GBZ32916-2016 English PDFUS$1359.00 · In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email. GBZ32916-2016: Information technology -- Security techniques -- Guidelines for information security control auditors Status: Obsolete
Basic dataStandard ID: GB/Z 32916-2016 (GB/Z32916-2016)Description (Translated English): Information technology -- Security techniques -- Guidelines for information security control auditors Sector / Industry: National Standard Classification of Chinese Standard: L80 Word Count Estimation: 34,314 Date of Issue: 2016-08-29 Date of Implementation: 2017-03-01 Regulation (derived from): National Standard Announcement 2016 No.14 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China GBZ32916-2016: Information technology -- Security techniques -- Guidelines for information security control auditors---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. (Information technology - Security techniques - Guidelines for information security control auditors) ICS 35.040 L80 People's Republic of China national standardization of technical guidance documents Information Technology Security Technology Information security control auditors (ISO /IEC TR27008.2011, IDT) 2016-08-29 released 2017-03-01 Implementation General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China China National Standardization Administration released Directory Foreword Ⅲ Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and definitions 1 4 Structure of this guidance document5 background 1 6 Information Security Control Review 2 6.1 Review process 2 6.2 Resources 4 7 method of assessment 4 7.1 Overview 4 7.2 Review methods 7.2.1 General 5 7.2.2 Attributes 5 7.3 Review Methods. Interview 6 7.3.1 General 6 7.3.2 Depth attributes 7 7.3.3 Breadth Properties 7 7.4 Assessment methods. Test 7 7.4.1 Summary 7 7.4.2 Test Type 8 7.4.3 Extensions Review Procedures 9 8 Events 9 8.1 Preparation 9 8.2 Planning 10 8.2.1 Overview 10 8.2.2 Range 11 8.2.3 Review Procedures 11 8.2.4 Object Related Considerations 11 8.2.5 Past Discovery 12 8.2.6 Allocation of work 13 8.2.7 External System 8.2.8 Information assets and organization 13 8.2.9 Extended Review Procedures 13 8.2.10 Optimization 13 8.2.11 finalized 8.3 Implementation Review 14 8.4 Analyze and report the results 14 Appendix A (Informative) Technical Compliance Check Practice Guideline 16 Appendix B (Informative) Initial Information Collection (Except Information Technology) 26 References 29ForewordThis instructional document has been drafted in accordance with the rules given in GB/T 1.1-2009. This guidance document uses the translation method equivalent to the International Technical Report ISO /IEC TR27008.2011 "Information Technology Security Technical Auditor Information Security Control Review Guide "(in English). According to China's national conditions and the provisions of GB/T 1.1, do the following editors Sexual modification. --- Blind measurement, also known as black box test, plus a label "(black box test)"; --- Transparent box test Also known as white box test, plus a mark "(white box test)." Please note that some of this document may be patentable. The issuing agencies of this document do not bear the responsibility of identifying these patents. This Guidance Document is proposed and managed by the National Technical Committee for Information Security Standardization (SAC/TC260). The drafting of the guidance of technical documents. China Electronics Standardization Institute, China National Accreditation Center for Conformity Assessment, industry and letter Electronics Institute of the Fifth Institute, Beijing 赛 West Certification Co., Ltd., Beijing Times Granville Information Technology Co., Ltd.. The main drafters of this technical guidance. Ni Wenjing, Dong Tao, Liu Jian, Zhang Jie, Liu Xiaohong, Han Shuoxiang, Fu Zhigao, Duan Miao, Liu Xiaoyin, Wang Xinjie, Huang Junmei, Wei Jun.IntroductionThis guidance document supports the ISMS risk management as defined in ISO /IEC 27005 Management procedures, and GB/T 22081 contains the control measures. This guidance document provides guidelines for reviewing the organization's information security controls, for example, in organizations, business processes and systems Environment compliance check technology and so on. For a review of the elements of a management system, refer to ISO /IEC 27007. ISMS conformity assessment for certification purposes, please refer to GB/T 25067. Information Technology Security Technology Information security control auditors1 ScopeThis guidance document provides guidance for reviewing the implementation and operation of control measures, including technical compliance with information system control measures Sexual checks to meet the information security standards established by the organization. This guidance document is applicable to all types and sizes of organizations, including public and private companies, government agencies, non-profit organizations Exhibition information security review and technical compliance check. This technical guideline does not apply to management system audits.2 Normative referencesThe following documents for the application of this document is essential. For dated references, only the dated version applies to this article Pieces. For undated references, the latest edition (including all amendments) applies to this document. Information technology - Security technology - Information security management system overview and glossary (ISO /IEC 27000. 2009, IDT)3 Terms and definitionsGB/T 29246-2012 as defined by the following terms and definitions apply to this document. 3.1 Review object reviewobject Designated item to be reviewed. 3.2 The purpose of the review Describe the result of the review to be reached. 3.3 Security standards securityimplementationstandard Authorization of the security implementation of the specification file.4 The structure of this guidance documentThis guidance document contains a description of the information security control review process, including the technical compliance check. Chapter 5 is Background information, Chapter 6 provides an overview of information security controls reviews, Chapter 7 reviews methods and Chapter 8 reviews activities. Technical compliance check see Appendix A, initial information collection see Appendix B.5 backgroundThe selection of organizational information security controls should be based on the results of the risk assessment and as part of the information security risk management process, To reduce the risk to an acceptable level. However, for those organizations that decide not to implement ISMS, other ways ...... |
