字體:小 中 大 | |
|
|
2014/01/01 20:29:47瀏覽657|回應0|推薦1 | |
ISO / IEC 27036-3 Information technology — Security techniques — Information security for
supplier relationships —
Part 3:
Guidelines for information andcommunication technology supply chain security
Foreword
Introduction
1 Scope.
2 Normative references
3 Terms and definitions.
4 Structure of this standard
5 Key concepts
5.1 Business case for ICT supply chain security
5.2 ICT supply chain risks and associated threats
5.3 Acquirer and supplier relationship types.3
5.4 Organizational capability
5.5 System lifecycle processes.
5.6 ISMS processes in relation to system lifecycle processes
5.7 ISMS information security controls in relation to ICT supply chain security
5.8 Essential ICT supply chain security practices.
6 ICT supply chain security in Lifecycle Processes.
6.1 Agreement Processes.
6.2 Organizational Project-Enabling Processes.
6.3 Project Processes.
6.4 Technical Processes.
Annex A (informative) Summary of Supply and Acquisition Processes from ISO/IEC 15288 and
ISO/IEC 12207
Annex B (informative) Clause 6 mapping to ISO/IEC 27002
Bibliography
|
|
( 知識學習|商業管理 ) |