SANS 24762-2008 Information technology - Security techniques - Guidelines for information and communications technology disaster recovery services《信息技术 安全技术 信息和通信技术故障恢复服务用指南》.pdf
《SANS 24762-2008 Information technology - Security techniques - Guidelines for information and communications technology disaster recovery services《信息技术 安全技术 信息和通信技术故障恢复服务用指南》.pdf》由会员分享,可在线阅读,更多相关《SANS 24762-2008 Information technology - Security techniques - Guidelines for information and communications technology disaster recovery services《信息技术 安全技术 信息和通信技术故障恢复服务用指南》.pdf(80页珍藏版)》请在麦多课文档分享上搜索。
1、 Collection of SANS standards in electronic format (PDF) 1. Copyright This standard is available to staff members of companies that have subscribed to the complete collection of SANS standards in accordance with a formal copyright agreement. This document may reside on a CENTRAL FILE SERVER or INTRA
2、NET SYSTEM only. Unless specific permission has been granted, this document MAY NOT be sent or given to staff members from other companies or organizations. Doing so would constitute a VIOLATION of SABS copyright rules. 2. Indemnity The South African Bureau of Standards accepts no liability for any
3、damage whatsoever than may result from the use of this material or the information contain therein, irrespective of the cause and quantum thereof. ISBN 978-0-626-21375-6 SANS 24762:2008Edition 1ISO/IEC 24762:2008Edition 1SOUTH AFRICAN NATIONAL STANDARD Information technology Security techniques Guid
4、elines for information and communications technology disaster recovery services This national standard is the identical implementation of ISO/IEC 24762:2008 and is adopted with the permission of the International Organization for Standardization and the International Electrotechnical Commission. Pub
5、lished by Standards South Africa 1 dr lategan road groenkloof private bag x191 pretoria 0001 tel: 012 428 7911 fax: 012 344 1568 international code + 27 12 www.stansa.co.za Standards South Africa SANS 24762:2008 Edition 1 ISO/IEC 24762:2008 Edition 1 Table of changes Change No. Date Scope National f
6、oreword This South African standard was approved by National Committee StanSA SC 71F, Information technology Information security, in accordance with procedures of Standards South Africa, in compliance with annex 3 of the WTO/TBT agreement. This standard was published in May 2008. Reference numberIS
7、O/IEC 24762:2008(E)ISO/IEC 2008INTERNATIONAL STANDARD ISO/IEC24762First edition2008-02-01Information technology Security techniques Guidelines for information and communications technology disaster recovery services Technologies de linformation Techniques de scurit Lignes directrices pour les servic
8、es de secours en cas de catastrophe dans les technologies de linformation et des communications SANS 24762:2008This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 24762:2008(E) PDF disclaimer This PDF file may contain embedded typefaces.
9、In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing A
10、dobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized f
11、or printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2008 All rights reserved. Unle
12、ss otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO c
13、opyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2008 All rights reservedSANS 24762:2008This s tandard may only be used and printed by approved subscription and freemailing clien
14、ts of the SABS .ISO/IEC 24762:2008(E) ISO/IEC 2008 All rights reserved iiiContents Page Foreword. v 0 Introduction vi 0.1 General vi 0.2 Structure . vi 0.3 Framework. vii 0.4 Interpretation of clauses . viii 1 Scope . 1 1.1 General. 1 1.2 Exclusions . 1 1.3 Audience 1 2 Normative references . 2 3 Te
15、rms and definitions. 2 4 Abbreviated terms 3 5 ICT disaster recovery . 3 5.1 General. 3 5.2 Environmental stability 4 5.3 Asset management. 4 5.4 Proximity of site 5 5.5 Vendor management 5 5.6 Outsourcing arrangements 7 5.7 Information security . 8 5.8 Activation and deactivation of disaster recove
16、ry plan . 9 5.9 Training and education 11 5.10 Testing on ICT systems 12 5.11 Business continuity planning for ICT DR service providers 12 5.12 Documentation and periodic review. 14 6 ICT disaster recovery facilities 14 6.1 General. 14 6.2 Location of recovery sites . 14 6.3 Physical access controls
17、 . 16 6.4 Physical facility security 19 6.5 Dedicated areas 24 6.6 Environmental controls 25 6.7 Telecommunications 26 6.8 Power supply. 27 6.9 Cable management. 29 6.10 Fire protection. 30 6.11 Emergency operations center (EOC) 32 6.12 Restricted facilities. 34 6.13 Non-recovery amenities . 37 6.14
18、 Physical facilities and support equipment life cycle 38 6.15 Testing . 40 7 Outsourced service providers capability 41 7.1 General. 41 7.2 Review organization disaster recovery status 41 7.3 Facilities requirements. 43 7.4 Expertise 43 7.5 Logical access control . 45 SANS 24762:2008This s tandard m
19、ay only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 24762:2008(E) iv ISO/IEC 2008 All rights reserved7.6 ICT equipment and operation readiness 47 7.7 Simultaneous recovery support 49 7.8 Levels of service . 50 7.9 Types of service 50 7.10 Proximity of se
20、rvices 51 7.11 Subscription ratio for shared services . 52 7.12 Activation of subscribed services. 52 7.13 Organization testing . 53 7.14 Changes in capability . 53 7.15 Emergency response plan . 54 7.16 Self assessment 57 8 Selection of recovery sites. 58 8.1 General . 58 8.2 Infrastructure. 59 8.3
21、 Skilled manpower and support 59 8.4 Critical mass of vendors and suppliers 59 8.5 Local service providers track records . 59 8.6 Proactive local support 60 9 Continuous Improvement. 60 9.1 General . 60 9.2 ICT DR trends 60 9.3 Performance measurement 61 9.4 Scalability. 62 9.5 Risk mitigation. 62 A
22、nnex A (informative) Correspondence between ISO/IEC 27002:2005 and this International Standard. 64 Bibliography . 67 SANS 24762:2008This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 24762:2008(E) ISO/IEC 2008 All rights reserved vForewo
23、rd ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical co
24、mmittees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in th
- 1.请仔细阅读文档,确保文档完整性,对于不预览、不比对内容而直接下载带来的问题本站不予受理。
- 2.下载的文档,不会出现我们的网址水印。
- 3、该文档所得收入(下载+内容+预览)归上传者、原创作者;如果您是本文档原作者,请点此认领!既往收益都归您。
下载文档到电脑,查找使用更方便
10000 积分 0人已下载
下载 | 加入VIP,交流精品资源 |
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- SANS247622008INFORMATIONTECHNOLOGYSECURITYTECHNIQUESGUIDELINESFORINFORMATIONANDCOMMUNICATIONSTECHNOLOGYDISASTERRECOVERYSERVICES

链接地址:http://www.mydoc123.com/p-1030188.html