标准号:BS 7799-3-2006
中文标准名称:信息安全管理系统.信息安全性风险管理指南
英文标准名称:Information security management systems - Guidelines for information security risk management
标准类型:A90
发布日期:2006/3/17 12:00:00
实施日期:2006/3/17 12:00:00
中国标准分类号:A90
国际标准分类号:35.020;35.040
引用标准:BS ISO/IEC 27001-2005
适用范围:This British Standard gives guidance to support the requirements givenin BS ISO/IEC 27001:2005 regarding all aspects of an ISMS riskmanagement cycle. This cycle includes assessing and evaluating therisks, implementing controls to treat the risks, monitoring andreviewing the risks, and maintaining and improving the system of riskcontrols.The focus of this standard is effective information security through anongoing programme of risk management activities. This focus istargeted at information security in the context of an organization’sbusiness risks.The guidance set out in this British Standard is intended to be applicableto all organizations, regardless of their type, size and nature of business.It is intended for those business managers and their staff involved inISMS (Information Security Management System) risk managementactivities.