版本说明：本中英文对照版仅用于学习，任何组织、个人不得以任何形式和理由收取费用， 如发现收费行为发布请在原链接下载：知识星球 -老烦的草根安全观 ISO/IEC JTC1 SC27 信息技术 网络安全与隐私 保护 信息安全控制 ISO/IEC 27002 20 22 翻译 樊山 2022 -3-3 目录 前言 ................................ ................................ ................................ ................................ .............................. 14 0 介绍 ................................ ................................ ................................ ................................ .......................... 16 0.1 Background and context 背景和环境 ................................ ................................ .................. 16 0.2 Information security requirements 信息安全需求 ................................ ............................ 17 0.3 Controls 控制 ................................ ................................ ................................ ............................. 18 0.4 Determining controls 确定控制 ................................ ................................ ............................ 18 0.5 Developing your own guidelines 开发自己的指南 ................................ .......................... 19 0.6 Lifecycle considerations 生命周期注意事项 ................................ ................................ ...... 20 0.7 Related standards 相关标准 ................................ ................................ ................................ .. 20 1 范围 ................................ ................................ ................................ ................................ .......................... 21 2 规范性引用 ................................ ................................ ................................ ................................ ............. 21 3 术语，定义和缩写词 ................................ ................................ ................................ ........................... 22 3.1 术语和定义 ................................ ................................ ................................ ................................ . 22 3.1.1 Access control 访问控制 ................................ ................................ ............................. 22 3.1.2 Asset 资产 ................................ ................................ ................................ ....................... 23 3.1.3 Attack 攻击 ................................ ................................ ................................ ..................... 23 3.1.4 Authentication 认证 ................................ ................................ ................................ ..... 24 3.1.5 Authenticity 真实性 ................................ ................................ ................................ ...... 24 3.1.6 Chain of custody 监管链 ................................ ................................ ............................. 24 3.1.7 Confidential information 机密信息 ................................ ................................ .......... 24 3.1.8 Control 控制 ................................ ................................ ................................ ................. 25 3.1.9 Disruption 破坏 ................................ ................................ ................................ ........... 25 3.1.10 Endpoint device 终端设备 ................................ ................................ ..................... 25 3.1.11 Entity 实体 ................................ ................................ ................................ ................. 26 3.1.12 Information processing facility 信息处理设施 ................................ ......... 26 3.1.13 Information security breach 信息安全漏洞 ................................ ......................... 26 3.1.14 Information security event 信息安全事件 ................................ ............................ 27 3.1.15 Information security incident 信息安全事故 ................................ ....................... 27 3.1.16 Infor mation security incident management 信息安全事件管理 .................... 27 3.1.17 Information system