Informationssikkerhed - DS/ISO/IEC 27001 - preview
Click here to load reader
-
Upload
dansk-standard -
Category
Business
-
view
768 -
download
2
description
Transcript of Informationssikkerhed - DS/ISO/IEC 27001 - preview
![Page 1: Informationssikkerhed - DS/ISO/IEC 27001 - preview](https://reader037.fdocuments.us/reader037/viewer/2022100500/548897beb47959fb0c8b5747/html5/thumbnails/1.jpg)
Dansk standard
DS/ISO/IEC 27001
2. udgave
2007-06-06
Informationsteknologi – Sikkerheds-
teknikker – Ledelsessystemer for Informationssikkerhed (ISMS) – Krav
Information technology – Security techniques – Information security management systems – Requirements
![Page 2: Informationssikkerhed - DS/ISO/IEC 27001 - preview](https://reader037.fdocuments.us/reader037/viewer/2022100500/548897beb47959fb0c8b5747/html5/thumbnails/2.jpg)
DS-publikationstyper Dansk Standard udgiver forskellige publikationstyper. Typen på denne publikation fremgår af forsiden. Der kan være tale om: Dansk standard
• standard, der er udarbejdet på nationalt niveau, eller som er baseret på et andet lands nationale standard, eller • standard, der er udarbejdet på internationalt og/eller europæisk niveau, og som har fået status som dansk standard
DS-information • publikation, der er udarbejdet på nationalt niveau, og som ikke har opnået status som standard, eller • publikation, der er udarbejdet på internationalt og/eller europæisk niveau, og som ikke har fået status som standard, fx en
teknisk rapport, eller • europæisk præstandard DS-håndbog • samling af standarder, eventuelt suppleret med informativt materiale
DS-hæfte • publikation med informativt materiale
Til disse publikationstyper kan endvidere udgives
• tillæg og rettelsesblade DS-publikationsform Publikationstyperne udgives i forskellig form som henholdsvis
• fuldtekstpublikation (publikationen er trykt i sin helhed) • godkendelsesblad (publikationen leveres i kopi med et trykt DS-omslag) • elektronisk (publikationen leveres på et elektronisk medie)
DS-betegnelse Alle DS-publikationers betegnelse begynder med DS efterfulgt af et eller flere præfikser og et nr., fx DS 383, DS/EN 5414 osv. Hvis der efter nr. er angivet et A eller Cor, betyder det, enten at det er et tillæg eller et rettelsesblad til hovedstandarden, eller at det er indført i hovedstandarden. DS-betegnelse angives på forsiden. Overensstemmelse med anden publikation: Overensstemmelse kan enten være IDT, EQV, NEQ eller MOD
• IDT: Når publikationen er identisk med en given publikation. • EQV: Når publikationen teknisk er i overensstemmelse med en given publikation, men
præsentationen er ændret. • NEQ: Når publikationen teknisk eller præsentationsmæssigt ikke er i overensstemmelse med en
given standard, men udarbejdet på baggrund af denne. • MOD: Når publikationen er modificeret i forhold til en given publikation.
DS/ISO/IEC 27001 København DS projekt: M222176 ICS: 35.020 35.040 Første del af denne publikations betegnelse er: DS/ISO/IEC, hvilket betyder, at det er en international standard, der har status som dansk standard. Denne publikations overensstemmelse er: IDT med: ISO IEC 27001:2005. DS-publikationen er på dansk og engelsk. I tilfælde af tvivl om korrektheden af den danske oversættelse henvises til den engelske version. Denne publikation erstatter: DS/ISO/IEC 27001:2005. Publikationen forelå kun i engelsksproget version. Der er ikke foretaget ændringer i denne nye udgave, ud over at den danske oversættelse er indføjet. Der er tilføjet en dansk fodnote markeret med DK . Fodnoten er vejledende og udgør ikke en del af standarden.
