41 lines
1.4 KiB
Markdown
41 lines
1.4 KiB
Markdown
---
|
||
title: "ISO-27001"
|
||
type: concept
|
||
tags:
|
||
- Security-Framework
|
||
- Compliance
|
||
- Information-Security
|
||
last_updated: 2026-04-14
|
||
---
|
||
|
||
# ISO-27001
|
||
|
||
## Definition
|
||
国际认可的信息安全管理体系(ISMS)标准,由国际标准化组织(ISO)和国际电工委员会(IEC)发布。ISO 27001 是企业信息安全管理的基准框架。
|
||
|
||
## OpenText Implementation
|
||
- 作为 OpenText 安全姿态框架(Posture Framework)的基础
|
||
- 2022 年更新,新增 11 个控制方面(control aspects)
|
||
- 支撑 [[Global Information Security Policy (GISP)]] 的框架基础
|
||
- 支撑 [[FedRAMP]] 等行业认证
|
||
|
||
## Key Controls
|
||
- 信息安全组织(Information Security Organization)
|
||
- 人力资源安全(Human Resource Security)
|
||
- 资产管理(Asset Management)
|
||
- 访问控制(Access Control)
|
||
- 加密(Cryptography)
|
||
- 物理与环境安全(Physical and Environmental Security)
|
||
- 操作安全(Operations Security)
|
||
- 通信安全(Communications Security)
|
||
- 系统获取、开发和维护(System Acquisition, Development and Maintenance)
|
||
- 供应商关系(Supplier Relationships)
|
||
- 信息安全事件管理(Information Security Incident Management)
|
||
- 业务连续性管理(Business Continuity Management)
|
||
- 合规性(Compliance)
|
||
|
||
## Connections
|
||
- [[Global Information Security Policy (GISP)]]:基于 ISO 27001 构建
|
||
- [[FedRAMP]]:基于 ISO 27001 之上
|
||
- [[OpenText]]:采用该标准的企业
|