FD Z74-260-1

FD Z74-260-1

August 1998
Published document Cancelled

Information technology. . Guide for the safety management of information systems. . Part 1 : concepts and patterns.

Le présent document offre une aide à la gestion de la sécurité des systèmes d'information en présentant les concepts et modèles généraux.

See more
View the extract
Main informations

Collections

National standards and national normative documents

Publication date

August 1998

Number of pages

24 p.

Reference

FD Z74-260-1

ICS Codes

35.030   IT Security

Classification index

Z74-260-1

Print number

1 - 24/08/1998

International kinship

ISO/IEC TR 13335-1:1996
Sumary
Information technology. . Guide for the safety management of information systems. . Part 1 : concepts and patterns.

Le présent document offre une aide à la gestion de la sécurité des systèmes d'information en présentant les concepts et modèles généraux.
Standard replaced by (1)
NF ISO/IEC 27001
December 2007
Standard Cancelled
Information technology - Security techniques - Information security management systems - Requirements

ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following: use within organizations to formulate security requirements and objectives;use within organizations as a way to ensure that security risks are cost effectively managed;use within organizations to ensure compliance with laws and regulations;use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met;definition of new information security management processes;identification and clarification of existing information security management processes;use by the management of organizations to determine the status of information security management activities;use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organization;use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons; implementation of business-enabling information security;use by organizations to provide relevant information about information security to customers.

Table of contents
  • Avant-propos
    4
  • Introduction
    5
  • 1 Domaine d'application
    5
  • 2 Références normatives
    5
  • 3 Définitions
    5
  • 3.1 imputabilité
    5
  • 3.2 biens
    6
  • 3.3 authenticité
    6
  • 3.4 disponibilité
    6
  • 3.5 sécurités basiques
    6
  • 3.6 confidentialité
    6
  • 3.7 intégrité de donnée
    6
  • 3.8 impact
    6
  • 3.9 intégrité
    6
  • 3.10 sécurité des systèmes d'information
    6
  • 3.11 politique de sécurité des systèmes d'information
    6
  • 3.12 fiabilité
    7
  • 3.13 risque résiduel
    7
  • 3.14 risque
    7
  • 3.15 analyse de risque
    7
  • 3.16 gestion du risque
    7
  • 3.17 parade
    7
  • 3.18 intégrité du système
    7
  • 3.19 menace
    7
  • 3.20 vulnérabilité
    7
  • 4 Structure du document
    8
  • 5 Objectifs
    8
  • 6 Contexte et environnement
    8
  • 7 Concepts de gestion de la sécurité des systèmes d'information
    9
  • 7.1 Approche
    9
  • 7.2 Objectifs, Stratégies et Politiques
    10
  • 8 L'univers de la sécurité des systèmes d'information
    11
  • 8.1 Les biens de l'entreprise
    11
  • 8.2 Les menaces
    12
  • 8.3 Les vulnérabilités
    13
  • 8.4 L'impact
    13
  • 8.5 Le risque
    14
  • 8.6 Les parades
    14
  • 8.7 Le risque résiduel
    15
  • 8.8 Les contraintes
    15
  • 9 La gestion opérationnelle de la sécurité
    15
  • 9.1 La gestion de la configuration
    16
  • 9.2 La gestion des modifications
    17
  • 9.3 La gestion du risque
    17
  • 9.4 L'analyse de risque
    18
  • 9.5 Imputabilité
    18
  • 9.6 Sensibilisation et Information en matière de sécurité
    18
  • 9.7 Suivi, contrôle et audit
    19
  • 9.8 Plan de secours et plan de continuité
    19
  • 10 Les modèles explicatifs
    20
  • 11 Conclusion
    24
ZOOM ON ... the Requirements department
To comply with a standard, you need to quickly understand its issues in order to determine its impact on your activity.

The Requirements department helps you quickly locate within the normative text:
- mandatory clauses to satisfy,
- non-essential but useful clauses to know, such as permissions and recommendations.

The identification of these types of clauses is based on the document “ISO / IEC Directives, Part 2 - Principles and rules of structure and drafting of ISO documents ”as well as on a constantly enriched list of verbal forms.

With Requirements, quickly access the main part of the normative text!

With Requirements, quickly access the main part of the normative text!
Need to identify, monitor and decipher standards?

COBAZ is the simple and effective solution to meet the normative needs related to your activity, in France and abroad.

Available by subscription, CObaz is THE modular solution to compose according to your needs today and tomorrow. Quickly discover CObaz!

Request your free, no-obligation live demo

I discover COBAZ