铁路服务之信息安全评估(ISO27001:2005)
Railway Business Services -Information Security Assessment(ISO27001:2005)
ISO/IEC 27001规定了信息安全管理体系,旨在在管理控制下带来信息安全并给出具体要求。符合条件的组织经审核成功后,可由认证机构认证。
ISO/IEC 27001 specifies a management system that is intended to bring information security under management control and gives specific requirements. Organizations that meet the requirements may be certified by an accredited certification body following successful completion of an audit <https://en.wikipedia.org/wiki/Audit>.
●通过定义、评估和控制风险,确保经营的持续性和能力
By defining, evaluating and controlling risks to ensure continuity and capability of operation
●减少由于合同违规行为以及直接触犯法律法规要求所造成的责任
Reducing responsibility arising from breach of contract and direct violation of laws and regulations
●通过遵守国际标准提高企业竞争能力,提升企业形象
Enhancing corporate competitiveness and corporate image by observing international standards
●明确定义所有组织的内部和外部的信息接口目标:谨防数据的误用和丢失
Clearly defining internal and external information interface objectives of all organizations:beware of misuse and loss of data
●建立安全工具使用方针Establishing safety tools usage policy
●谨防技术诀窍的丢失Be alert to the loss of technical know-how
●在组织内部增强安全意识Enhancing safety awareness within the organization
●可作为公共会计审计的证据Be used as evidence of public accounting audit
