35.020;35.040 标准查询与下载

BS ISO/IEC 27039:2015 信息技术.安全技术.入侵式检测系统的选择、开发和操作(IDPS)

Information technology. Security techniques. Selection, deployment and operations of intrusion detection systems (IDPS)

BIP 0071-2013 基于ISO/IEC 27001标准信息安全管理体系(ISMS)认证的要求和准备用指南

Guidelines on Requirements and Preparation for ISMS Certification based on ISO/IEC 27001

BIP 0072-2013 你是否准备好应对BS ISO/IEC 27001标准信息安全管理系统(ISMS)的审查?

Are you ready for an ISMS audit based on ISO/IEC 27001?

BIP 0073-2013 基于ISO/IEC 27001的ISMS控制的实施和审计指南

Guide to the Implementation and Auditing of ISMS Controls based on ISO/IEC 27001

BIP 0139-2013 ISO/IEC 27001-2013的介绍

An Introduction to ISO/IEC 27001:2013

DS/ISO/IEC 27014:2013 信息技术-安全技术-信息安全治理

This Recommendation / International Standard provides concepts and guidance on principles and processes for the governance of information security, by which organisations can evaluate, direct and monitor the management of information security. This Intern

Information technology - Security techniques - Governance of information security

DS/ISO/IEC 27010:2012 信息技术-安全技术-部门间和组织间通信的信息安全管理

This International Standard provides guidelines in addition to guidance given in the ISO/IEC 27000 family of standards for implementing information security management within information sharing communities.This International Standard provides controls an

Information technology - Security techniques - Information security management for inter-sector and inter-organizational communications

DS-håndbog 170:2012 适用于小型企业的 ISO/IEC 27001 实用建议

See Danish abstract.

ISO/IEC 27001 for Small Businesses – Practical advice

DS/ISO/IEC 27007:2011 信息技术-安全技术-信息安全管理体系审核指南

This International Standard provides guidance on managing an information security management system (ISMS) audit programme, on conducting the audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011.This International Standard is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.

Information technology - Security techniques - Guidelines for information security management systems auditing

DS/ISO/IEC 27006:2011 信息技术-安全技术-对提供信息安全管理系统审计和认证的机构的要求

This International Standard specifies requirements and provides guidance for bodies providing audit and certification of an information security management system (ISMS), in addition to the requirements contained within ISO/IEC 17021 and ISO/IEC 27001. It is primarily intended to support the accreditation of certification bodies providing ISMS certification.The requirements contained in this International Standard need to be demonstrated in terms of competence and reliability by any body providing ISMS certification, and the guidance contained in this International Standard provides additional interpretation of these requirements for any body providing ISMS

Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems

DS/ISO/IEC TR 27008:2011 信息技术-安全技术-信息安全控制审核员指南

This Technical Report provides guidance on reviewing the implementation and operation of controls, including technical compliance checking of information system controls, in compliance with an organization's established information security standards.This Technical Report is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks. This Technical Report is not intended for management systems audits.

Information technology - Security techniques - Guidelines for auditors on information security controls

DS/ISO/IEC 27031:2011 信息技术-安全技术-业务连续性信息和通信技术准备指南

ISO/IEC 27031:2010 describes the concepts and principles of information and comunication technology (ICT) readiness for business continuity, and provides a framework of methods and processes to identify and specify all aspects (such as performance criteria, design, and implementation) for improving an organization's ICT readiness to ensure business continuity. It applies to any organization (private, governmental, and non-governmental, irrespective of size) developing its ICT readiness for business continuity program (IRBC), and requiring its ICT services/infrastructures to be ready to support business operations in the event of emerging events and incident

Information technology - Security techniques - Guidelines for information and communication technology readiness for business continuity

DS/ISO/IEC 27003:2010 信息技术安全技术信息安全管理体系实施指南

This International Standard focuses on the critical aspects needed for successful design and implementation of an Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2005. It describes the process of ISMS specification and design from inception to the production of implementation plans. It describes the process of obtaining management approval to implement an ISMS, defines a project to implement an ISMS (referred to in this International Standard as the ISMS project), and provides guidance on how to plan the ISMS project, resulting in a final ISMS project implementation plan.This International Standard is intended to be used by or

Information technology - Security techniques - Information security management system implementation guidance

DS/ISO/IEC 27004:2010 信息技术-安全技术-信息安全管理-测量

This International Standard provides guidance on the development and use of measures and measurement in order to assess the effectiveness of an implemented information security management system (ISMS) and controls or groups of controls, as specified in ISO/IEC 27001.This International Standard is applicable to all types and sizes of organization.NOTE This document uses the verbal forms for the expression of provisions (e.g. “shall”, “shall not”, “should”, “should not”, “may”, “need not”, “can” and “cannot”) that are specified in the ISO/IEC Directives, Part 2, 2004, Annex H. See also ISO/IEC 27000:2009, Annex A.

Information technology - Security techniques - Information security management - Measurement

BIP 0026-2008 完整ISMS资料工具包CD可记录光盘和书.数据安全和ISO 27001/ISO 27002标准的经理人指南

The complete ISMS Documentation Toolkit CD-ROM and book. A Manager's Guide to Data Security and ISO 27001/ISO 27002

Foroeg Virksomhedens Informationssikkerhed-2007 提高公司的信息安全——标准化的整体方法

Improving your company’s information security – a standardized, holistic approach

BS 7799-3:2006 信息安全管理系统.信息安全性风险管理指南

This British Standard gives guidance to support the requirements given in BS ISO/IEC 27001:2005 regarding all aspects of an ISMS risk management cycle. This cycle includes assessing and evaluating the risks, implementing controls to treat the risks, monitoring and reviewing the risks, and maintaining and improving the system of risk controls. The focus of this standard is effective information security through an ongoing programme of risk management activities. This focus is targeted at information security in the context of an organization’s business risks. The guidance set out in this British Standard is intended to be applicable to all organizations, regardless of their type, size and nature of business. It is intended for those business managers and their staff involved in ISMS (Information Security Management System) risk management activities.

Information security management systems - Guidelines for information security risk management

BIP 0073-2005 基于ISO/IEC 27001信息安全管理体系(ISMS)控制功能的执行和审查指南

The Guide includes the definitive requirements that auditors must address when certifying organizations to the 2005 edition of BS ISO/IEC 27001 (BS 7799-2) and will provide guidance on the implementation, checking and auditing of the controls.

Guide to the implementation and auditing of ISMS controls based on ISO/IEC 27001

DS 484:2005 信息安全管理实务守则

Code of practice for information security management

KIT 20-2005 信息安全标准丛书

Information security standards kit