ISO INTERNATIONAL STANDARD 27799 Secondedition 2016-07-01 Health informatics Information security management in health using IS0/IEC 27002 Informatique de sante-Management de la sécuritedeI'information relative ala santé en utilisant I'IS0/IEC27002 Reference number ISO 27799:2016(E) ISO Intemational Organization for Standardization @IS02016 itted without license from IHS IS027799:2016(E) COPYRIGHTPROTECTEDDOCUMENT ISO:2016,Published inSwitzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISOcopyrightoffice Ch. de Blandonnet 8. CP 401 CH-1214 Vernier,Geneva, Switzerland Tel.+41 22 749 0111 Fax +41 22 749 09 47 copyright@iso.org www.iso.org Intematinaibr PrganizationfoStandardization No reproduction orr networking permited without license from IHS IS0 27799:2016(E) Contents Page Foreword ..vii Introduction.. ..vii 1 Scope 2 Normative references ... 3 Terms and definitions 4 Structure of this International Standard 5 Informationsecuritypolicies. 5.1 Management direction for information security .4 5.1.1 Policies for information security. 5.1.2 Reviewof thepoliciesforinformation security .5 6 Organization of information security .6 6.1 Internal organization. 6.1.1 Information security roles and responsibilities .6 6.1.2 Segregation of duties.. 6.1.3 Contact withauthorities. .7 6.1.4 Contact with special interest groups 6.1.5 Informationsecurityinprojectmanagement .8 6.2 Mobile devices and teleworking .8 6.2.1 Mobile device policy. .8 6.2.2 Teleworking. .9 7 Human resource security. .9 7.1 Priortoemployment. .9 7.1.1 Screening 9 7.1.2 Terms and conditions of employment .10 7.2 During employment.. ..11 7.2.1 Management responsibilities. ..1 7.2.2 Information security awareness, education and training ..11 7.2.3 Disciplinary process. ..11 7.3 Termination and change of employment. ..12 7.3.1 Termination or change of employment responsibilities ..12 8 Asset management .12 8.1 Responsibilityfor assets .12 8.1.1 Inventoryofassets ..12 8.1.2 Ownership of assets ..13 8.1.3 Acceptable useofassets .13 8.1.4 Return of assets ..13 8.2 Information classification .14 8.2.1 Classification of information ..14 8.2.2 Labelling of information. ..15 8.2.3 Handling of assets. ..15 8.3 Media handling ..16 8.3.1 Management of removable media .16 8.3.2 Disposal of media. ..16 8.3.3 Physical media transfer .17 9 Accesscontrol .17 9.1 Business requirements of access control ..17 9.1.1 Access control policy .17 9.1.2 Accesstonetworksandnetworkservices ..18 9.2 User access management. ..18 9.2.1 Userregistration and de-registration ..18 9.2.2 User access provisioning. ..19 ntemational oganzation@sS26-All rights reserved iii No reproduction or networking perm ithout license from IHS
ISO27799-2016 Health informatics — Information security management in health using ISO IEC 27002
文档预览
中文文档
112 页
50 下载
1000 浏览
0 评论
309 收藏
3.0分
温馨提示:本文档共112页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 人生无常 于 2024-10-26 03:40:09上传分享