|
US$1359.00 · In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email.
GBZ32916-2016: Information technology -- Security techniques -- Guidelines for information security control auditors
Status: Obsolete
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/Z 32916-2016 | English | 1359 |
Add to Cart
|
6 days [Need to translate]
|
Information technology -- Security techniques -- Guidelines for information security control auditors
| Obsolete |
GB/Z 32916-2016
|
PDF similar to GBZ32916-2016
Basic data | Standard ID | GB/Z 32916-2016 (GB/Z32916-2016) | | Description (Translated English) | Information technology -- Security techniques -- Guidelines for information security control auditors | | Sector / Industry | National Standard | | Classification of Chinese Standard | L80 | | Word Count Estimation | 34,314 | | Date of Issue | 2016-08-29 | | Date of Implementation | 2017-03-01 | | Regulation (derived from) | National Standard Announcement 2016 No.14 | | Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China | GBZ32916-2016: Information technology -- Security techniques -- Guidelines for information security control auditors
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
(Information technology - Security techniques - Guidelines for information security control auditors)
ICS 35.040
L80
People's Republic of China national standardization of technical guidance documents
Information Technology Security Technology
Information security control auditors
(ISO /IEC TR27008.2011, IDT)
2016-08-29 released
2017-03-01 Implementation
General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China
China National Standardization Administration released
Directory
Foreword Ⅲ
Introduction IV
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Structure of this guidance document
5 background 1
6 Information Security Control Review 2
6.1 Review process 2
6.2 Resources 4
7 method of assessment 4
7.1 Overview 4
7.2 Review methods
7.2.1 General 5
7.2.2 Attributes 5
7.3 Review Methods. Interview 6
7.3.1 General 6
7.3.2 Depth attributes 7
7.3.3 Breadth Properties 7
7.4 Assessment methods. Test 7
7.4.1 Summary 7
7.4.2 Test Type 8
7.4.3 Extensions Review Procedures 9
8 Events 9
8.1 Preparation 9
8.2 Planning 10
8.2.1 Overview 10
8.2.2 Range 11
8.2.3 Review Procedures 11
8.2.4 Object Related Considerations 11
8.2.5 Past Discovery 12
8.2.6 Allocation of work 13
8.2.7 External System
8.2.8 Information assets and organization 13
8.2.9 Extended Review Procedures 13
8.2.10 Optimization 13
8.2.11 finalized
8.3 Implementation Review 14
8.4 Analyze and report the results 14
Appendix A (Informative) Technical Compliance Check Practice Guideline 16
Appendix B (Informative) Initial Information Collection (Except Information Technology) 26
References 29
Foreword
This instructional document has been drafted in accordance with the rules given in GB/T 1.1-2009.
This guidance document uses the translation method equivalent to the International Technical Report ISO /IEC TR27008.2011 "Information Technology Security
Technical Auditor Information Security Control Review Guide "(in English). According to China's national conditions and the provisions of GB/T 1.1, do the following editors
Sexual modification.
--- Blind measurement, also known as black box test, plus a label "(black box test)";
--- Transparent box test Also known as white box test, plus a mark "(white box test)."
Please note that some of this document may be patentable. The issuing agencies of this document do not bear the responsibility of identifying these patents.
This Guidance Document is proposed and managed by the National Technical Committee for Information Security Standardization (SAC/TC260).
The drafting of the guidance of technical documents. China Electronics Standardization Institute, China National Accreditation Center for Conformity Assessment, industry and letter
Electronics Institute of the Fifth Institute, Beijing 赛 West Certification Co., Ltd., Beijing Times Granville Information Technology Co., Ltd..
The main drafters of this technical guidance. Ni Wenjing, Dong Tao, Liu Jian, Zhang Jie, Liu Xiaohong, Han Shuoxiang, Fu Zhigao, Duan Miao, Liu Xiaoyin,
Wang Xinjie, Huang Junmei, Wei Jun.
Introduction
This guidance document supports the ISMS risk management as defined in ISO /IEC 27005
Management procedures, and GB/T 22081 contains the control measures.
This guidance document provides guidelines for reviewing the organization's information security controls, for example, in organizations, business processes and systems
Environment compliance check technology and so on.
For a review of the elements of a management system, refer to ISO /IEC 27007. ISMS conformity assessment for certification purposes, please refer to
GB/T 25067.
Information Technology Security Technology
Information security control auditors
1 Scope
This guidance document provides guidance for reviewing the implementation and operation of control measures, including technical compliance with information system control measures
Sexual checks to meet the information security standards established by the organization.
This guidance document is applicable to all types and sizes of organizations, including public and private companies, government agencies, non-profit organizations
Exhibition information security review and technical compliance check. This technical guideline does not apply to management system audits.
2 Normative references
The following documents for the application of this document is essential. For dated references, only the dated version applies to this article
Pieces. For undated references, the latest edition (including all amendments) applies to this document.
Information technology - Security technology - Information security management system overview and glossary (ISO /IEC 27000.
2009, IDT)
3 Terms and definitions
GB/T 29246-2012 as defined by the following terms and definitions apply to this document.
3.1
Review object reviewobject
Designated item to be reviewed.
3.2
The purpose of the review
Describe the result of the review to be reached.
3.3
Security standards securityimplementationstandard
Authorization of the security implementation of the specification file.
4 The structure of this guidance document
This guidance document contains a description of the information security control review process, including the technical compliance check. Chapter 5 is
Background information, Chapter 6 provides an overview of information security controls reviews, Chapter 7 reviews methods and Chapter 8 reviews activities.
Technical compliance check see Appendix A, initial information collection see Appendix B.
5 background
The selection of organizational information security controls should be based on the results of the risk assessment and as part of the information security risk management process,
To reduce the risk to an acceptable level. However, for those organizations that decide not to implement ISMS, other ways
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GBZ32916-2016_English be delivered?Answer: Upon your order, we will start to translate GBZ32916-2016_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 6 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GBZ32916-2016_English with my colleagues?Answer: Yes. The purchased PDF of GBZ32916-2016_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|