1、 INTERNATIONAL STANDARD ISO/IEC 27002:2014 TECHNICAL CORRIGENDUM 1 Published 2014-09-15 INTERNATIONAL ORGANIZATION FOR STANDARDIZATION ORGANISATION INTERNATIONALE DE NORMALISATION INTERNATIONAL ELECTROTECHNICAL COMMISSION COMMISSION LECTROTECHNIQUE INTERNATIONALEInformation technology Security techn
2、iques Code of practice for information security controls TECHNICAL CORRIGENDUM 1 Technologies de linformation Techniques de scurit Code de bonne pratique pour le management de la scurit de linformation RECTIFICATIF TECHNIQUE 1 Technical Corrigendum 1 to ISO/IEC 27002:2013 was prepared by Joint Techn
3、ical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques ICS 35.040 Ref. No. ISO/IEC 27002:2013/Cor.1:2014(E) ISO/IEC 2014 All rights reserved Published in Switzerland DRAFT TECHNICAL CORRIGENDUM ISO/IEC 27002:2013/DCOR 1 ISO 2014 All rights reserved 1 Informa
4、tion technology Security techniques Information security management systems Requirements Information technology Security techniques Code of practice for information security controls Technical corrigendum 1 Technical Corrigendum 1 to ISO/IEC 27002:2013 was prepared by Joint Technical Committee ISO/I
5、EC JTC 1, Information technology, Subcommittee SC 27, Security techniques. Page 10, Subclause 7.1.2 Replace Implementation Guidance . c) responsibilities for the classification of information and management of organizational assets associated with information, information processing facilities and i
6、nformation services handled by the employee or contractor (see Clause 8) with Implementation Guidance . c) responsibilities for the classification of information and management of organizational information, other assets associated with information, information processing facilities and information
7、services handled by the employee or contractor (see Clause 8) Page 13, Subclause 8.1.1 Replace Control Assets associated with information and information processing facilities should be identified and an inventory of these assets should be drawn up and maintained. with Control Information, other ass
8、ets associated with information and information processing facilities should be identified and an inventory of these assets should be drawn up and maintained. ISO 2014 All rights reserved 2 Page 14, Subclause 8.1.3 Replace Implementation Guidance Employees and external party users using or having ac
9、cess to the organizations assets should be made aware of the information security requirements of the organizations assets associated with information and information processing facilities and resources. with Implementation Guidance Employees and external party users using or having access to the organizations assets should be made aware of the information security requirements of the organizations information, other assets associated with information and information processing facilities and resources.