參考文獻

參考文獻

[1] ISO/IEC 17021｜GB/T 27021　合格評定　管理體系審核認證機構的要求（Conformity assessment — Requirements for bodies providing audit and certification of management systems**）

[2] ISO 9000:2015, Quality management systems —** Fundamentals and vocabulary

[3] ISO 19011:2011｜GB/T 19011-2013　管理體系審核指南（Guidelines for auditing management systems）

[4] ISO/IEC 27001｜GB/T 22080　信息技術　安全技術　信息安全管理體系　要求（Information technology — Security techniques — Information security management systems — Requirements**）

[5] ISO/IEC 27002｜GB/T 22081　信息技術　安全技術　信息安全控制實踐指南（Information technology — Security techniques — Code of practice for information security controls**）

[6] ISO/IEC 27003｜GB/T 31496　信息技術　安全技術　信息安全管理體系實施指南（Information technology — Security techniques — Information security management system implementation guidance**）

[7] ISO/IEC 27004｜GB/T 31497　信息技術　安全技術　信息安全管理　測量（Information technology — Security techniques — Information security management — Measurement**）

[8] ISO/IEC 27005｜GB/T 31722　信息技術　安全技術　信息安全風險管理（Information technology — Security techniques — Information security risk management**）

[9] ISO/IEC 27006｜GB/T 25067　信息技術　安全技術　信息安全管理體系審核認證機構的要求（Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems**）

[10] ISO/IEC 27007, Information technology —** Security techniques — Guidelines for information security management systems auditing

[11] ISO/IEC TR 27008｜GB/Z 32916　信息技術　安全技術　信息安全控制措施審核員指南（Information technology — Security techniques — Guidelines for auditors on information security controls**）

[12] ISO/IEC 27009, Information technology —** Security techniques — Sector-specific application of ISO/IEC 27001 — Requirements

[13] ISO/IEC 27010｜GB/T 32920　信息技術　安全技術　行業間和組織間通信的信息安全管理（Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications**）

[14] ISO/IEC 27011, Information technology —** Security techniques — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002

[15] ISO/IEC 27013, Information technology —** Security techniques — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1

[16] ISO/IEC 27014｜GB/T 32923　信息技術　安全技術　信息安全治理（Information technology — Security techniques — Governance of information security**）

[17] ISO/IEC TR 27015, Information technology —** Security techniques — Information security management guidelines for financial services

[18] ISO/IEC TR 27016, Information technology —** Security techniques — Information security management — Organizational economics

[19] ISO/IEC 27017, Information technology —** Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services

[20] ISO/IEC 27018, Information technology —** Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

[21] ISO/IEC 27019, Information technology —** Security techniques — Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry

[22] ISO 27799, Health informatics —** Information security management in health using ISO/IEC 27002

[23] ISO Guide 73:2009, Risk management —** Vocabulary

[24] ISO/IEC 15939:2007, Systems and software engineering —** Measurement process

[25] ISO/IEC 20000?1:2011, Information technology —** Service management — Part 1: Service management system requirements