![Page 3: Informationssikkerhed - DS/ISO/IEC 27001 - preview](https://reader037.fdocuments.us/reader037/viewer/2022100500/548897beb47959fb0c8b5747/html5/thumbnails/3.jpg)
Reference numberISO/IEC 27001:2005(E)
© ISO/IEC 2005
INTERNATIONAL STANDARD
ISO/IEC27001
First edition2005-10-15
Information technology — Security techniques — Information security management systems — Requirements
Technologies de l'information — Techniques de sécurité — Systèmes de gestion de sécurité de l'information — Exigences
![Page 4: Informationssikkerhed - DS/ISO/IEC 27001 - preview](https://reader037.fdocuments.us/reader037/viewer/2022100500/548897beb47959fb0c8b5747/html5/thumbnails/4.jpg)
ISO/IEC 27001:2005(E)
iii
Contents Page
Foreword............................................................................................................................................................ iv 0 Introduction ........................................................................................................................................... v 0.1 General................................................................................................................................................... v 0.2 Process approach................................................................................................................................. v 0.3 Compatibility with other management systems ............................................................................... vi 1 Scope ......................................................................................................................................................1 1.1 General....................................................................................................................................................1 1.2 Application .............................................................................................................................................1 2 Normative references ............................................................................................................................1 3 Terms and definitions ...........................................................................................................................2 4 Information security management system .........................................................................................3 4.1 General requirements............................................................................................................................3 4.2 Establishing and managing the ISMS..................................................................................................4 4.2.1 Establish the ISMS.................................................................................................................................4 4.2.2 Implement and operate the ISMS .........................................................................................................6 4.2.3 Monitor and review the ISMS................................................................................................................6 4.2.4 Maintain and improve the ISMS............................................................................................................7 4.3 Documentation requirements...............................................................................................................7 4.3.1 General....................................................................................................................................................7 4.3.2 Control of documents ...........................................................................................................................8 4.3.3 Control of records..................................................................................................................................8 5 Management responsibility ..................................................................................................................9 5.1 Management commitment ....................................................................................................................9 5.2 Resource management .........................................................................................................................9 5.2.1 Provision of resources..........................................................................................................................9 5.2.2 Training, awareness and competence.................................................................................................9 6 Internal ISMS audits.............................................................................................................................10 7 Management review of the ISMS........................................................................................................10 7.1 General..................................................................................................................................................10 7.2 Review input.........................................................................................................................................10 7.3 Review output ......................................................................................................................................11 8 ISMS improvement...............................................................................................................................11 8.1 Continual improvement.......................................................................................................................11 8.2 Corrective action..................................................................................................................................11 8.3 Preventive action .................................................................................................................................12 Annex A (normative) Control objectives and controls..................................................................................13 Annex B (informative) OECD principles and this International Standard ...................................................30 Annex C (informative) Correspondence between ISO 9001:2000, ISO 14001:2004 and this
International Standard.........................................................................................................................31 Bibliography ......................................................................................................................................................34
![Page 5: Informationssikkerhed - DS/ISO/IEC 27001 - preview](https://reader037.fdocuments.us/reader037/viewer/2022100500/548897beb47959fb0c8b5747/html5/thumbnails/5.jpg)
Indholdsfortegnelse
Side
Forord ....................................................................................................................................................................................... iv
0 Indledning ......................................................................................................................................................................... v0.1 Generelt ................................................................................................................................................................. v0.2 Procesorientering................................................................................................................................................. v0.3 Forenelighed med andre ledelses-/styringssystemer .................................................................................... vi
1 Emne og anvendelsesområde ...................................................................................................................................... 11.1 Generelt ................................................................................................................................................................. 11.2 Anvendelse ........................................................................................................................................................... 1
2 Normative referencer ..................................................................................................................................................... 1
3 Termer og definitioner.................................................................................................................................................... 2
4 Ledelsessystem for informationssikkerhed .............................................................................................................. 34.1 Generelle krav....................................................................................................................................................... 34.2 Etablering og styring af ISMS-systemet........................................................................................................... 4
4.2.1 Etablering af ISMS-systemet ................................................................................................................ 44.2.2 Implementering og drift af ISMS-systemet ........................................................................................ 64.2.3 Overvågning og revurdering af ISMS-systemet................................................................................ 64.2.4 Vedligeholdelse og forbedring af ISMS-systemet............................................................................. 7
4.3 Dokumentationskrav ........................................................................................................................................... 74.3.1 Generelt ................................................................................................................................................... 74.3.2 Styring af dokumenter........................................................................................................................... 84.3.3 Styring af registreringer ........................................................................................................................ 8
5 Ledelsens ansvar ............................................................................................................................................................. 95.1 Ledelsens forpligtelse.......................................................................................................................................... 95.2 Styring af ressourcer ........................................................................................................................................... 9
5.2.1 Tilvejebringelse af ressourcer............................................................................................................... 95.2.2 Uddannelse/træning, bevisthed og kompetence .............................................................................. 9
6 Interne ISMS-audit.......................................................................................................................................................... 10
7 Ledelsens evaluering af ISMS-systemet .................................................................................................................... 107.1 Generelt ................................................................................................................................................................. 107.2 Input til ledelsens evaluering.............................................................................................................................. 107.3 Output til ledelsens evaluering .......................................................................................................................... 11
8 Forbedring af ISMS-systemet ...................................................................................................................................... 118.1 Løbende forbedring............................................................................................................................................. 118.2 Korrigerende handlinger..................................................................................................................................... 118.3 Forebyggende handlinger .................................................................................................................................. 12
Anneks A (normativt) Styringsmål og foranstaltninger .............................................................................................. 13
Anneks B (informative) OECD-principper og denne internationale standard ......................................................... 30
Anneks C (informative) Sammenhæng mellem ISO 9001:2000, ISO 14001:2004 og denne internationale standard ......................................................................................... 31
Bibliografi................................................................................................................................................................................. 34
iii (da)
DS/ISO/IEC 27001:2007