信息安全管理体系ISOIEC 27002_2022_英文原版.pdf

ISO/IEC 27002:2022(E) COPYRIGHT PROTECTED DOCUMENT © ISO/IEC 2022 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester. ISO copyright office CP 401 • Ch. de Blandonnet 8 CH-1214 Vernier, Geneva Phone: +41 22 749 01 11 Email: copyright@ Website: Published in Switzerland ii © ISO/IEC 2022 – All rights reserved ISO/IEC 27002:2022(E) Contents Page Foreword vi Introduction vii 1 Scope 1 2 Normative references 1 3 Terms, definitions and abbreviated terms 1 3.1 Terms and definitions 1 3.2 Abbreviated terms 6 4 Structure of this document 7 4.1 Clauses 7 4.2 Themes and attributes 8 4.3 Control layout 9 5 Organizational controls 9 5.1 Policies for information security 9 5.2 Information security roles and responsibilities 11 5.3 Segregation of duties 12