GB/Z 24364-2009 English PDF (GBZ24364-2009)
GB/Z 24364-2009 English PDF (GBZ24364-2009)
Regular price
$350.00 USD
Regular price
Sale price
$350.00 USD
Unit price
/
per
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/Z 24364-2009
Historical versions: GB/Z 24364-2009
Preview True-PDF (Reload/Scroll if blank)
GB/Z 24364-2009: Information security technology -- Guidelines for information security risk management
GBZ 24364-2009
GB /Z 24364-2009
Information security technology.Guidelines for information security risk management
ICS 35.040
L80
National Standardization Technical Document of the People's Republic of China
GB /Z24364-2009
Information security technology
Information Security Risk Management Guide
Released on.2009-09-30
2009-12-01 implementation
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China
China National Standardization Administration issued
Content
Foreword III
Introduction IV
1 range 1
2 Normative references 1
3 Terms and Definitions 1
4 Information Security Risk Management Overview 2
4.1 Scope and Objects of Information Security Risk Management 2
4.2 Content and Process of Information Security Risk Management 2
4.3 Relationship between information security risk management and information system life cycle and information security objectives 3
4.4 Role and Responsibilities of Information Security Risk Management Personnel 4
5 background establishment 5
5.1 Background Establishment Overview 5
5.2 Background establishment process 5
5.3 Background Establishment Document 8
6 Risk Assessment 8
6.1 Overview of Risk Assessment 8
6.2 Risk Assessment Process 9
6.3 Risk Assessment Document 12
7 Risk Management 13
7.1 Overview of Risk Management 13
7.2 Risk Processing Process 14
7.3 Risk Management Document 17
8 Approval supervision 17
8.1 Approval Supervision Overview 17
8.2 Approval of the supervision process 17
8.3 Approval of the supervision document 20
9 Monitoring review 20
9.1 Overview of Monitoring Review 20
9.2 Monitoring review process 20
9.3 Monitoring Review Document 23
10 Communication Advisory 23
10.1 Overview of Communication Consulting 23
10.2 Communication Advisory Process 24
10.3 Communication Advisory Document 27
11 Information Security Risk Management in the Information System Planning Phase 27
11.1 Safety objectives and safety requirements 27
11.2 Processes and Activities of Risk Management 27
12 Information Security Risk Management in the Information System Design Phase 29
GB /Z24364-2009
12.1 Safety objectives and safety requirements 29
12.2 Process and activities of risk management 29
13 Information Security Risk Management in the Information System Implementation Phase 31
13.1 Safety objectives and safety requirements 31
13.2 Process and activities of risk management 31
14 Information Security Risk Management in the Operation and Maintenance Phase of the Information System 32
14.1 Security Objectives and Security Requirements 32
14.2 Processes and Activities for Risk Management 33
15 Information security risk management during the obsolescence phase of the information system 34
15.1 Security objectives and security requirements 34
15.2 Risk Management Processes and Activities 34
Appendix A (informative) Risk Management Reference Model and its requirements and measures 36
A. 1 Risk Management Reference Model 36
A. 2 Risk management needs and measures 36
Reference 39
GB /Z24364-2009
Foreword
Appendix A of this guidance document is an informative annex.
This guidance technical document is proposed and managed by the National Information Security Standardization Technical Committee.
This guiding technical document drafting unit. National Information Center Information Security Research and Service Center, China Telecom Co., Ltd. Beijing
Research Institute.
The main drafters of this guiding technical document. Wu Yafei, Zhang Jian, Fan Hong, Liu Wei, Zhao Yang.
GB /Z24364-2009
introduction
An organization must use its resources to accomplish its mission. In the information age, information has become the first strategic resource, and it is still the key
Important role. Therefore, the security of information assets is a matter of whether the institution can fulfill its mission. Assets and risks are born one
For contradictions, the higher the value of the asset, the greater the risk. Information assets have different characteristics from traditional assets and face new risks.
The purpose of information security risk management is to alleviate and balance this contradiction, control the risk to an acceptable level, and protect the information and its phase.
