
14、27 6.1OVERVIEW.27 6.2CULTURAL AND ENVIRONMENTAL CONDITIONS27 6.3RISK MANAGEMENT28 BS ISO/IEC 133351:2004 Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 04:13:28 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ISO/IEC 13335-1:2004(E) iv Foreword ISO (the International Organization for Standardizat
15、ion) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the representative organization
16、 to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO
17、 and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted
18、by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of pat
19、ent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 13335-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. This first edition of ISO/IEC 13335-1 cancels and replaces
20、 ISO/IEC TR 13335-1:1996 and ISO/IEC TR 13335-2:1997, which have been technically revised. ISO/IEC 13335 consists of the following parts, under the general title Information technology Security techniques Management of information and communications technology security: Part 1: Concepts and models f
21、or information and communications technology security management The following part is under preparation: Part 2: Techniques for information and communications technology security risk management ISO/IEC 13335-2, when published, will cancel and replace ISO/IEC TR 13335-3:1998 and ISO/IEC TR 13335-4:
22、2000. ISO/IEC TR 13335-5:2001 is currently under revision. In the course of the revision process it will be merged with ISO/IEC 18028-1. When it is published, ISO/IEC 18028-1 will consequently cancel and replace ISO/IEC TR 13335-5:2001. BS ISO/IEC 133351:2004 Licensed Copy: sheffieldun sheffieldun,
23、na, Thu Nov 23 04:13:28 GMT+00:00 2006, Uncontrolled Copy, (c) BSI v ISO/IEC 13335-1:2004(E) Introduction Government and commercial organizations rely heavily on the use of information to conduct their business activities. Compromise of confidentiality, integrity, availability, non-repudiation, acco
24、untability, authenticity and reliability of an organizations assets can have an adverse impact. Consequently, there is a critical need to protect information and to manage the security of ICT systems within organizations. This requirement to protect information is particularly important in todays en
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- BS ISO IEC 13335 2004
链接地址:https://www.31doc.com/p-3748931.html