標準號：BS 7799-3-2006
中文標準名稱：信息安全管理系統.信息安全性風險管理指南
英文標準名稱：Information security management systems - Guidelines for information security risk management
標準類型：A90
發布日期：2006/3/17 12:00:00
實施日期：2006/3/17 12:00:00
中國標準分類號：A90
國際標準分類號：35.020;35.040
引用標準：BS ISO/IEC 27001-2005
適用范圍：This British Standard gives guidance to support the requirements givenin BS ISO/IEC 27001:2005 regarding all aspects of an ISMS riskmanagement cycle. This cycle includes assessing and evaluating therisks, implementing controls to treat the risks, monitoring andreviewing the risks, and maintaining and improving the system of riskcontrols.The focus of this standard is effective information security through anongoing programme of risk management activities. This focus istargeted at information security in the context of an organization’sbusiness risks.The guidance set out in this British Standard is intended to be applicableto all organizations, regardless of their type, size and nature of business.It is intended for those business managers and their staff involved inISMS (Information Security Management System) risk managementactivities.