信息技术安全技术信息安全管理实用规则Informationtechnology-Securitytechniques-Codeofpracticeforinformationsecuritymanagement(ISO/IEC17799:2005)目次引言....................................................................III0.1什么是信息安全?......................................................III0.2为什么需要信息安全?..................................................III0.3如何建立安全要求......................................................III0.4评估安全风险...........................................................IV0.5选择控制措施...........................................................IV0.6信息安全起点...........................................................IV0.7关键的成功因素..........................................................V0.8开发你自己的指南........................................................V1范围........................................................................12术语和定义..................................................................13本标准的结构................................................................23.1章节....................................................................23.2主要安全类别............................................................34风险评估和处理..............................................................34.1评估安全风险............................................................34.2处理安全风险............................................................45安全方针....................................................................45.1信息安全方针............................................................46信息安全组织................................................................66.1内部组织................................................................66.2外部各方...............................................................107资产管理...................................................................157.1对资产负责.............................................................157.2信息分类...............................................................168人力资源安全...............................................................188.1任用之前...............................................................188.2任用中.................................................................208.3任用的终止或变化.......................................................219物理和环境安全.............................................................239.1安全区域...............................................................239.2设备安全...............................................................2610通信和操作管理............................................................2910.1操作程序和职责........................................................2910.2第三方服务交付管理....................................................3210.3系统规划和验收........................................................3310.4防范恶意和移动代码....................................................3410.5备份..................................................................3610.6网络安全管理..........................................................3710.7介质处置..............................................................3810.8信息的交换............................................................40I10.9电子商务服务................................
