ISMS管理层意识培训课程.ppt

ISO 27001 Information security management system Slide 32, rev 0 A.12.4 To ensure security of system files 确保系统 文档的安全 A.12.5 To maintain security of application system software and information 维护应用系统 软件和信息的安全 A.12.6 To reduce risks resulting from exploitation of published technical vulnerabilities 通过利用已公开 的技术弱点降低风险 A.12.4.2 Protection of system test data 保护系统测试数据 A.12.4.3 Access control to program source code 程序员代码的访问控制 A.12.5.1 Change control procedures 变更控制程序 A.12.5.2 Technical review of applications after operating system changes. 在操作系统变更后 的应用系统技术评审 A.12.5.3 Restriction on changes to software packages 软件包变更的限制 A.12.5.4 Information leakage 信息泄露 A.12.5.5 Outsourced software development 外包的软件 开发 A.12.6.1 Control of technical vulnerabilities 技术弱点的控制 Information systems acquisition, development and maintenance 信息系统的获得、开发和维护 A.12 Information systems acquisition, development and maintenance 信息系统的获得，开发和维护 A.12.4.1 Control of operational software 控制运营软件 ISO 27001 Information security management system Slide 33, rev 0 DNV Training 2009? associated with the information systems are communicated in a manner allowing timely corrective action to be taken 确保与信息系统 有关的事件和弱点及时沟通以确保及时采取纠正措施 A.13.2 To ensure consistent and effective approach is applied to the management of information security incidents 确保管理信息安全事故的一致的和有效的方法 A.13.1.1 Reporting information security events 报告信息安全事件 A.13.1.2 Reporting security weaknesses报告安全弱点 A.13.2.1 Responsibilities and procedures 责任和程序 A.13.2.2 Learning from information security incidents 从信息安全事故中学习 A.13.2.3 Collection of evidence 收集证据 Information security incident management 信 息安全事故管理 A.13 Information security incident management 信息安全事故管理 A.13.1 To ensure information security events and weaknesses 信息安全管理体系管理 层意识培训课程 邓生品 dengshengpin@163.com ISO 27001 Information security management system Slide 2, rev 0 信息安全的缺乏可以导致灾难 ISO 27001 Information security management system Slide