Escolar Documentos
Profissional Documentos
Cultura Documentos
ISO/IEC 27002
CDIGO DE PRTICAS PARA
CONTROLES DE
SEGURANA DA INFORMAO
Cdigo de Prticas
BS 7799-1
1995
P R O F. L U I S C L A U D I O , M . S C . , P M P
W W W. P R O VA S D E T I . C O M . B R
ISO 17799
2000
ISO 17799
2005
ISO 27002
2005
ISO 27001
2005
ISO 27001
2005
BS 7799-2
1998
BS 7799-2
2002
www.provasdeti.com.br
ISO/IEC 27000:2014
Information security management systems
Overview and vocabulary
This International Standard provides the overview of information
security management systems, and terms and definitions commonly
used in the ISMS family of standards.
This International Standard is applicable to all types and sizes of
organization (e.g. commercial enterprises, government agencies, notfor-profit organizations).
ISO/IEC 27001:2013
Information security management systems
Requirements
This International Standard specifies the requirements for establishing,
implementing, maintaining and continually improving an ISMS within
the context of the organization.
This International Standard also includes requirements for the
assessment and treatment of information security risks tailored to the
needs of the organization.
Excluding any of the requirements specified in Clauses 4 to 10 is not
acceptable when an organization claims conformity to this
International Standard.
www.provasdeti.com.br
www.provasdeti.com.br
ISO/IEC 27002:2013
Code of practice for information security controls
This International Standard gives guidelines for organizational
information security standards and information security management
practices including the selection, implementation and management of
controls taking into consideration the organizations information
security risk environment(s).
ISO/IEC 27003:2010
Information security management system implementation guidance
This International Standard focuses on the critical aspects needed for
successful design and implementation of an ISMS in accordance
with ISO/IEC 27001:2005.
It describes the process of ISMS specification and design from
inception to the production of implementation plans. It describes the
process of obtaining management approval to implement an ISMS,
defines a project to implement an ISMS, and provides guidance on
how to plan the ISMS project, resulting in a final ISMS project
implementation plan.
www.provasdeti.com.br
www.provasdeti.com.br
02/01/2016
ISO/IEC 27004:2009
Information security management
Measurement
This International Standard provides guidance on the development and
use of measures and measurement in order to assess the
effectiveness of an implemented ISMS and controls or groups of
controls, as specified in ISO/IEC 27001.
ISO/IEC 27005:2011
Information security risk management
This International Standard provides guidelines for information
security risk management.
Knowledge of the concepts, models, processes and terminologies
described in ISO/IEC 27001 and ISO/IEC 27002 is important for a
complete understanding of this International Standard.
www.provasdeti.com.br
www.provasdeti.com.br
Seo 0 Introduo
Seo 0 Introduo
www.provasdeti.com.br
www.provasdeti.com.br
Seo 0 Introduo
Seo 0 Introduo
0.2 Requisitos
Existem trs fontes principais de requisitos de SI:
www.provasdeti.com.br
www.provasdeti.com.br
02/01/2016
Seo 0 Introduo
Seo 0 Introduo
www.provasdeti.com.br
www.provasdeti.com.br
Seo 0 Introduo
Seo 0 Introduo
www.provasdeti.com.br
www.provasdeti.com.br
Seo 1 Escopo
www.provasdeti.com.br
www.provasdeti.com.br
02/01/2016
A Norma contm:
- 14 Sees (sees 5 a 18 da norma).
- 35 Objetivos de Controle.
- 114 Controles.
Obs.: A norma foi melhor organizada. Alm disso, no aspecto
quantitativo, no passado eram 11 sees, 133 controle e 39
objetivos de controle.
www.provasdeti.com.br
www.provasdeti.com.br
Controle
1
2
3
3
4
1
2
7
2
3
2
1
2
2
2
7
6
10
14
2
15
14
7
13
5
7
4
8
4.1 Sees
Cada seo definindo os controles de SI contm um ou
mais objetivos de controle. A ordem em que se
encontram as sees no implica nem significa o seu
grau de importncia.
Convm que cada organizao implemente esta Norma
identificando quais controles so aplicveis, quo importantes
eles so e qual a aplicao para os processos individuais do
negcio. Os controles no esto em ordem de prioridade.
www.provasdeti.com.br
Controle
O texto do controle para atender ao objetivo de controle.
Diretrizes para implementao
Informaes para apoiar a implementao do controle e alcanar o
objetivo do controle. As diretrizes podem no ser totalmente
adequada ou suficiente em todas as situaes...
Informaes adicionais
Dados que podem ser considerados, como por exemplo, questes
legais e referncias normativas. Nem sempre existem.
www.provasdeti.com.br
www.provasdeti.com.br
02/01/2016
QUESTES
QUESTES
www.provasdeti.com.br
www.provasdeti.com.br
QUESTES
QUESTES
ITNERANTE/2015
www.provasdeti.com.br
QUESTES
QUESTES - Gabarito
www.provasdeti.com.br
www.provasdeti.com.br
www.provasdeti.com.br