|
US$519.00 ยท In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 33132-2016: Information security technology -- Guide of implementation for information security risk treatment
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 33132-2016 | English | 519 |
Add to Cart
|
5 days [Need to translate]
|
Information security technology -- Guide of implementation for information security risk treatment
| Valid |
GB/T 33132-2016
|
PDF similar to GB/T 33132-2016
Basic data | Standard ID | GB/T 33132-2016 (GB/T33132-2016) | | Description (Translated English) | Information security technology -- Guide of implementation for information security risk treatment | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.040 | | Word Count Estimation | 26,242 | | Date of Issue | 2016-10-13 | | Date of Implementation | 2017-05-01 | | Regulation (derived from) | National Standard Notice No.1716 of 2016 | | Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China | GB/T 33132-2016: Information security technology -- Guide of implementation for information security risk treatment
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology - Guide of implementation for information security risk treatment
ICS 35.040
L80
National Standards of People's Republic of China
Information Security Technology Information Security Risk Management
Implementation guide
2016-10-13 released
2017-05-01 implementation
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China
China National Standardization Management Committee released
Directory
Preface I
Introduction II
1 Scope 1
2 normative reference document 1
3 Terms and definitions 1
4 Overview of risk management implementation 2
4.1 Basic principles of risk management 2
4.2 How to deal with risk 2
4.3 Roles and Responsibilities of Risk Handling 3
4.4 the basic process of risk handling 3
5 Risk Handling Preparation 5
5.1 Develop risk management plan 5
5.2 Obtain management approval 6
6 Risk Management Implementation 6
6.1 Risk management plan development 6
6.2 Implementation of risk management plan 8
Evaluation of risk treatment effectiveness 8
7.1 Overview 8
7.2 Evaluation Principle 8
7.3 Evaluation methods 9
7.4 Evaluation program 9
7.5 Evaluation Implementation 9
7.6 Continuous improvement 10
Appendix A (Informative Appendix) Examples of Risk Handling Practices 11
A.1 Background 11
A.2 Preparation for risk management 12
A.3 Risk management implementation 14
A.4 Risk management evaluation 21
Reference 23
Foreword
This standard is drafted in accordance with the rules given in GB/T 1.1-2009.
Please note that some of the contents of this document may involve patents. The issuer of this document does not assume responsibility for the identification of these patents.
This standard is proposed by the National Information Security Standardization Technical Committee (SAC/TC260).
The drafting of this standard. State Information Center, Beijing Information Security Evaluation Center, China Civil Aviation University, Neusoft Group Co., Ltd.,
Beijing Digital Certified Co., Ltd., Xi'an Jiaotong Jetway Network Technology Co., Ltd.
The main drafters of this standard. Wu Yafei, Lu Kai, Chen Yonggang, Zhao Zhangjie, Ma Yong, Xi Fei, Chen Qingmin, He Jianfeng.
Introduction
Information security risk management is an important basic work in the work of information security, and its core idea is that the management object is facing
Of the information security risks to control. Information security risk management throughout the information system life cycle (planning, design, implementation, operation dimension
Care and disposal), the main work process, including risk assessment and risk management of the two basic steps. Risk assessment is a risk management pair
As the process of identifying, analyzing and evaluating the risks faced. Risk management is based on the results of risk assessment, selection and implementation of security measures
the process of.
To guide the various types of organizations to carry out information security risk management, in GB/T 20984-2007 "information security technology information security
Full risk assessment ", GB /Z24364-2009" information security technology information security risk management guide "and GB/T 31509-2015
"Information Security Technology Information Security Risk Assessment Implementation Guide" on the basis of this standard for the risk assessment work reflected in the various types of
Information security risk, from the risk management work organization, management, process, evaluation and other aspects of the relevant description, used to guide the formation of the customer
Concept, and standardize risk management programs to promote the improvement of risk management.
Information Security Technology Information Security Risk Management
Implementation guide
1 Scope
This standard gives the basic concept of information security risk management, processing principles, processing methods, processing processes and the effect of the end of the treatment
Fruit evaluation and other management processes and methods, and the process of the role and responsibilities were defined.
This standard applies to guide the use of information systems operating units and information security services to implement information security risk management activities.
2 normative reference documents
The following documents are indispensable for the application of this document. For dated references, only the dated edition applies to this article
Pieces. For undated references, the latest edition (including all modifications) applies to this document.
Information security technology - Information security risk assessment specification GB/T 20984-2007
Information security technology - Information security risk management guide GB /Z24364-2009
3 terms and definitions
GB/T 20984-2007, GB /Z24364-2009 and the following terms and definitions apply to this document.
3.1
Risk management
Select and implement measures to change the risk of the process.
[ISO /IEC Guide73..2002].
Note. In this standard, the term "control measures" is used as a synonym for "measures".
3.2
Risk avoidance riskelimination
Not involved in the decision of the risk situation or evacuation of the risk situation.
[ISO /IEC Guide73..2002].
3.3
Risk transfer
And the loss or benefit of the other party to the risk.
[ISO /IEC Guide73..2002].
Note. In the context of information security risks, only negative results (losses) are taken into account for risk transfer.
3.4
Risk reduction
Actions taken to reduce the likelihood of risk and/or negative results.
[ISO /IEC Guide73..2002].
3.5
To accept risk risk
Acceptance of loss or benefit from a particular risk.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 33132-2016_English be delivered?Answer: Upon your order, we will start to translate GB/T 33132-2016_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 33132-2016_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 33132-2016_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|