isms信息安全管理体系..docxVIP

信息安全管理体系 From Wikipedia, the free encyclopedia从维基百科，自由的百科全书 Jump to: navigation , search跳转到： 导航 ， 搜索Plan-Do-Check-Act Cycle计划 - 实施 - 检查 - 行动循环 ENISA: Risk Management and Isms activities ENISA：风险管理与主义活动 An information security management system (ISMS) is a set of policies concerned with information security management or IT related risks .信息安全管理体系 （ISMS）是一个与有关的政策设置的信息安全管理或资讯科技有关的风险 。 The idioms arose primarily out of ISO 27001 .产生的成语主要出ISO 27001 。 The governing principle behind an ISMS is that an organization should design, implement and maintain a coherent set of policies, processes and systems to manage risks to its information assets , thus ensuring acceptable levels of information security risk.而背后的信息安全管理体系的主导原则是，一个组织应制定，实施和维护的政策，流程和系统来管理其风险的一整套信息资产 ，从而确保信息安全风险可接受的水平。 Contents目录 [hide]1 ISMS description1 ISMS描述2 Need for a ISMS2 需要一个ISMS3 Critical success factors for ISMS3 ISMS的关键成功因素4 See also4 参见5 Notes and references5 笔记和参考6 External links6 外部链接[ edit ] ISMS description [ 编辑 ] ISMS描述 As with all management processes, an ISMS must remain effective and efficient in the long term, adapting to changes in the internal organization and external environment.如同所有的管理流程，一个ISMS必须保持有效和长期有效的，适应在内部组织和外部环境的变化。 ISO/IEC 27001 therefore incorporates the typical Plan-Do-Check-Act ( PDCA ), or Deming cycle, approach: ISO / IEC 27001，因此采用了典型的“计划-实施-检查-行动”（ PDCA ）或戴明循环，方法： The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls.该计划阶段有关设计的ISMS，信息安全风险评估，并选择适当的控制。 The Do phase involves implementing and operating the controls.该做阶段包括实施和操作控制。 The Check phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS.检查阶段的目标是审查和评价的ISMS性能（效率和效益）。 In the Act phase, changes are made where necessary to bring the ISMS back to peak performance.在该法的阶段，在必要时进行更改，以使ISMS回峰值性能。 The best known ISMS is described in ISO/IEC 27001 and ISO/IEC 27002 and related standards published jointly by ISO and IEC .最有名的IS