Assets are ultimately guaranteed to fulfill their mission.
Information security risk management is a basic work in information security protection, mainly in the following aspects.
The ideas and measures of information security risk management should be reflected in the technology, organization and management of the information security system. due to
There are related risks in the technology, organization and management of the information security system. Therefore, in the information security system, technology
The idea of risk management should be introduced in surgery, organization and management to accurately assess risks and deal with risks reasonably, and jointly realize information security.
The goal.
The ideas and measures of information security risk management should run through the entire process of the information system life cycle. Information system life cycle includes
Five stages of planning, design, implementation, operation and maintenance. There are risks associated with each phase, as well as information security risk management.
The ideas are dealt with and controlled by risk management measures.
The idea and measures of information security risk management are a strong support for implementing the information security level protection system. Information security risk management
According to the idea and principle of information security level protection, distinguish primary and secondary, balance cost and benefit, rationally deploy and utilize information security protection mechanism,
Key infrastructure such as trust system, monitoring system and emergency response, select and determine appropriate safety control measures to ensure
Have the information security capabilities needed to accomplish their mission.
In order to implement the requirements of the state to strengthen information security assurance work, and to develop the information technology level protection system, the development of this guiding technology
Documentation. This guidance document can be used in conjunction with GB/T 20984 and can be used as an organization to establish an Information Security Management System (ISMS).
Reference.
This guidance document refers to the relevant standards of international information security risk management such as ISO /IEC 27005, and has been
Pilot verification of industry and region. Standards for background establishment, risk assessment, risk management, and approval of information security risk management
Various processes such as supervision, monitoring and review, communication and consultation have been comprehensively described, and information security risk management is at all stages of the information system life cycle.
The application of the segment was systematically elaborated.
The term “risk management” as used in the terms of this guidance document is “information security risk management”.
The document with the title number listed in this guidance document is exemplary and its format and details are not specified.
GB /Z24364-2009
Information security technology
Information Security Risk Management Guide
1 range
This guidance document specifies the content and process of information security risk management, and information for different stages of the info...
Get QUOTATION in 1-minute: Click GB/Z 24364-2009
Historical versions: GB/Z 24364-2009
Preview True-PDF (Reload/Scroll if blank)
GB/Z 24364-2009: Information security technology -- Guidelines for information security risk management
GBZ 24364-2009
GB /Z 24364-2009
Information security technology.Guidelines for information security risk management
ICS 35.040
L80
National Standardization Technical Document of the People's Republic of China
GB /Z24364-2009
Information security technology
Information Security Risk Management Guide
Released on.2009-09-30
2009-12-01 implementation
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China
China National Standardization Administration issued
Content
Foreword III
Introduction IV
1 range 1
2 Normative references 1
3 Terms and Definitions 1
4 Information Security Risk Management Overview 2
4.1 Scope and Objects of Information Security Risk Management 2
4.2 Content and Process of Information Security Risk Management 2
4.3 Relationship between information security risk management and information system life cycle and information security objectives 3
4.4 Role and Responsibilities of Information Security Risk Management Personnel 4
5 background establishment 5
5.1 Background Establishment Overview 5
5.2 Background establishment process 5
5.3 Background Establishment Document 8
6 Risk Assessment 8
6.1 Overview of Risk Assessment 8
6.2 Risk Assessment Process 9
6.3 Risk Assessment Document 12
7 Risk Management 13
7.1 Overview of Risk Management 13
7.2 Risk Processing Process 14
7.3 Risk Management Document 17
8 Approval supervision 17
8.1 Approval Supervision Overview 17
8.2 Approval of the supervision process 17
8.3 Approval of the supervision document 20
9 Monitoring review 20
9.1 Overview of Monitoring Review 20
9.2 Monitoring review process 20
9.3 Monitoring Review Document 23
10 Communication Advisory 23
10.1 Overview of Communication Consulting 23
10.2 Communication Advisory Process 24
10.3 Communication Advisory Document 27
11 Information Security Risk Management in the Information System Planning Phase 27
11.1 Safety objectives and safety requirements 27
11.2 Processes and Activities of Risk Management 27
12 Information Security Risk Management in the Information System Design Phase 29
GB /Z24364-2009
12.1 Safety objectives and safety requirements 29
12.2 Process and activities of risk management 29
13 Information Security Risk Management in the Information System Implementation Phase 31
13.1 Safety objectives and safety requirements 31
13.2 Process and activities of risk management 31
14 Information Security Risk Management in the Operation and Maintenance Phase of the Information System 32
14.1 Security Objectives and Security Requirements 32
14.2 Processes and Activities for Risk Management 33
15 Information security risk management during the obsolescence phase of the information system 34
15.1 Security objectives and security requirements 34
15.2 Risk Management Processes and Activities 34
Appendix A (informative) Risk Management Reference Model and its requirements and measures 36
A. 1 Risk Management Reference Model 36
A. 2 Risk management needs and measures 36
Reference 39
GB /Z24364-2009
Foreword
Appendix A of this guidance document is an informative annex.
