1、ISO/IECTSTECHNICA1.27110SPECIFICATIONeditionFirst2021-02Informationtechno1.ogy,cybersecurityandprivacyprotection一Cybersecurityframeworkdeve1.opmentguide1.inesSecuritede!information,CybersecuriteetprotectiondeIavieprivee1.ignesdirectricesre1.ativesa!e1.aborationduncadreenmaturedecybersecurityISO/IECT
2、S丽耐博JISO/IEC2021COPYRIGHTPROTECTEDDOCUMENTIS0/1EC2021M11cheivdi1.itedotherwiseS1.Rnrirftuw!rryH可11cho。城et1.u1.IOHai(Xt)Iinra”;ItmUrphrtimtoccPXin品ptittjc;ItmnPOstingontheinternetoranInunnu1.withoutpriorwrittenpermission.PermissioncanberequestedfromeitherISOatUieaddressbe1.oworISO*smemberhodyinthecou
3、ntryoftherrcucstcr.三cB1.andonnct8r,GenevaPhone:t41227490111辆jtc:用洲部砾o.orgPub1.ishedinSwitzer1.andContentsConcepts35.1Genera1.3IntroductionCScone.v13Normativereferences14Termsanddefinitions1cOverview1Respond-.62324r)CreatingacybersecurityframeworkAnnexA(informative)Considerationsinthecreationofacyber
4、securityframeworkAnnexB(informative)ConsiderationsintheintegrationofacybersecurityframeworkBib1.iographyForewordISO(theInternationa1.OrganizationforStandardization)andIEC(theInternationa1.E1.ectrotechnica1.(ironnwm&MiJformISOthBjififiqJatetwtfd1.bpn1.entstaf1.tiajtitona1.NStandirdsbodiesthttaughmitt
5、eesestab1.ishedbytherespectiveorganizationtodea1.withparticu1.arfie1.dsoftechnica1.activity.ISOandIECmitteesco1.1.aborateinfie1.dsofmutua1.interest.Othernj11adonaramationsrgovernmenta1.andnon-governmenta1.,in1.iaisonwithISOand1EC,a1.soTheproceduresusedtodeve1.opthisdocumentandthoseintendedforitsfurt
6、hermaintenanceare咽的阳Hg节es1.9tfBMJ映丽F4o屈甲融飒群曲曲q用珞脸COE晶帆edcdtheeditoria1.ru1.esofthe1SOIECDirectives.Part2(seewww.iso.org/direc1.ives).曲蹴的ig袒Wn用补品陆趣IJi烟标a依曲帆俄强精MC曲廨蜘的眦%y能嘱网删Ubjeetrights.Detai1.sofanypatentrightsidentifiedduringthedeve1.opmentot4h4oinktwMbeintheIntroductionand/orontheISO1.istofPa1.eHVk
7、FUonsreceived(seewww.iso.org/pa1.ents)ortheIEC1.istofpatentdec1.arationsreceived(seePaterHSjeCCh).nytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstituteanendorsement.tp侬SiOnSeX岬EtbcfC(WbwftMya三nRnt,ofChdards,thftnnQ11ng血outISSpodtiaif1.mmhihdWoHd存Organization(VVr
8、TO)princip1.esintheTechnica1.BarrierstoTrade(TBT)1seewww.iso.org/iso/foreword.htm1.Sgftft喉gSC祕A碎/giithtionsOrgairisxuDjnspbo1.1.angffe1.oopDiwithandhM)bhcdUmfce,cybersecurityframeworkstohe1.porganizeandcommunicatecybersecurityactivitiesoforganizations.ngedwi啊股Bf捌醐露廉期g帝啷娜螂恕tua1.Theseorganizationsprod
9、ucingthecybersecurityframeworksarereferredtoascybersecurityframework序跳鼾SjCyfii1.嵋?UrityO幅1.ffi)nsandindividua1.sthenuseorreferencethecybersecurityGiventhattherearcmu1.tip1.ecybersecurityframeworkcreators,therearcamu1.titudeofcybersecuritystructurestomeethcirrcqunenicnts.Thesecybersecurityframeworkst
10、henbecomecompetinginterestsforfiniteresources.Theadditiona1.effortcou1.dbebetterspentimp1.ementingcybersecurityandcombatingthreats.Thegoa1.ofthisdocumentistoensureaminimumsetofconceptsareusedtodefinecybersecurityframeworkstohe1.peasetheburdenofcybersecurityframeworkcreatorsandcybersecurityframeworku
