Norm: ISO/IEC 27021

Zuletzt bearbeitet am 12.04.2024 um 16:18:17.
Name:
ISO/IEC 27021
Titel (Deutsch):
Informationstechnik - Sicherheitsverfahren - Anforderungen an die Kompetenz von Sachkundigen für Informationssicherheits-Managementsysteme (ISMS)
Titel (Englisch):
Information technology - Security techniques - Competence requirements for information security management systems professionals (ISMS)

Systematik

Beschreibung

ergänzender Hinweis auf ISO/IEC 17021 (ff.)

Contents

Foreword
Introduction

1 Scope

2 Normative references

3 Termsanddefinitions

4 Concept and structure

4.1 General
4.2 Concept of ISMS competence
4.3 Structure of ISMS competence
4.4 Demonstration of competence
4.5 Structure of this document

5 Business management competence for ISMS Professionals

5.1 General
5.2 Competence: Leadership
5.3 Competence: Communication
5.4 Competence: Business Strategy and ISMS
5.5 Competence: Organization design, culture, behaviour and stakeholder management
5.6 Competence: Process design and organizational change management
5.7 Competence: Human Resource, team and individual management
5.8 Competence: Risk management
5.9 Competence: Resource management
5.10 Competence: Information systems architecture
5.11 Competence: Project and portfolio management
5.12 Competence: Supplier management
5.13 Competence: Problem management

6 Information security competence for ISMS professionals

6.1 ISMS Competence: Information Security

6.1.1 General
6.1.2 Competence: Information security governance
6.1.3 Competence: Context of the organization

6.2 ISMS Competence: Information Security Planning

6.2.1 General
6.2.2 Competence: Scope of ISMS
6.2.3 Competence: Information security risk assessment and treatment

6.3 ISMS Competence: Information Security Operation

6.3.1 General
6.3.2 Competence: Information security operations

6.4 ISMS Competence: Information Security Support

6.4.1 General
6.4.2 Competence: Information security awareness, education and training
6.4.3 Competence: Documentation

6.5 ISMS Competence: Information Security Performance evaluation

6.5.1 General
6.5.2 Competence: ISMS monitoring, measurement, analysis and evaluation
6.5.3 Competence: ISMS auditing
6.5.4 Competence: Management review

6.6 ISMS Competence: Information Security Improvement

6.6.1 General
6.6.2 Competence: Continual improvement
6.6.3 Competence: Technological trends and developments

Annex A (informative) Including knowledge for ISMS professionals as part of a body of knowledge

Bibliography