Вы находитесь на странице: 1из 28

ISO/IEC 27001:2013 /

ISO/IEC
27001:2013


ISO/IEC 27001
( )

2013-10-01




Information technology Security techniques Information security management systems
Requirements
Technologies de linformation Techniques de scurit Systmes de management de la
scurit de linformation Exigences

SITMA (www.sitma.pro)

. , ,
ISO/IEC 27001:2013.

.

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 1 of 28

ISO/IEC 27001:2013 /

Authors of translation /

Alexander Dmitriev /

Lead auditor ISO/IEC 27001, ISO 22301, ISO/IEC 20000, ISO 9001

Certified Trainer TV SD: ISO/IEC 27001 (Lead trainer), ISO 22301 (Lead trainer), ISO 31000
(Lead trainer), ISO 20000 (Trainer)

Information Security Management Systems Expert

Risk Management Expert (ISO 31000)

Head of "Security & IT Management Systems" Department, TMS (TV SD representative)

Founder of Security & IT Management Association (SITMA)

Das Management magazine Chief Editor, Member of International Federation of Journalists

More than 80 corporate and public training courses in Ukraine, Russia, Kazakhstan Republic,
Georgia, Poland, Germany, UAE, Egypt and Turkey

Ildar Garipov /

Lead auditor ISO/IEC 20000, ISO/IEC 27001, ISO 9001

Certified Trainer TV SD: ISO/IEC 20000 (Lead trainer), ISO 31000 (Lead trainer), ISO/IEC 27001
(Lead trainer)

Information Security Management Systems Expert

IT Service Management Consultant

Risk Management Expert (ISO 31000)

Head of "IT Service Management" Department, TMS (TV SD representative)

Founder of Security & IT Management Association (SITMA)

More than 50 corporate and public training courses in Ukraine, Russia and Turkey

Michael Vernikov /

Ph.D.

Lead auditor ISO/IEC 27001, auditor ISO/IEC 20000

Cryptographic Controls Management Expert

Information security management systems Expert

ITIL v 3 Foundation Examination

Cisco CCNA

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 2 of 28

ISO/IEC 27001:2013 /

0
1
2
3
4
4.1
4.2
4.3

4.4
5
5.1
5.2
5.3 ,
6
6.1
6.2
7
7.1
7.2
7.3
7.4
7.5
8
8.1
8.2
8.3
9
9.1 , ,
9.2
9.3
10
10.1
10.2

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 3 of 28

ISO/IEC 27001:2013 /

ISO ( ) IEC (
) .
, ISO IEC,
,
. ISO IEC
, . ,
, ISO IEC,
. , ISO IEC
, ISO/IEC JTC 1.
,
ISO/IEC, 2.

. , ,
.
75% , .
,
. ISO IEC -
.
ISO/IEC 27001 ISO/IEC JTC
, SC 27, .

1,

(ISO/IEC 27001:2005),
.

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 4 of 28

ISO/IEC 27001:2013 /

0
0.1
,
,
.
.
,
, ,
. , , .
,

, .
,
,
,
. ,
.


.
, ,
, .
.
ISO/IEC 27000
,
( ISO/IEC 27003[2], ISO/IEC 27004[3] ISO/IEC 27005 [4]),

0.2
,
, , ,
SL ISO/IEC, 1, ISO, , ,
,
SL.
, SL, ,
,
.

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 5 of 28

ISO/IEC 27001:2013 /

-
-
-
1
, ,
.

. ,
,
, , . ,
4 10, ,
.

2
, ,
.
. (
).
ISO/IEC 27000, - -
-

3
, ISO/IEC
27000.

4
4.1
,

.

5.3 ISO 31000:2009 [5].

4.2
:
a) ,
,

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 6 of 28

ISO/IEC 27001:2013 /

b) ,
.
,
.

4.3


.
:
a) , .4.1;
b) , .4.2;
c) , ,
, .
.

4.4
, ,
.

5
5.1

:
a)
,
;
b)
;
c) , ,
, ;
d)

;
e) ,
;
f) ,
;
g) ;
h)
.

5.2
, :
a) ;
b) (. .6.2)
;
c) ,
;
Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 7 of 28

ISO/IEC 27001:2013 /

d)
.
:
e) ;
f) ;
g) , .

5.3 ,
, ,
, .
:
a) ,
;
b)
.