11、sers.Asthisdocument1.imitsitse1.fwithaminimumsetofconcepts,its1.engthiskepttoaminimumonpurpose.Thisdocumentisnotintendedtosupersedeorrep1.acetherequirementsofanISMSgiveninISO1EC27001.Theprincip1.esofthisdocumentareasfo1.1.ows: exib1.etoa1.1.owformu1.tip1.etypesofcybersecurityframeworkstoexist; compa
12、tib1.etoa1.1.owformu1.tip1.ecybersecurityframeworkstoa1.ign;and interoperab1.e-toa1.1.owformu1.tip1.eusesofacybersecurityframeworktobeva1.id.Theaudienceofthisdocumentiscybersecurityframeworkcreators.Informationtechno1.ogy,cybersecurityandprivacyprotectionCybersecurityframeworkdeve1.opmentguide1.ines
13、1ScopeThisdocumentspecifiesguide1.inesfordeve1.opingacybersecurityframework.Itisapp1.icab1.etoNoFanatiyetr,Irerferetocestorsregard1.essoftheirorganizations*type,sizeornature.加剧皿网&佝症曜西Shisr电晒内nt.此F场因HnrCfM曲:设硼2a.diQbnaia独邸P1.iCS.国entundatedreferences,the1.atesteditionofthereferenceddocument(inc1.udin
14、ganyamendments)app1.ies.南了啖2却叫cw用MWjOnM腋脱愣SecuritytechniquesInformationsecuritymanagementISO/IECTS27100.Informationtechno1.ogyCybersecurityOverviewandconcepts3TermsanddefinitionsForthepurposesofthisdocument,thetennsanddefinitionsgiveninISO/IEC27000,ISO/IECTS27100andthefo1.1.owingapp1.y.ISOandIECmain
15、taintermino1.ogica1.databasesforuseinstandardizationatthefo1.1.owingaddresses:ISOOn1.inebrowsingp1.atform:avai1.ab1.eath&tp、9/WW*rFgbpcybersecurityframeworksetofconceptsusedtoorganizeandcommunicatecybersecurityactivitiescyberpersonadigita1.representationofanindividua1.ororganizationnecessarytointera
16、ctincyberspace殳gURCE:U.S.DoDJointPub1.ication3-12andCaire,J,&Conchon,S:2016assetanythingthathasva1.uetoanindividua1.,anorganizationoragovernment4S01.Wft,tSWC27032:2012,4.6,modifiedTheNotehasbeenremoved.尊By眦曲桁即硒丽G丽K曾味杀WArWingU曲U*eWf1.R制曜术如卷)的曲性耐h映明创野/BhiCyacrossframeworksanduses.Strikingaba1.ancebetw
17、eenf1.exibi1.ityandcompatibi1.itywhi1.esatisfyingstakeho1.derrequirementscanbedifficu1.t.Deve1.opingmu1.tip1.ecybersecurityframeworksusingthefanh(jruttrewi1.1.sSiip-securityframeworktoachieveinte11pseBi)iheyunizer*hi1.cqBpvidingawayTohe1.peasethecha1.1.engeofcreatingacybersecurityframework,thisdocum
18、entprovidestheminimum带匹脚济B检BerSeMffiy喃用曲。kframg魄1.1偏糖屈都也耐港备鹿和P网翻eptsRe0)verWhi1.ecybersecurityframeworkcreatorsarcsubjecttotheiruniquestakeho1.derrequirements,as时骸M股&es&NW帏Ig姗nsidered.addressesprocesses,po1.icies,regu1.ations,techno!ogyenvironmentdefiningcyberscopeofactivities.TheIdentifygovernance,
19、assetmanagement,businesscontextana1.ysisandsupp1.ychainconsiderations.dependencies.organizationspresencecyberspace,itsimportant.Thebusiness-critica1.cybersecurityframeworkconcept.Otherwise,theresu1.tingcybersecurityframeworktechno1.ogy5.3ProtectTheva1.ueapp1.yingthewitheachthisTheseisareusersoftogiv
20、eaframeworkcreatorastartingpoint,andwhenusedco1.1.ective1.y,provideaneffectivestructureinorganizingacybersecurityframework.Thepurposeofsubc1.auses5.2to5.6istodescribetheconceptsinaCyberseairityframework.Theseconceptsareintendedtohasadifferentstakeho1.dersandcreatorathepoint.Whi1.eeveryconstantand,th
