您好,欢迎访问三七文档
当前位置:首页 > 商业/管理/HR > 质量控制/管理 > ISO17799信息安全休系(1)
1ISO17799INFORMATIONSECURITY!!#$%&'!#$%&Ifyourinformation’snotsafe,yourfuture’snotsecure2InformationSecurityNomatterhowsecureandwellprotectedanorganisationappearstobe,sensitiveinformationcanbeleakedwithoutyouevenrealisinguntilit’stoolate.Allinformationinalldepartments,whetheroncomputerdisk,paperorintheheadsofthoseyouemploy,isatriskfromanynumberofveryrealthreats.InformationsecurityisnolongerjustanissueforITmanagers–asinglebreachofinformationsecuritycouldcostyourcompanyhardearnedprofitswhilstdoingirreparabledamagetoyourimageandreputation.Yourcapacitytotradeprofitablydependsonyourabilitytomanagethisriskeffectively.Asthenumberofreportedinformationsecuritybreachesconsistentlyincreases,theneedtocreateamanagementframeworkforinformationsecurityintensifies.AnInformationSecurityManagementSystem(ISMS)–ISO17799,theInternationalStandardsOrganisation’sversionofBS7799,willprovideawell-provenframeworktoinitiate,implement,maintainandmanageinformationsecuritywithinanyorganisation.ISO17799OnceyoustartusingISO17799asabasisforyourISMS,yourmanagementsystemcanbeauditedandregisteredbyathirdparty.Thisprocessaddssignificantvaluetotheongoingeffectivenessofthesystem.ByimplementingandregisteringtotheaccreditedBS7799schemeyouwillbewellonthewaytobeingregisteredtoISO17799whenaregistrationprocessispublished.Atthatpoint,BSIwillworkwithyoutoensureasmoothtransitionfromBS7799totheISO17799certificationstandard.IFYOUAREN’TMANAGINGRISKS,YOUSHOULDBETheissueofinformationsecurityseesorganisationsofallsizesandfromallsectors,withanidenticalproblem–theirinherentvulnerability.3!#$%&'()*+,-./'(01+23!#$%&'()*+,-./0123#$4!!#$%&'()*+,-./012%345!#$%&'()*+,-./0123456fq!#==!#$%&'()!#$%&'()*+,-./%0123!#$%&'()*+,-./0123456!#$%&!#$%&'()*+,-.-/01234!#$%&'()*+,-./0!1fpjpfpl=NTTVV==!#$%&_pTTVV!#$%&'()*+,-+./012!#$%fpl=NTTVV!#$!#$%&'#!(!#$%&'()*+,-!#$%&'()*!#$%&$'()*+_p=TTVV!fplNTTVV!#$%&'($!#$%&'()*_pf!#$_p=TTVV!fpl=NTTVV!#$%&'()*+,-.%/!#$%&'()!#$%&'()*+,!#$%&'==!#$%!4FEATURESANDBENEFITSOFISO17799DuetotheallencompassingnatureofISO17799,wehavehighlightedthekeyareasyouwouldhavetoaddresswhenusingtheISO17799InformationSecurityManagementSystem:Securitypolicy–AdocumenttodemonstratemanagementsupportandcommitmenttotheInformationSecurityManagementSystemprocess.Securityorganisation–Anestablishedmanagementframeworktoinitiateandcontroltheimplementationofinformationsecuritywithinyourorganisationandtomanageongoinginformationsecurityprovision.Assetclassificationandcontrol–Acomprehensiveinventoryofassetswithresponsibilityassignedtoensurethateffectivesecurityprotectionismaintained.Personnelsecurity–Welldefinedjobdescriptionsforallstaffoutliningsecurityrolesandresponsibilities.Physicalandenvironmentalsecurity–Aclearandconcisedefinitionofthesecurityrequirementsforyourpremisesandthepeoplewithinthem.Communicationsandoperationsmanagement–OptimiseyourcommunicationtofacilitatesmoothoperationoftheInformationSecurityManagementSystem.Accesscontrol–Networkmanagementtoensurethatonlythosewiththeappropriateresponsibilityhaveaccesstoinformationinthenetworksandtheprotectionofthesupportinginfrastructure.Systemsdevelopmentandmaintenance–EnsuringthatITprojectsandsupportactivitiesareconductedinasecuremannerthroughdatacontrolandencryptionwherenecessary.Businesscontinuitymanagement–Amanagedprocessfordevelopingandmaintainingbusinesscontingencyplanswhichprotectcriticalbusinessprocessesfrommajordisastersorfailures.Compliance–Ademonstrationtoclients,employeesandtheauthoritiesofyourcommitmenttomeetstatutoryorregulatoryinformationsecurityrequirements.Ifthisexercisehashighlightedareasthatneedmorework,oryouhaveanyqueriesregardingtheissuesraised,pleasecontactBSI.5fpl=NTTVV!#fpl=NTTVV!#$%&'()*+,!-.)/012!#$%&'()*+,-./012345678!!==!#$%&'()*+,-./!==!#$%&'()*+,-./012#$!#$%&'()*+,-./0!#$==!#$%&'()*+,-./!==!#$%&'()*+,-.!#$==!#$%&'()*+,-./01!#$==!#$%&'()*+,-./01!#$%&'()!==!#$%&'()*+,-./01234!#$%&'!()*+,-./!#$==!fq!#$%&'()!#$%&'()*+,-.!#$%==!#$%&'()*+,-./!#$%&'()*+,-.!==!#$%&'()*+,-.!#$%&'()*+,-./0123$I_pf6ADDEDVALUETHROUGHINTEGRATIONWhiletheBritishandInternationalManagementSystemstandardsareautonomous,theyaremorecompatiblethaneverbefore.Integratingyoursystemsgiveslimitlesspotentialwhileaddingvalueandefficiencytoyourorganisation.Integratedmanagementsystemsarefastbecomingaprerequisitetotradeglobally,securepartnershipsandmaintaincustomerloyalty.Theyaredesignedtohelpyourorganisationworkasacompleteunitwithacommonobjective,whilepromotingdevelopmentinabalancedandholisticway.OurIntegratedAssessmentService(IAS)isdesignedtohelporganisationsreachregistrationtoanumberofmanagementsystemstandardscost-effectivelywithminimaldisruptiontoworkactivity.So,shouldyouwanttodemonstrateyourcommitmenttotheenvironment(ISO14001),health&safety(OHSAS18001)orquality(ISO9001:2000)alongsideinformationsecurity(ISO17799)tocreateatotalmanagementsolution,wec
本文标题:ISO17799信息安全休系(1)
链接地址:https://www.777doc.com/doc-435082 .html