1、 INTERNATIONAL STANDARD ISO/IEC 27002:2013 TECHNICAL CORRIGENDUM 2 Published 2015-11-15 INTERNATIONAL ORGANIZATION FOR STANDARDIZATION ORGANISATION INTERNATIONALE DE NORMALISATION INTERNATIONAL ELECTROTECHNICAL COMMISSION COMMISSION LECTROTECHNIQUE INTERNATIONALEInformation technology Security techn
2、iques Code of practice for information security controls TECHNICAL CORRIGENDUM 2 Technologies de linformation Techniques de scurit Code de bonne pratique pour le management de la scurit de linformation RECTIFICATIF TECHNIQUE 2 Technical Corrigendum 2 to ISO/IEC 27002:2013 was prepared by Joint Techn
3、ical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques ICS 35.040 Ref. No. ISO/IEC 27002:2013/Cor.2:2015(E) ISO/IEC 2015 All rights reserved Published in Switzerland ISO/IEC 27002:2013/Cor.2:2015(E) 2 ISO/IEC 2015 All rights reservedPage 61, Subclause 14.2.8
4、 Replace Implementation Guidance New and updated systems require thorough testing and verification during the development processes, including the preparation of a detailed schedule of activities and test inputs and expected outputs under a range of conditions. For in-house developments, such tests
5、should initially be performed by the development team. Independent acceptance testing should then be undertaken (both for in-house and for outsourced developments) to ensure that the system works as expected and only as expected (see 14.1.1 and 14.1.9). The extent of testing should be in proportion
6、to the importance and nature of the system. With Implementation Guidance New and updated systems require thorough testing and verification during the development processes, including the preparation of a detailed schedule of activities and test inputs and expected outputs under a range of conditions
7、. For in-house developments, such tests should initially be performed by the development team. Independent acceptance testing should then be undertaken (both for in-house and for outsourced developments) to ensure that the system works as expected and only as expected (see 14.1.1 and 14.2.9). The extent of testing should be in proportion to the importance and nature of the system.