标准号:ISO/IEC TR 18044-2004
实施状态:作废
中文名称:信息技术.安全技术.信息安全事件管理
英文名称:Information technology - Security techniques - Information security incident management
发布日期:2004-10
被替代标准:ISO/IEC 27035-2011
采用标准:GB/Z 20985-2007,MOD;CAN/CSA-ISO/IEC TR 18044-05-2005,IDT;GOST R ISO/IEC TR 18044-2007,IDT
起草单位:ISO/IEC JTC 1/SC 27
标准简介:This Type 3 Technical Report (TR) provides advice and guidance on information security incident management for
information security managers, and information system, service and network managers.
This TR contains 11 clauses and is organized in the following manner. Clause 1 describes the scope and is followed by a
list of references in Clause 2 and terms and definitions in Clause 3. Clause 4 provides some background to information
security incident management, and that is followed by a summary of the benefits and key issues in Clause 5. Examples of
information security incidents and their causes are then provided in Clause 6. The planning and preparation for
information security incident management, including document production, is then described in Clause 7. The
operational use of the information security incident management scheme is described in Clause 8. The review phase of
information security management, including the identification of lessons learnt and improvements to security and the
information security incident management scheme, is described in Clause 9. The improvement phase, i.e. making
identified improvements to security and the information security incident management scheme, is described in Clause 10.
Finally, the TR concludes with a short summary in Clause 11. Annex A contains example information security event and
incident report forms, and Annex B contains some example outline guidelines for assessing the adverse consequences of
information security incidents, for inclusion in the reporting forms. The Annexes are followed by the Bibliography.
文件格式:PDF
文件大小:687.59KB
文件页数:58
(以上信息更新时间为:2019-11-22)
ISO_IEC TR 18044-2004 信息技术.安全技术.信息安全事件管理.pdf
(687.59 KB)
|
|
