17799标准中文版
0.1啥是信息安全?象别的重要业务财物相同,信息也是对安排业务至关重要的一种财物,因而需求加以适当地维护。在业务环境互连日益添加的状况下这一点显得尤为重要。这种互连性的添加致使信息露出于日益增多的、范围越来越广的要挟和脆弱性傍边(也可参考用于信息系统和网络的安全的OECD指南)。信息可以以多种方式存在。它可以打印或写在纸上、以电子方法存储、用邮递或电子手段传送、呈如今胶片上或用语言表达。不管信息以啥方式存在,用哪种方法存储或共享,都应对它进行适当地维护。信息安全是维护信息免受各种要挟的危害,以保证业务连续性,业务风险最小化,出资报答和商业机会最大化。信息安全是通过施行一组合适的控制措施而到达的,包括策略、进程、规程、安排结构以及软件和硬件功能。在需求时需建立、施行、监视、评定和改善这些控制措施,以保证满意该安排的特定安全和业务方案。这个进程应与别的业务管理进程联合进行。17799规范中文版.doc
(0.1 What is information security? Like other important business assets, information is also an asset that is vital to business organization and needs to be properly maintained. This is especially important in an increasingly interconnected business environment. This increase in interconnectivity exposes information to a growing and wider range of threats and vulnerabilities (see also the OECD Guidelines for Security of Information Systems and Networks). Information can exist in many ways. It can be printed or written on paper, stored electronically, transmitted by post or electronically, presented on film, or expressed in words. Regardless of how the information exists, and how it is stored or shared, it should be properly maintained. Information security is the protection of information from various threats to ensure business continuity, minimize business risks, maximize investment returns and maximize business opportunities. Information security is achieved by implementing a set of appropriate controls, including policies, processes, procedures, arrangements, and software and hardware capabilities. These controls shall be established, implemented, monitored, assessed and improved as required to ensure that the specific security and operational scenarios of the arrangement are satisfied. This process should be carried out in conjunction with other business management processes.
17799 Specification Chinese Version.doc)
页:
[1]