《《ISO27001_2016中英文版》.pdf

1 ISO/IEC 27001:2005(E) ISO 标准——IEC 27001:2005 信息安全管理体系—— 规范与使用指南 Reference number ISO/IEC 27001:2005(E) 翻译：左金龙 © ISO/IEC 2005 – All rights reserved 仅限于培训交流用，请勿用于商业用途   henry_zuo@  2 ISO/IEC 27001:2005(E) 0 简介 0 Introduction 0.1 总则 0.1 General This International Standard has been prepared to provide a model for 本国际标准的目的是提供建立、实施、运作、 establishing, implementing, operating, monitoring, reviewing, maintaining and 监控、评审、维护和改进信息安全管理体系  improving an Information Security Management System (ISMS). The adoption of （ISMS）的模型。采用 ISMS 应是一个组织 an ISMS should be a strategic decision for an organization. The design and 的战略决定。组织 ISMS 的设计和实施受业 implementation of an organization’s ISMS is influenced by their needs and 务需求和目标、安全需求、应用的过程及组 objectives, security requirements, the processes employed and the size and 织的规模、结构的影响。上述因素和他们的 structure of the organization. These and their supporting systems are expected to 支持系统预计会随事件而变化。希望根据组 change over time. It is expected that an ISMS implementation will be scaled 织的需要去扩充 ISMS 的实施，如，简单的 in accordance with the needs of the organization, e.g. a simple situation 环境是用简单的 ISMS 解决方案。 本国际标 requires a simple ISMS solution. 准可以用于内部、外部评估其符合 性。 This International Standard can be used in order to assess conformance by 0.2 过程方法 interested internal and external parties. 0.2 Process approach 本国际标准鼓