27001与7799差异（27001 and 7799 differences）.doc

27001与7799差异（27001 and 7799 differences） Information security management system of information security management: to refine [source: Chinese quality news Author: Ding Ying] The point Recently, this reporter from the British Standards Institute (BSI) ISO17799 was informed of the information security management trend of development seminars on information security management system standard second part ISO27001: 2005 has been formally issued in October 14th this year, this ratio is expected in mid November the publication time a month ahead of schedule. Previously, the information security management system implementation guide ISO17799: 2005 already in June of this year officially published. The two edition standard issue make ready to import the management system of organization can be timely according to the new version of the requirements to build their own information security management system; at the same time, also highlights the importance of the hitherto unknown information security management is in the organization management. Here, we will implement the guidelines of ISO17799: 2005 and ISO17799: the information security management system 2000 differences between. Information security management system to resist risks The new version of the information security management system standard is divided into 11 control regions, 39 control objectives, 133 control measures. This system is a complete, comprehensive, management system, it can help the company to identify, manage and reduce the risks of information. A security policy control domain This is a control domain management guidance and support for the information security, it is trying to answer the information security management and what problems, we can understand it as the intention, purpose and direction. The strategy here is a multi-level, both macro strategy, and for the two grade every detail even lower layer strategy. Two: the organization of information security control domain The organization