This International Standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The adoption of an information security management system is a strategic decision for an organization. The establishment and implementation of an organization’s information security management system is influenced by the organization’s needs and objectives, security requirements, the organizational processes used and the size and structure of the organization. All of these influencing factors are expected to change over time.
本标准用于为建立、实施、保持和持续改进信息安全管理体系提供要求。采用信息安全管理 体系是组织的一项战略性决策。一个组织信息安全管理体系的建立和实施受其需要和目标、 安全要求、所采用的过程以及组织的规模和结构的影响。所有这些影响因素会不断发生变化。
The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.
信息安全管理体系通过应用风险管理过程来保持信息的保密性、完整性和可用性,以充分管 理风险并给予相关方信心。
It is important that the information security management system is part of and integrated with the organization’s processes and overall management structure and that information security is considered in the design of processes, information systems, and controls. It is expected that an information security management system implementation will be scaled in accordance with the needs of the organization.
信息安全管理体系是组织过程和整体管理结构的一部分并与其整合在一起是非常重要的。信 息安全在设计过程、信息系统、控制措施时就要考虑信息安全。按照组织的需要实施信息安 全管理体系,是本标准所期望的。
This International Standard can be used by internal and external parties to assess the organization’s ability to meet the organization’s own information security requirements.
本标准可被内部和外部相关方使用,评估组织的能力是否满足组织自身信息安全要求。
The order in which requirements are presented in this International Standard does not reflect their importance or imply the order in which they are to be implemented. The list items are enumerated for reference purpose only.
本标准中要求的顺序并不能反映他们的重要性或意味着他们的实施顺序。列举的条目仅用于 参考目的。
ISO/IEC 27000 describes the overview and the vocabulary of information security management systems, referencing the information security management system family of standards (including ISO/IEC 27003[2], ISO/IEC 27004[3] and ISO/IEC 27005[4]), with related terms and definitions.
ISO/IEC27000 描述了信息安全管理体系的概述和词汇,参考了信息安全管理体系标准族
(包括ISO/IEC 27003、ISO/IEC 27004 和ISO/IEC 27005)以及相关的术语和定义。