ISO IEC 27013-2021.docx

INTERNATIONA1.STANDARDISO/IEC27013editionThird2021-1.1.Informationsecurity,cybersecurityandprivacyprotectionGuidanceontheintegratedimp1.ementationofISO/IEC27001andISO/IEC20000*1SecuritydeVinformation,CybersecuriteetprotectiondeIaviepriveeRecommandationspourIamiseencuvreintegreede11SOIEC27001etdeISOIKC20000-1ReferencenumberISO/IEC27013:2021(E)COPYRIGHTPROTECTEDDOCUMENT©ISO/1EC2021IUirhM*hedbdi1.iUedotherwiseupdhi.o啪InyM1.tta0Dmk<nroni(ncm11ni10tf1.*Mqn1.C6pW11opypMRationmaytheinternetoranintranet,withoutpriorwrittenpermission.PermissioncanberequestedfromeitherISOattheaddressbe1.oworISO'smemberbodyinthecountr)oftherequester.f),WV>fifiU81.andonnet8CH-1214Vernier,GenevaPhone：M1.227490111觥曲ite：图洲跳触OQrgPub1.ishedinSwitzer1.andContentsForewordivIntroductionv2 Scope13 Normativereferences14 Termsanddefinitions1OverviewofISO/IEC27001andISO/IEC200001.14.1 UnderstandingISO/IEC27001andISO/IEC20000-114.2 ISO/IEC27001COn(XPtS25Approachesforintegratedimp1.ementation35.1 Genera1.35.2 Considerationsofscope3534蝴m©醐掰ationscenarios45.3.2 Neitherstandardiscurrent1.yusedasthebasisforamanagementsystem45.3.3 Themanagementsystemfu1.fi1.stherequirementsofoneofthestandards55.3.4 standard.66Integratedimp1.ementationconsiderations_66 .167 .2Potentia1.cha1.1.enges7234ResptBandn1.scQnf1.gMinf1.BOhitemsServicedesignandtransitionRiskassessmentandmanagementRiskandotherpartiesIncidentmanagementProb1.emmanagementGatheringofevidence解:20蜘时蜘q三除淞出°nfincidents7.11.11 Changemanagement138:初黜招磔融机Sf1.M剧Htand硼Wimprovement37.3.3 Capaatymanagement147.3.4 Managementofthirdpartiesandre1.atedrisk-.一._.一.147.3.5 弗1.ft三敌制朝阳嘛肱缶gement15Annex(informative)CorrespondencebetweenISO1EC27001:2013,C1.auses1to10,and1SOIEC20000-1:2018rC1.auses1to1()17AnnexB(informative)CoiTespondencebetweenthecontro1.sinISO/IEC27001:2013,Annex,andtherequirementsinISO/IEC20000-1:2018,C1.auses4to1019Annexand(informa1.ive)ComparisonofternsanddefinitionsbetweenISO/IEC27000:201822ForewordISO(theInternationa1.OrganizationforStandardization)andIEC(theInternationa1.E1.ectrotechnica1.(inrt)(55io6)Srn1.H(i<5pQriaiipd(syiBweopkodcfBtanriOTdrraJion.SttiQttorddHudiughtechnimitteesestab1.ishedbytherespectiveorganizationtodea1.withparticu1.arfie1.dsoftechnica1.activity.ISOandIECmitteesco1.1.aborateinfie1.dsofmutua1.interestOtherinternationa1.ornizations,governmenta1.andnon-governmenta1.rin1.iaisonwithISOandIEC,a1.sotakepartintheTheproceduresusedtodeve1.opthisdocumentandthoseintendedforitsfurthermaintenanceftideddc1.bedthcindFrcnt1.S(W?矫也(H三帼rtsA曲如M1.Mar1帕序的居如jpjffaraf1.ex1.in%wkwi"WNhIheedUH三111展N1.hCISO/IECDirectives.Part2(seewsvw.iso.org/directivesorwww.iec.ch/members.experts/refdocs).A(ftftF>rigWjwn怕&%愁S<3UinWf!ft三b1.e用三电Q0h¾hy*hf1.1.三ffkubjectrights.Detai1.sofanypatentrightsidentifiedduringthedeve1.opmentOfI1.÷d屋um&MWiI1.b&intheIntrodurtionand/orontheISO1.istofpatentdec1.arationsreceived(seewww.iso.org/patents)ortheIEC1.istofpatentdec1.arationsreceived(seepatents.iec.ch).Anytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstituteanendorsement.B即邸SiOnSeXPk1.nttrtbM岫CMtbWfthy前榄喇11fnt,StandHHs,1.hfoWttbgatfdOs,ttkadhvwceartd由aWoUdTade0tgQN¾G。注(VT0)princip1.esiU4<hNtNB*H沁咯to：*#(CBT)seewww.iso.org/iso/foreword.htrn1.IntheIEC.seewww.iec.chunderstandingstandards.j族。例M腺里SC编妞肿群梆隰CUrj夕或M1.wfm阳(SOI&肪小ec"on./brmaontechno1.ogy,Thisthirdeditioncance1.sandrep1.acesthesecondedition(ISO/IEC27013:2015),whichhasbeenIEWAWI1.y268bU18.Themainchangecomparedwiththepreviouseditionisthea1.ignmentwithA1.istofa1.1.partsintheISO/IEC27000seriescanbefoundontheISOandIECwebsites.NwfyTfeAibftekefMW油He1.tft川曲府hesft魅?rfHQWjqRPqRjreeted,w.iecxh/nationa1.-committees.IntroductionThere1.ationshipbetweeninformationsecuritymanagementandservicemanagementisSOc1.osethattaByoui6fi9,½a3¢Wcgnizeinfohwbo11teoiQ<taphngciiM*nntW80jaEf)30tt01.Standardsfervicemanagement.ItiscommonforanorganizationtoimprovethewayitoperatestoachieveconformitywiththerequirementsspecifiedinoneInternationa1.Standardandthenmakefurtherimprovementstoachieveconformitywiththerequirementsofanother.Thereareanumberofadvantagesforanorganizationinensuringitsmanagementsystemtakesintoaccountboththeservice1.ifecyc1.eandtheprotectionoftheorganization'sinformation.These娥眄姆陶顺却曲曾1.areo的眼丽靓aEft三us1.y.制喇因YayI三kc日翎hna1.processes,inparticu1.ar,canderivebenefitfromthemutua1.1.yreinforcingconceptsandsimi1.aritiesbetweentheseInternationa)Standardsandtheircommonobjectives.KwiM1.gwifttqi1.pftdkWffimp1.ementationofinformationsecurity11anagcncntandservicea) credibi1.itytointerna1.andexterna1.customers,andotherinterestedpartiesoftheorganization,ofeffectiveandsecureservices