iT邦幫忙

DAY 12
4

ISO 27001:2013 與ISO 27001:2005差異比較系列 第 12

ISO 27001:2013 與ISO 27001:2005差異比較#12

  • 分享至 

  • xImage
  •  

ISO 27001:2013 與ISO 27001:2005差異比較#4說明新版ISO27001/27002新增了12項控制措施(controls),將一一進行解說與分享:
14.2.5 System development procedures
系統發展程序
Control 控制措施
Principles for engineering secure systems should be established, documented, maintained and applied to any information system implementation efforts.
系統安全的工程原則宜建立、文件化、維持並適用於任何資訊系統實作的努力。
Implementation guidance實作指引

Secure information system engineering procedures based on security engineering principles should be established, documented and applied to in-house information system engineering activities. Security should be designed into all architecture layers (business, data, applications and technology) balancing the need for information security with the need for accessibility. New technology should be analysed for security risks and the design should be reviewed against known attack patterns.
These principles and the established engineering procedures should be regularly reviewed to ensure that they are effectively contributing to enhanced standards of security within the engineering process. They should also be regularly reviewed to ensure that they remain up-to-date in terms of combating any new potential threats and in remaining applicable to advances in the technologies and solutions being applied.
The established security engineering principles should be applied, where applicable, to outsourced information systems through the contracts and other binding agreements between the organization and the supplier to whom the organization outsources. The organization should confirm that the rigour of suppliers’ security engineering principles is comparable with its own.

新版的ISO 27001/27002建議要建立系統安全的工程原則, 包括安全要被在所有架構階層中被設計, 要定期審查以確保持續關注新的潛在威脅. 包括委外時, 要將相關要求納入協議中... 等


上一篇
ISO 27001:2013 與ISO 27001:2005差異比較#11
下一篇
ISO 27001:2013 與ISO 27001:2005差異比較#13
系列文
ISO 27001:2013 與ISO 27001:2005差異比較31
圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言