ISO27002基础知识

 

ISO/IEC 27002:2005新版标准的主要变化(1)

标准条款增删较ISO/IEC 27002:2000(控制措施共有10 章、36个控制目标、127项控制措施),ISO/IEC 27002:2005的主要条款变化如下:

有9 个控制措施被删除,它们是(所列编号为ISO/IEC 27002:2000中的条款编号):

  • 1. 4.3.1 Security requirements in outsourcing contracts
  • 2. 8.1.6 External facilities management
  • 3. 9.4.2 Enforced path
  • 4. 9.4.9 Security of network services
  • 5. 9.5.1 Automatic terminal identification
  • 6. 9.5.6 Duress alarm to safeguard users
  • 7. 10.3.2 Encryption
  • 8. 10.3.3 Digital signatures
  • 9. 10.3.4 Non-repudiation services

    • 新增17 个控制措施(所列编号为ISO/IEC 27002:2005中的条款编号):

  • 1. 6.2.2 Addressing security when dealing with customers
  • 2. 7.1.2 Ownership of assets
  • 3. 7.1.3 Acceptable use of assets
  • 4. 8.2.1 Management responsibilities
  • 5. 8.3.1 Termination responsibilities
  • 6. 8.3.2 Return of assets
  • 7. 8.3.3 Removal of access rights
  • 8. 9.1.4 Protecting against external and environmental threats
  • 9. 10.2.1 Service delivery
  • 10. 10.2.2 Monitoring and review of third party services
  • 11. 10.2.3 Managing changes to third party services
  • 12. 10.4.2 Controls against mobile code
  • 13. 10.6.2 Security of network services
  • 14. 10.8.1 Information exchange policies and procedures
  • 15. 10.9.2 On-Line Transactions
  • 16. 10.10.3 Protection of log information
  • 17. 12.6.1 Control of technical vulnerabilities
    		•