This guidance technical document is proposed and managed by the National Information Security Standardization Technical Committee.
This guiding technical document drafting unit. National Information Center Information Security Research and Service Center, China Telecom Co., Ltd. Beijing
Research Institute.
The main drafters of this guiding technical document. Wu Yafei, Zhang Jian, Fan Hong, Liu Wei, Zhao Yang.
GB /Z24364-2009
introduction
An organization must use its resources to accomplish its mission. In the information age, information has become the first strategic resource, and it is still the key
Important role. Therefore, the security of information assets is a matter of whether the institution can fulfill its mission. Assets and risks are born one
For contradictions, the higher the value of the asset, the greater the risk. Information assets have different characteristics from traditional assets and face new risks.
The purpose of information security risk management is to alleviate and balance this contradiction, control the risk to an acceptable level, and protect the information and its phase.
Assets are ultimately guaranteed to fulfill their mission.
Information security risk management is a basic work in information security protection, mainly in the following aspects.
The ideas and measures of information security risk management should be reflected in the technology, organization and management of the information security system. due to
There are related risks in the technology, organization and management of the information security system. Therefore, in the information security system, technology
The idea of risk management should be introduced in surgery, organization and management to accurately assess risks and deal with risks reasonably, and jointly realize information security.
The goal.
The ideas and measures of information security risk management should run through the entire process of the information system life cycle. Information system life cycle includes
Five stages of planning, design, implementation, operation and maintenance. There are risks associated with each phase, as well as information security risk management.
The ideas are dealt with and controlled by risk management measures.
The idea and measures of information security risk management are a strong support for implementing the information security level protection system. Information security risk management
According to the idea and principle of information security level protection, distinguish primary and secondary, balance cost and benefit, rationally deploy and utilize information security protection mechanism,
Key infrastructure such as trust system, monitoring system and emergency response, select and determine appropriate safety control measures to ensure
Have the information security capabilities needed to accomplish their mission.
In order to implement the requirements of the state to strengthen information security assurance work, and to develop the information technology level protection system, the development of this guiding technology
Documentation. This guidance document can be used in conjunction with GB/T 20984 and can be used as an organization to establish an Information Security Management System (ISMS).
Reference.
This guidance document refers to the relevant standards of international information security risk management such as ISO /IEC 27005, and has been
Pilot verification of industry and region. Standards for background establishment, risk assessment, risk management, and approval of information security risk management
Various processes such as supervision, monitoring and review, communication and consultation have been comprehensively described, and information security risk management is at all stages of the information system life cycle.
The application of the segment was systematically elaborated.
The term “risk management” as used in the terms of this guidance document is “information security risk management”.
The document with the title number listed in this guidance document is exemplary and its format and details are not specified.
GB /Z24364-2009
Information security technology
Information Security Risk Management Guide
1 range
This guidance document specifies the content and process of information security risk management, and information for different stages of the info...