第三版ISO/IEC 27002信息安全控制标准变化解析

Analysis of Changes in the Third Version of ISO/IEC 27002 Information Security Control Standard

围绕ISO/IEC 27002,分析第三版ISO/IEC 27002修订思路,梳理第三版与ISO/IEC 27002:2013的总体变化内容,探讨解析其新理念,综述其新控制集的多种变化机制及其变化内容,以期使组织风险处置中的控制选择和信息安全控制的实现更加标准和科学。

Around ISO/IEC 27002,this paper analyzes the revision ideas of the third version of ISO/IEC 27002,combs the overall changes between the third version and ISO/IEC 27002:2013,discusses and analyzes its new ideas,and summarizes various change mechanisms and change contents of its new control set,so as to make the control selection in organizational risk disposal and the realization of information security control more standard and scientific.