标准科学
標準科學
표준과학
STANDARD SCIENCE
2014年
10期
53-57
,共5页
ISO 27001%ISO 20000%融合%体系
ISO 27001%ISO 20000%融閤%體繫
ISO 27001%ISO 20000%융합%체계
ISO 27001%ISO 20000%integration%system
随着社会的发展,组织业务和IT之间融合紧密。为此ISO组织提出了ISO 27001和ISO 20000等体系用于管理组织的IT应用,但组织内部实施多个体系时容易造成冲突和不一致现象。为此,本文提出将不同体系的具体内容划分为通用和专用部分,对通用部分采用不同形式的融合,对专用部分从服务出发,先识别各服务流程再进行信息安全风险评估和选择安全控制措施,进而构建IT服务体系和信息安全管理体系。
隨著社會的髮展,組織業務和IT之間融閤緊密。為此ISO組織提齣瞭ISO 27001和ISO 20000等體繫用于管理組織的IT應用,但組織內部實施多箇體繫時容易造成遲突和不一緻現象。為此,本文提齣將不同體繫的具體內容劃分為通用和專用部分,對通用部分採用不同形式的融閤,對專用部分從服務齣髮,先識彆各服務流程再進行信息安全風險評估和選擇安全控製措施,進而構建IT服務體繫和信息安全管理體繫。
수착사회적발전,조직업무화IT지간융합긴밀。위차ISO조직제출료ISO 27001화ISO 20000등체계용우관리조직적IT응용,단조직내부실시다개체계시용역조성충돌화불일치현상。위차,본문제출장불동체계적구체내용화분위통용화전용부분,대통용부분채용불동형식적융합,대전용부분종복무출발,선식별각복무류정재진행신식안전풍험평고화선택안전공제조시,진이구건IT복무체계화신식안전관리체계。
The businesses of organizations are closely connected with IT as the development of society. It is suggested that the ISO standards systems, such as ISO 27001 and ISO 20000, can be applied in the management of organization. However, if several systems are implemented in an organization at the same time, it is easy to cause conflicts and disagreement.The paper divides the contents of different systems into two parts:common part and private part. The common part can be integrated in different forms. In term of the private part, at first, all service progresses should be recognized, then the information safety risk evaluation be conducted and safety control measures be selected, constructing the ISO service system and information safety management system.
