Skip to product information
1 of 6

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 31722-2015 English PDF (GBT31722-2015)

GB/T 31722-2015 English PDF (GBT31722-2015)

Regular price $495.00 USD
Regular price Sale price $495.00 USD
Sale Sold out
Shipping calculated at checkout.
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 31722-2015
Historical versions: GB/T 31722-2015
Preview True-PDF (Reload/Scroll if blank)

GB/T 31722-2015: Information technology -- Security techniques -- Information security risk management
GB/T 31722-2015
Information technology-Security techniques-Information security risk management
ICS 35.040
L80
National Standards of People's Republic of China
Information Technology Security Technology
Information Security Risk Management
(ISO /IEC 27005..2008, IDT)
Published on.2015-06-02
2016-02-01 implementation
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China
Published by China National Standardization Administration
Contents
Foreword I
Introduction Ⅱ
1 range 1
2 Normative references 1
3 Terms and definitions 1
4 Structure of this standard 2
5 Background 3
6 Overview of Information Security Risk Management Process 3
7 Context Establishment 5
8 Information security risk assessment 7
9 Information Security Risk Disposal 13
10 Information Security Risk Acceptance 16
11 Information Security Risk Communication 16
12 Information security risk monitoring and review 17
Appendix A (informative) Determining the scope and boundaries of the information security risk management process 19
Appendix B (informative) Asset identification and valuation and impact assessment 22
Appendix C (informative) Examples of typical threats 28
Appendix D (informative) Vulnerability and vulnerability assessment methods 31
Appendix E (informative) Information security assessment methods 35
Appendix F (informative) Constraints on risk reduction 40
References 42
Foreword
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Please note that some elements of this document may involve patents. The issuer of this document is not responsible for identifying these patents.
This standard uses the translation method equivalent to ISO /IEC 27005..2008 Information Technology Security Technology Information Security Risk Management
Text version).
The following amendments have been made to this standard.
--- Made some editorial changes to the introduction.
This standard was proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
This standard was drafted. China National Institute of Electronic Standardization, Shanghai Sanlingwei Information Security Co., Ltd.
Uniform Application Co., Ltd., Shandong Provincial Computing Center, Beijing Information Security Evaluation Center.
The main drafters of this standard. Xu Yuna, Min Jinghua, Shangguan Xiaoli, Dong Huomin, Zhao Zhangjie, Li Gang, Zhou Mingle.
introduction
Information Security Management System standard family (InformationSecurityManagementSystem, ISMS standard family for short) is an international
A series of international standards for information security management systems formulated by the Information Security Technology Standardization Organization (ISO /IEC JTC1SC27). ISMS Standard
Families are designed to help organizations of all types and sizes, develop and implement a framework for managing the security of their information assets, and to protect organizational information such as,
Financial information, intellectual property, employee details, or information commissioned by customers or third parties) for independent assessment of ISMS.
The ISMS standard family includes standards. a) defining the requirements of the ISMS and its certification bodies; b) providing the entire planning-implementation-inspection
Direct support, detailed guidance and/or explanations of the process of “Discovery-Disposal” (PDCA) processes and requirements; c) elaboration of ISMS guidelines for specific industries; d) elaboration
Describes the consistency assessment of ISMS.
Currently, the ISMS standard family consists of the following standards.
--- GB/T 29246-2012 Information Technology Security Technology Information Security Management System Overview and Vocabulary
(ISO /IEC 27000..2009)
--- GB/T 22080-2008 Information Technology Security Technology Information Security Management System Requirements (ISO /IEC 27001.
2005)
--- GB/T 22081-2008 Information Technology Security Technology Practical Rules for Information Security Management (ISO /IEC 27002..2005)
--- GB/T 31496-2015 Information Technology Security Technology Information Security Management System Implementation Guide (ISO /IEC 27003.
2010)
--- GB/T 31497-2015 Information technology security technology Information security management measurement (ISO /IEC 27004..2009)
--- GB/T 25067-2010 Information technology security technology Information security management system audit certification requirements
(IEC 27006..2007)
--- ISO /IEC 27007..2011 Information Technology Security Technology Information Security Management System Audit Guide
--- ISO /IEC TR27008..2011 Information Technology Security Technology Information Security Control Measures Auditor's Guide
--- ISO /IEC 27010..2012 Information technology security technology Information security management for communication between industries and organizations
--- ISO /IEC 27011..2008 Information technology security technology Information based on ISO /IEC 27002 telecommunications industry organizations
Safety Management Guide
--- ISO /IEC 27013..2012 Information technology security technology ISO /IEC 27001 and ISO /IEC .20000-1 integrated implementation
guide
--- ISO /IEC 27014..2013 Information technology security technology Information security governance
--- ISO /IEC TR27015..2012 Information Technology Security Technology Financial Services Information Security Management Guide
As one of the ISMS family of standards, this standard provides guidance for the management of information security risks in an organization.
GB/T 22080 ISMS requirements. However, this standard does not provide any specific method for information security risk management. Determined by the organization
Its risk management approach depends on, for example, the scope of the organization's ISMS, the context of risk management, or the industry in which it operates. Some existing methods are available in this
Used under the framework of the standard description to achieve the requirements of ISMS.
Stakeholders of this standard include managers and employees who are concerned about information security risks within the organization and (where appropriate) support such activities
Outside parties.
Information Technology Security Technology
Information Security Risk Management
1 Scope
This standard provides guidance for information security risk management.
This standard supports the general concepts of the GB/T 22080 protocol, and is designed to meet the requirements for information security based on risk management methods.
All help.
Knowledge of the concepts, models, processes and terminologies described in GB/T 22080 and GB/T 22081.
important.
This standard applies to various types of organizations (e.g., business enterprises, government agencies, non-profit organizations) that expect management
Risks to their information security.
2 Normative references
The following documents are essential for the application of this document. For dated references, only the dated version applies to this article
Pieces. For undated references, the latest version (including all amendments) applies to this document.
GB/T 22080-2008 Information Technology Security Technology Information Security Management System Requirements (ISO /IEC 27001..2005,
IDT)
GB/T 22081-2008 Information Technology Security Technology Practical Rules for Information Security Management (ISO /IEC 27002..2005, IDT)
3 terms and definitions
The following terms and definitions defined in GB/T 22080-20...
View full details