Deliverables
《企业信息安全风险评估报告》
Enterprise information security risk assessment report
《企业业务数据库风险评估报告》
Enterprise business database risk assessment report
Reference standard
《信息技术 安全技术 信息安全管理实施指南》(ISO/IEC 27002:2013)
Implementation Guide for information technology security management (ISO / IEC 27002:2013)
《信息安全技术 信息系统安全等级保护基本要求》(GB/T 22239-2008)
Information security technology - basic requirements for security level protection of information systems (GB / T 22239-2008)
《信息安全技术 信息安全风险管理指南》(GB/Z 24364-2009)
Information security technology - Guidelines for information security risk management (GB / Z 24364-2009)
《信息安全技术 信息安全风险评估规范》(GB/T 20984-2007)
Information security technology - Code for information security risk assessment (GB / T 20984-2007)
《信息安全技术 信息安全风险评估实施指南》(GB/T 31509-2015)
Information security technology - Guidelines for the implementation of information security risk assessment (GB / T 31509-2015)
《NIST-SP800-30 Guide for Conducting Risk Assessments风险评估指南》
Nist-sp800-30 guide for conducting risk assessments
《NIST-SP800-26 Security Self-Assessment Guide for Information Technology Systems》
《NIST-SP800-26 Security Self-Assessment Guide for Information Technology Systems》
(NIST-SP800 信息技术系统安全自我评估指南)
(nist-sp800 information technology system security Self Assessment Guide)
《信息安全技术 信息安全事件管理指南》(GB/T 20985-2007)
Information security technology - Guidelines for information security incident management (GB / T 20985-2007)