6
6.1
6.1.1

, .4.1, , .4.2,
, :
a) ,
;
b) ;
c) .
:
d) ;
e)
1)
;
2) .
6.1.2
,
:
a) ,
:
1) ;
2) ;
b) ,
, ;
c) :

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 8 of 28

ISO/IEC 27001:2013 /

1) ,
,
;
2) ;
d) :
1) ,
, .6.1.2 c) 1);
2) , .6.1.2 c) 1);
3) ;
e) :
1) , .6.1.2 a);
2) .

.
6.1.3

, :
a) ,
;
b) ,
;

.
c) , .6.1.3 b), ,
, ;
1
.
.
2 .
, ,
.
d) (SoA),
(. .6.1.3 b) c)) ( ,
),
;
e) ;
f)
( )
.

.
,
, ,
ISO 31000 [5].

6.2
Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 9 of 28

ISO/IEC 27001:2013 /


.
:
a) ;
b) ( );
c) ,
;
d) ;
e) .

.

:
f) ;
g) ;
h) ;
i) ;
j) .

7
7.1
, , ,
.

7.2
:
a) ,
, ;
b) ,
, ;
c)
;
d)
.
, : ,
; /
.

7.3
, , :
a) ;
b)
, ;
c)
.

7.4
,
, :
a) ;
Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 10 of 28

ISO/IEC 27001:2013 /

b)
c)
d)
e)

;
;
;
, .

7.5
7.5.1
:
a) , ;
b) ,
.
()

:
1) , , ;
2 ) ;
3) .
7.5.2

:
a) (: , , );
b) (: , , )
(: , );
c) .
7.5.3
,
, :
a) , ;
b) (: ,
).

( ):
c) , , ;
d) , ;
e) (: );
f) .
,

, .


..

8
8.1

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 11 of 28

ISO/IEC 27001:2013 /

, ,
,
.6.1.
, .6.2.
,
, , .

,
.
,
.

8.2

,
, , .6.1.2 a) .

.

8.3
.

.

9
9.1 , ,

.
:
a) ,
;
b) , , , ,
;

, .
c) ;
d) ;
e) ;
f) .

.

9.2

:
a)
1)
;
2) ;
b) .
Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 12 of 28

ISO/IEC 27001:2013 /

:
c) , , () , ,
, . ()
;
d) ;
e) ,
;
f) , ;
g) ()
.

9.3


, .
:
a) ;
b) ,
;
c) , :
1) ;
2) ;
3) ;
4) ;
d) ;
e) ;
f) .
,
,
.

.

10
10.1
:
a) , :
1) ;
2) ;
b)
, :
1) ;
2) ;
3) ,
;
c) ;
d) ;
e)
.
Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 13 of 28

ISO/IEC 27001:2013 /

.
:
f) ;
g) .

10.2
,
.

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 14 of 28

ISO/IEC 27001:2013 /

A
()

, .1
, ISO/IEC 27002:2013[1] ( 5 18)
6.1.3.
A.1
.5
.5.1
:

.
A.5.1.1

,

.
A.5.1.2



,
.
.6
A.6.1
:
.
A.6.1.1



.
A.6.1.2




,

.
A.6.1.3



A.6.1.4


,

A.6.1.5



,
Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 15 of 28

ISO/IEC 27001:2013 /


.
A.6.2
: .
A.6.2.1


,
.
A.6.2.2



,
.
A.7 ,
A.7.1
: ,
, .
A.7.1.1



, ,
,
, ,

A.7.1.2

,


.
A.7.2
: ,

A.7.2.1




.
A.7.2.2

, ,

,

,
.
A.7.2.3


, ,

,

.
.7.3
:
A.7.3.1


Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 16 of 28

ISO/IEC 27001:2013 /

,
,
,
.

.8
.8.1
:
.
A.8.1.1

,
,

.
A.8.1.2

, ,

A.8.1.3



,

, ,
.
A.8.1.4



, ,
.
A.8.2
: ,

A.8.2.1

, ,

.
A.8.2.2




, .
A.8.2.3





, .
A.8.3
: , ,
, .
A.8.3.1




,
.
A.8.3.2

,

,
.
A.8.3.3

, ,



,
.
Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 17 of 28

ISO/IEC 27001:2013 /

A.9
A.9.1
: .
A.9.1.1

,

.
A.9.1.2

,

.
A.9.2
:
.
A.9.2.1



,
.
A.9.2.2



.
A.9.2.3

.
A.9.2.4

A.9.2.5


.
A.9.2.6






, , .
A.9.3
:

A.9.3.1


A.9.4
:
A.9.4.1



A.9.4.2

,

,

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 18 of 28

ISO/IEC 27001:2013 /

A.9.4.3
A.9.4.4

A.9.4.5

.

