您现在的位置:首页 > 企业新闻 > 这里满足不是用的meet,而是in accordance with

这里满足不是用的meet,而是in accordance with

2018-04-17 14:58:55 | 来源:中培企业IT培训网

372这里满足不是用的meet,而是in accordance with。 这两个词还是有区别的,“符合”更强调两个东西之间的一致性。

374在ISO/IEC 27002: 2013的“其他信息”中:ISO/IEC 27007[12],‘‘Guidelines for information security management systems audi- ting" and ISO/IEC TR 27008[13l, "Guidelines for auditors on information security controls" also provide guidance for carrying out the independent review。这里必须分清几个概念的不同,A.18.2.1中所说的独立评审,其实类似于audit(就是管理体系审核的概念),而在A.12.7.1中讨论的audit,从ISO/IEC 27002: 2013判断则比较专注于细节。从ISO/IEC 27001: 2013 中,这几个概念就很容易混淆。因为在正文中就有9.3内部审核(internal audit),要求跟A.18.3.1 Independent review of information security多有相似之处,尤其都可以参考ISO/IEC 27007和ISO/IEC TA 27008,但是用了同一个词汇的

A.12.7.1Information systems audit controls则描述的是不同的事。

375在ISO/IEC 27001: 2005中用的是check(核查),ISO/IEC 27001: 2005修改成了review(评审)。

SEl/IEE己7DEll:己口i]标准f&i卖及改版分析

参考文献卵6

[1] ISO/IEC 27002: 2013, Information technology - Security Techniques - Code of practice for information security controls.

[2] ISO/IEC 27003, Information technology - Security techniques - Information security management system implementation guidance.

[3] ISO/IEC 27004, Information technology - Security techniques -- Information security management - Measurement.

[4] ISO/IEC 27005, Information technology - Security techniques - Information security risk management.

[5] IS0 31000: 2009, Risk management - Principles and guidelines.

[6] ISO/IEC Directives,'Part l, Consolidated ISO Supplement - Procedures spe - cific to ISO, 2012.

标签: 管理体系

预约领优惠