21、us,serveasthebasisforanycybersecurityframework.Theconcepts1.istedanareThesecanarrangedinformode1.However,otherconfigurationscanworkgiventhecybersecurityframeworkcreatorsstakeho1.derrequirements.conceptswhichprovideva1.uecanchooseaugmentthespecificframeworkwithadditiona1.somecybersecurityframeworkcre
22、atorscanchoosetoenhancetheseconceptswithcategoriesandsubcategoriestoprovidemoreguidancetotheirstakeho1.dersorsatisfyrequirements.Somecontextscanmayaspecify1.eve1.ofmorethancategories.Ifisthecase,thesubcategory1.eve1.Theconceptspresentedbe1.owareindependentoftime,context,granu1.arityofscope,andmarket
23、importantWhi1.ewhenofauniqueoperatingtheybusinessdriversaredetai1.s.Acybersecurityframeworkshou1.dinc1.udetheIdentifyconcept.Thisecosystemisusedwhendeve1.opingtheProtect,Detect,RespondandRecoverconcepts.Examp1.esofecosystemconsiderationsare:businessobjectives,businessenvironment,stakeho1.ders,assets
24、businesspeop1.e,1.aws,processesandthreatwhenandtherisks.TheIdentifyconceptconceptcaninc1.udemanycategoriesre1.atingtoscopingparticu1.aractivitiestoon1.ythosewhicharere1.evant.Categoriescaninc1.ude:businessenvironment,riskassessment,riskmanagementstrategy,TheactivitiesinscopeoftheIdentityconceptaref
25、oundationa1.forcybersecurity.TheIdentifyconceptcaninc1.udeanunderstandingOfbUSineSScontext,stakeho1.ders,thecybersecurityecosystemandfunctionsandAninformationandtheirre1.atedinresourcescana1.sobecyberpersona,IheunderstandinggainedfromtheIdentifyconceptenab1.esaf1.exib1.eandrepeatab1.eviewofcybersecu
26、rityforanorganizationtofocusandprioritizeitsefforts.whendesigningtheIdentifycreatorshou1.dconsiderevo1.vingthreatsandemergingcanfai1.appropriate1.ymeetfuturerequirements.Acybersecurityframeworkshou1.dinc1.udetheProtectconcept.Th(X)(X!Vcotd!ttintdipsarcaud0n91.ttHiftquirdsthf)dttdcCdreahi应。岫RPbgHtmuW
27、ode1.ivercritica1.servicesandmaintainitsoperationsandsecurityofitsinformation.翩店P桥M国厮居展招沼僭nym图跋OPr次MtaS朋腾t同为edin品般ec。胃用的外dingtr延卷盥fisystemsecurity,industria1.contro1.systemsorinternetofthings.Categoriescaninc1.ude:accesscontro1.,awarenessandtraining,datasecurity,informationprotectionprocessesandproc
28、edures,maintenance.岬舐好phy,1.M训吃琳a三附H验*setma呻明懒讨鸵叔5ftf9esssegre础映播廊嘏幅security.比这髭Ir潴臃入蝌科书CheSCf靓胖三WGFAmin曲8Sf邢福8即8淡&conccmconf凯龈CCUriwframeworkcreatorshou1.dconsiderprotectiontorpeop1.e,processandtechno1.ogy.5.4 DetectAcybersecurityframeworkshou1.dinc1.udetheDetectconcept.TheDetectconceptdeve1.opsthe
29、appropriateactivitiestodiscovercybersecurityevents.TheactivitiesintheDetectconceptprovideanorganizationtheabi1.itytoproactive1.yobservechangesinbehaviours,states,traffic,configurationorprocessingofitskeyresources.Thesechangescanbei11ff1.itionexW91j1ft三A册QfiR双携三eJ三underWHfHg眠edd2hanging1.andscape,the
30、TheDetectconceptcaninc1.udetraditiona1.assetmonitoringandattackdetection.Categoriescaninc1.ude:g网正兼stW丽W啾a1.娜fifcW曲三瞅曲1.三郦pr”陶tionOgging,1.ogCorre1.ationandAcybersecurityframeworkcreatorshou1.dconsiderthedepthandscopeofinterna1.andexterna1.曲f1.陶济k晚烧4尊蜘?R龌asingad册出钳曲版R喉fg瞄联郎附曲利书乐OrkS密忸相姬Uritysystem1.
