前面几章都在谈对於稽核相关的要求,再来我们要来谈到 ISO 27001:2013 年版的框架。
图片来源:资安人
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=7348
由上图可以很清楚各章的每个阶段的主要目标:计划(Plan)、执行(Do)、检查(Check)、改善(Act)
对应到主要的标准,快速用三句以内来做重点整理:
= = = = = = = = = = . = = = = = = = = = = . = = = = = = = = = =
= = = = = = = = = = . = = = = = = = = = = . = = = = = = = = = =
为获得证据并对其进行客观地评估,以确定满足稽核准则的程度所进行有系统化的、独立性及文件化的过程。
独立性:不能稽核曾经从事过或是参与过的专案。
一致性:参照政策、程序或稽核相关的其他要求,并做比较,以寻求客观证据,如:稽核查检表。
= = = = = = = = = = . = = = = = = = = = = . = = = = = = = = = =
<<: EP 17: The MenuItem of ListView binds Command in ViewModel - Way 2
>>: 从 IT 技术面细说 Search Console 的 27 组数字 KPI (25) :Search Console 可以看到到多少 Ranking Factor 呢?
嗨嗨 又过了一周 刚刚打完了忘了存挡.....哭呀 那我废话不多说了 本日学习 Stack&...
金额计算的部分,在前一篇就完成了,这一篇开始讲 pie chart 的实作。 分析我们要做的事情 设...
mysqli_num_rows() 取得查询笔数 可以使用 mysqli_num_rows() 函式...
阿嬷都看得懂的盒模型 各位阿嬷,我们今天要来寄自己腌渍的酱瓜给乖孙。 我们找来 4 个纸盒,想在里面...
Progressive Web App 跨平台安装 Progressive Web App 本身就具...