isms 資訊安全管理系統

iso 27001 ISMS資安管理系統認證標準
iso 27002 ISMS作業規範
iso 27003 ISMS導入指南

iso 27001

範圍涵蓋了各種形式的組織，包括商業團體、政府單位和非營利機構等，標準中規定應在組織整體的營運活動和其所面臨的各種風險中

資訊安全必須涵蓋三個層面、管理層面、技術層面、實際層面

https://www.bsigroup.com/zh-TW/ISO-27001-Information-Security/

cissp

Up to now we have our ISO/IEC 27000 series, which outlines the necessary components of an organizational security program. We also have our security enterprise architecture, which helps us integrate the requirements outlined in our security program into our existing business structure. Now we are going to get more focused and look at the objectives of the controls we are going to put into place to accomplish the goals outlined in our security program and enterprise architecture.