.
,
,

.

.

A.10
A.10.1
:
, /
A.10.1.1





A.10.1.2

,


.
A.11
A.11.1
: ,
.
A.11.1.1


, ,

.
A.11.1.2


,
.
A.11.1.3
,
,

.
A.11.1.4
,


.
A.11.1.5

.
A.11.1.6

, ,
/
/, ,
,
, ,

.
A.11.2
: , ,
.
A.11.2.1

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 19 of 28

ISO/IEC 27001:2013 /

A.11.2.2

A.11.2.3

A.11.2.4

A.11.2.5

A.11.2.6

A.11.2.7

A.11.2.8

A.11.2.9

,
,
.

,

.

,
,
,
.


.
,


.
,
,

.
,
,
,


.
,
, ,
.


,

.

.12
.12.1
:
.
.12.1.1


,
.12.1.2
, -,
,
,
.
.12.1.3

,


.
Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 20 of 28

ISO/IEC 27001:2013 /

.12.1.4

,


.

.12.2
: ,
.
.12.2.1
,


.
.12.3
: .
.12.3.1

, ,


.
.12.4
: .
.12.4.1 ()
,
, ,
, ,

.12.4.2


.
.12.4.3

,

.
.12.4.4



.
.12.5 ()
: ().
.12.5.1


.12.6
: .
.12.6.1


.


.
.12.6.2
,

.
.12.7
: .
Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 21 of 28

ISO/IEC 27001:2013 /

.12.7.1

,
,

,
-.

.13
.13.1
:
.
.13.1.1

.13.1.2
,


,
,
.13.1.3
,

.
.13.2
: ,
.
.13.2.1
,

,

.
.13.2.2


.
.13.2.3
,
,

.13.2.4

(NDA)
,

. NDA

.
.14 ,
.14.1
: ,
.
, .
.14.1.1




.
.14.1.2 , ,

,
,

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 22 of 28

ISO/IEC 27001:2013 /

.

,
,
,
,
,
.
.14.2
: ,
.
.14.2.1


.14.2.2



.
.14.2.3




-


.14.2.4


.14.2.5


,
,

.
.14.2.6


,
.
.14.2.7

.
.14.2.8

.14.2.9


,

.14.3
: .
.14.3.1

, .
.15
.15.1
: ,
.15.1.1
,

,


.14.1.3

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 23 of 28

ISO/IEC 27001:2013 /

.15.1.2

.15.1.3





,
( ,
, )
-.


,
-

.

.15.2
:
.
.15.2.1
,



.15.2.2

,

, ,

,

.16
.16.1
:
,
.
.16.1.1




.16.1.2



, .
.16.1.3
,





.
.16.1.4



,
.
.16.1.5




.
Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 24 of 28

ISO/IEC 27001:2013 /

.16.1.6

,

, ,

.
.16.1.7

, ,
,
.
.17
.17.1
:
.
.17.1.1



,
,
.
.17.1.2
,

,
,


.
.17.1.3 ,





,

.
.17.2
: .
.17.2.1

,
.
A.18
A.18.1
: , ,

.
A.18.1.1
,

,

,


.
A.18.1.2


,



.
Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 25 of 28

ISO/IEC 27001:2013 /

A.18.1.3

,
, ,

, ,
, .
A.18.1.4




, .
A.18.1.5



,
.
A.18.2 ()
: ,
.
.18.2.1 ()



(.. ,
, ,
)


.
.18.2.2




,

.
.18.2.3

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 26 of 28

ISO/IEC 27001:2013 /

[1] ISO/IEC 27002:2013 -



[2] ISO/IEC 27003, -

[3] ISO/IEC 27004, -
-
[4] ISO/IEC 27005, -

[5] ISO 31000:2009, -
[6] ISO/IEC , 1, ISO ISO
, 2012

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 27 of 28

ISO/IEC 27001:2013 /

Security& IT Management Association (SITMA)



SITMA

, ,
,



,


ISO/IEC 27001, ISO/IEC 20000, ISO 22301,
ISO 31000
,


SITMA Security & IT Management Association facebook




www.sitma.pro

Alexander Dmitriev, Ildar Garipov, Michael Vernikov All rights reserved

Page 28 of 28