BS7799信息安全管理标准WorldwideStandardsHavingtroublelocatinganoverseasstandard?BSIhasthesolution…WITHBSI,YOURSEARCHISOVERBEFOREIT’SEVENBEGUNWorldwideStandardsDirectisthefast,cost-effectivestandardsservice.Contactuson:e-mail:info@bsi-global.comTel+44(0)2089969001Fax+44(0)2089967001Informationsecuritymanagement—Part1:Codeofpracticeforinformationsecuritymanagement信息安全管理标准第一部分:信息安全管理惯例目录WorldwideStandards..............................2Havingtroublelocatinganoverseasstandard?BSIhasthesolution…...............................2WITHBSI,YOURSEARCHISOVERBEFOREIT’SEVENBEGUN............................................2第一部分:信息安全管理惯例................................3序....................................................14简介..................................................15什么是信息安全?...................................15为什么需要信息安全.................................15如何制定安全需求...................................16评估信息风险.......................................16安全控制的选择.....................................16信息安全的出发点...................................17重要的成功因素.....................................17开发你自己的指导方针...............................171.范围................................................192.术语与定义..........................................202.1信息安全.......................................202.2风险评估.......................................202.3风险管理.......................................203.安全策略............................................213.1信息安全策略...................................213.1.1信息安全策略文件..........................213.1.2复审及评估................................214.安全组织............................................224.1息安全架构.....................................224.1.1管理信息安全论坛..........................224.1.2信息安全的协调............................224.1.3信息安全责任的分配........................224.1.4息处理设备的授权步骤......................234.1.5信息安全专家的意见........................234.1.6组织之间的合作............................244.1.7信息安全的独立复审........................244.2第三方访问的安全...............................244.2.1确认第三方访问的风险......................244.2.1.1访问的种类...........................244.2.1.2访问的原因...........................254.2.1.3现场合同方...........................254.2.2第三方合同的安全要求......................254.3外包服务.......................................264.3.1外包合同的安全要求........................265.资产分类与控制......................................285.1资产的使用说明.................................285.1.1资产清单..................................285.2信息分类.......................................285.2.1分类的指南................................295.2.2信息标注及处理............................296.人员安全............................................306.1岗位定义及资源分配的安全.......................306.1.1岗位责任的安全............................306.1.2人事过滤及策略............................306.1.3保密协议..................................316.1.4雇佣条款..................................316.2用户培训.......................................316.2.1信息安全教育及培训........................316.3安全事件及失常的反应措施.......................316.3.1报告安全事...