KS X ISO IEC 27003-2011 Information technology－Security techniques－Information security management system implementation guidance《信息技术 安全技术 信息安全管理系统执行指南》.pdf

1、 KSKSKSKSKSKSKSK KSKSKS KSKSK KSKS KSK KS KS X ISO/IEC 27003 KS X ISO/IEC 27003:2011 2011 12 29 http:/www.kats.go.krKS X ISO/IEC 27003:2011 : e- ( ) ( ) ( ) : () () KISA KISA ETRI ETRI : (http:/www.standard.go.kr) ： ：2011 12 29 2011-0674 ： e- ： ( 02-509-7262) (http:/www.kats.go.kr). 10 5 , . KS X IS

2、O/IEC 27003:2011 i . iii iv 1 1 2 1 3 .1 4 .2 4.1 .2 4.2 3 4.3 .3 5 ISMS 5 5.1 ISMS .5 5.2 ISMS .6 5.3 ISMS 8 5.4 10 6 ISMS , .12 6.1 ISMS , .12 6.2 14 6.3 15 6.4 16 6.5 ISMS .16 6.6 ISMS .17 7 18 7.1 18 7.2 ISMS .19 7.3 ISMS 20 7.4 .21 8 .23 8.1 .23 8.2 .25 8.3 .26 8.4 ISMS 26 9 ISMS .27 9.1 ISMS .

3、27 9.2 30 9.3 .34 9.4 ISMS .36 9.5 ISMS 39 A( ) .40 KS X ISO/IEC 27003:2011 ii B( ) 44 C( ) .48 D( ) 50 E( ) 54 60 KS X ISO/IEC 27003:2011 .61 KS X ISO/IEC 27003:2011 iii KS X ISO/IEC 27001 (Information Security Management System, ISMS) . ISMS . KS X ISO/IEC 27001( 4., 5., 7. ) . a) ISMS , , b) ISMS

4、 c) KS X ISO/IEC 27001 , . ISMS ISMS , ISMS . ISMS . ISMS . ISMS ( KS X ISO/IEC 27002 ). KS X ISO/IEC 27003:2011 iv 2010 1 ISO/IEC 27003, Information technology Security techniquesInformation security management system implementation guidance . KS X ISO/IEC 27003:2011 Information technology Security

5、 techniques Information security management system implementation guidance 1 KS X ISO/IEC 27001 ISMS . ISMS . ISMS , ISMS , ISMS ISMS . ISMS , ( , , ) . , ISMS . , . , . . , KS X ISO/IEC 27001 KS X ISO/IEC 27002 , KS X ISO/IEC 27001 , KS X ISO/IEC 27002 . . 2 . . ( ) . KS X ISO/IEC 27001, ISO/IEC 27

6、000： 2009, Information technology Security techniques Information security management systems Overview and vocabulary 3 ISO/IEC 27000： 2009, KS X ISO/IEC 27001 , . KS X ISO/IEC 27003:2011 2 3.1 ISMS (ISMS project) ISMS 4 4.1 ISMS . ISMS , , . ISMS 5 , . . a) ISMS (5.) b) ISMS ISMS (6.) c) (7.) d) (8

7、.) e) ISMS (9.) 1 ISMS 5 . 1 ISMS . A KS X ISO/IEC 27001 B C D E KS X ISO/IEC 27003:2011 3 4.2 . a) . b) . . . ISMS . . . , . . ISMS , . . . , ISMS ( , , , ISMS ) . 4.3 . 2 , . KS X ISO/IEC 27003:2011 4 2 ISMS . . ( ) . . A B , C A B . KS X ISO/IEC 27003:2011 5 5 ISMS 5.1 ISMS ISMS . ISMS . , . ： IS

8、MS . ISMS ISMS . , ISMS . ISMS , ISMS . , ISMS , . ISMS . 3 ISMS . 5. (ISMS ) 7. ( ) KS X ISO/IEC 27001 . , . KS X ISO/IEC 27003:2011 6 3 ISMS 5.2 ISMS ISMS , . KS X ISO/IEC 27003:2011 7 a) b) c) , ISMS . ISMS . ISMS ISMS ISMS . ISMS . a) ： ISMS ? b) ： ISMS ? c) ： ISMS ? . a) 1) ? 2) ? 3) 3 ? 4) ? b

9、) 1) ? 2) , ( , , ) ? c) 1) ? 2) ? d) 1) ( ) ? 2) , (SLA) ? e) 1) ? f) 1) , ? 2) ? 3) ? g) 1) ? KS X ISO/IEC 27003:2011 8 2) ? h) 1) ? 2) ? ISMS , ISMS . ISMS ISMS . KS X ISO/IEC 27001 4.2.1 a) , , , . . a) ? b) ( , ) ? c) ISMS ( , )? d) ? , , ? ISMS . a) b) c) / / d) KS X ISO/IEC KS X ISO/IEC e) f)

10、 g) h) i) . a) ISMS , b) , c) , , , , KS Q ISO 9001, KS I ISO 14001, KS X ISO/IEC 20000 1 5.3 ISMS 5.3.1 ISMS KS X ISO/IEC 27003:2011 9 ISMS ISMS , ISMS . 5.2, ISMS ISMS , ISMS . ISMS . ISMS . ISMS , . a) b) c) (5.2 ) d) ISMS , , , e) , , f) , , , ISMS . ISMS . . ISMS , KS X ISO/IEC 27001 . 5.3.2 IS

11、MS ISMS . a) 5.3.1, ISMS b) ISMS ISMS . . , , , . , KS X ISO/IEC 27003:2011 10 . , ( , ) . , . . . a) . b) . c) . . ISMS , , . ISMS . , . , ISMS , , , . ISMS . B ISMS . 5.4 ISMS ISMS . a) 5.2, ISMS b) 5.3, ISMS 1) ISMS 2) ISMS 6. 9. , , . ISMS , ISMS . ISMS . KS X ISO/IEC 27003:2011 11 ISMS , . a) b

12、) c) ISMS d) ISMS e) f) g) h) ( ) i) j) k) l) m) 6. 9. . ISMS ISMS ISMS . ISMS . , ISMS . ISMS , . ISMS . a) ISMS , , , , , b) c) d) . a) ISMS b) c) ( , , , ) ISMS ISMS ISO/IEC 27000： 2009 . 6 ISMS , 6.1 ISMS , KS X ISO/IEC 27003:2011 12 ISMS ISMS , ISMS , . ISMS ISMS , ISMS . . ： ISMS , ISMS . KS X ISO/IEC 27001, 4.2.1 a) 4.2.1 b) “ISMS ” . a) b) c) d) KS X ISO/IEC 27001, 4.2.1 a) b) ( , , , , ) e) ISMS ISMS . ISMS . , . ISMS . , ISMS . ISMS . , “ ” , , ( ) ISM