Text

ISO/IEC 27001 -- Information technology -- security techniques -- Information security management systems -- Requirements

---

Contents :
Foreword
0 Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Context of the organization
4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the information security management system
4.4 Information security management system
5 Leadership
5.1 Leadership and commitment
5.2 Policy
5.3 Organizational roles, responsibilities and authorities
6 Planning
6.1 Actions to address risks and opportunities
6.2 Information security objectives and planning to achieve them
7 Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
8 Operation
8.1 Operational planning and control
8.2 Information security risk assessment
8.3 Information security risk treatment
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
10 Improvement
10.1 Nonconformity and corrective action
10.2 Continual improvement
Annex A (normative) Reference control objectives and controls
Bibliography

---

Availability

Detail Information

Series Title

--

Call Number

R005.8 ISO i

Publisher

Geneva : ISO/IEC., 2013

Collation

v, 23 cm.; ilus.; 30 cm

Language

English

ISBN/ISSN

--

Classification

R005.8

Content Type

-

Media Type

-

Carrier Type

-

Edition

Second edition

Subject(s)

Computer networks -- Security measures

Specific Detail Info

--

Statement of Responsibility

ISO/IEC

Other Information

Link

-

Daftar Isi

-

Other version/related

File Attachment

Comments

---

You must be logged in to post a comment