31、eve1.whi1.eothersfocusonprocess1.eve1.WhenconsideringtheDetectConCePtTcybersecurityframeworkcreatorsshou1.ddeterminetheappropriate1.eve1.ofdetaiItoguideorganizations.5.5 RespondAcybersecurityframeworkshou1.dinc1.udetheRespondconceptTheRespondconceptdeve1.opstheappropriateactivitiesregardingtherespon
32、setocybersecurityevents.TheactivitiesintheRespondconcepta1.1.owanorganizationtoqua1.ifythecybersecurityeventsintheirenvironmentandreacttothem.Theseactivitiesa1.1.owanorganizationtocategorize,eva1.uate,andremediaterequirements,cybersecurityeventsbasedontheirspecificneeds,resources,stakeho1.dersandThe
33、Respondconceptcaninc1.udethetraditiona1.incidentresponseconceptsaswe1.1.aspo1.icies,R阳飕情&痛趣附8内I姗谕tionp1.的rf1.N行牌后犯8他,ana1.ysis,mitigation,Acybersecurityframeworkcreatorshou1.dconsiderthebroadercontextoftheRespondconcept,眼哪W三1.的f1.RI三现砂喉搬j总肿幅沿用es狠跳慨嘛三h艇S旭翘脚翻IMPabHitydisc1.osures,threatreportsorotheri
34、nformationprovidedbyexterna1.sources,dditiona1.1.y,theRespondconceptcaninc1.udethesharingofinformationwithexterna1.sources.Acybersecurityframeworkcreatorshou1.dconsidertheentireunderstandtheRespondconcept,ecosysteminwhichthecybersecurityframeworkwi1.1.bedep1.oyedto5.6 RecoverAcybersecurityframeworks
35、hou1.dinc1.udetheRecoverconcept.TheRecoverreputation,conceptdeve1.opstheappropriateactivitiestorestoreservices,repairsystemsandrestoreTheactivitiesintheRecoverconceptdefinetherestorationandcommunicationre1.atedactivitiesaftera娘胛3显瞬Y箱是如激RRb临IyaCtA三A盘1挺的削昆都匹p%嫉乩GEfiinhizcdamageandhe1.porganizationsres
36、umeoperations.AiW蜘硒砥蛛veg三触骸蝴鹏薮帼,臊蝌毂喘辎脚!依ReC报限膈ica1.ormanageria1.processesinnature.Assetscannavereachedaninoperab1.eorundesiredstateofoperation.TheRecoverconceptisanopportunitytoprovideguidanceonhowtorepairthoseassets.Reputation鹿蝌1orMerduring型底姬麻阴郁1螂同崛cov邱nr1.un廊修妒*1gimprovements,recoverytrainingandr
37、ecoveryexecution.A野糊眼m眇的胭跳网IgCr那整酗吊刑邸感,gknu硒s8隔倒骷隔陶砌娜rit做睡棚derneeds,imp1.ementationscenariosandtechno1.ogica1.maturity.Whi1.esomecybersecurityframeworksdonotincorporatebusinessgoa1.s,thenon-technica1.ramificationsofarecoverycanbesevereandcanPeM眼MgbyaaCyberSeCUrityfrrW8堂首峻的叱片也用dCybVr喇K眇andP轮脂品隔诩b.邪秘d
38、actfWdcSRCiWbiicybersecurityframework.AsshowninFigure1,thecybersecurityandinformationsecurityactivitiestobeorganizedintoacybersecurityframeworkdependonthecontextandrequirementsthatguideW日印腮硒岁啊崛由伊战姐*点Pijh陞圈灯由庭监?明胞魁1)由av帐Eaofdetai1.Ifanadditiona1.1.eve1.ofdetai1.isdesired,cybersecurityTrameworkcreator
39、scanaddmoredetai1.edstatementstoa1.ignatthesubcategory1.eve1.AnnexA(informative)Considerationsinthecreationofacybersecurityframework.1.Genera1.Theconsiderationsproposedinthisannexaimtoguidecybersecurityframeworkcreatorsindesigningacybersecurityframework.Whi1.etherecanbeotherinterpretationsoftheconce
40、ptsandstandards1.isted,A.2toA.4arepresentedasacompendiumofthreeexamp1.es.6ximp1.esekWft1断1.iE6tionfA6Q4rtie.mi决kQpevfMm(AW1.wWig展即djw4a的悖左ameworKmMwedsubdivisionofthebaseconcepts.Whi1.ecategorieswithinaspecificconceptcanvary,conceptsremainconstantperthisdocument.Tab1.esA.1to.5showexamp1.ecategoriesandreferenceswithineachconcept.Examp1.e2isa1.soarep1.icationofISOIECTR27103whichdemonstratesacybersecurityframeworkcreatedfromse1.ectedISO/IECstandards.Whi1
