BS 7799-3:2017提供了指导，以帮助组织:a）满足BS EN ISO/IEC 27001关于风险和机遇的要求；和b）定义、应用、维护和评估信息系统中的风险管理流程 安全上下文。本英国标准适用于:1）拥有或打算拥有信息安全管理系统的组织 （ISMS）符合BS EN ISO/IEC 27001；执行或参与信息安全风险管理的人员（例如 各方、风险所有者和ISMS专业人士）。本文件适用于所有组织，无论其类型、规模或性质如何。交叉引用:BS EN ISO/IEC 27001:2017BS ISO/IEC 27017:2015BS EN ISO 22301:2014BS ISO/IEC 27007: 2011BS ISO 31000:2009BS ISO/IEC 27005:2011BS EN ISO/IEC 27000:2017BS ISO/IEC 27004:2016BS ISO/IEC 27003:2017购买本文件时提供的所有当前修订版均包含在购买本文件中。

BS 7799-3:2017 provides guidance to assist organizations to:a) fulfil the requirements of BS EN ISO/IEC 27001 concerning risks and opportunities; andb) define, apply, maintain and evaluate risk management processes in the information security context.This British Standard is relevant to:1) organizations who have or are intending to have an information security management system (ISMS) that conforms to BS EN ISO/IEC 27001; and2) persons that perform or are involved in information security risk management (e.g. interested parties, risk owners and ISMS professionals).This document is applicable to all organizations, regardless of type, size or nature.Cross References:BS EN ISO/IEC 27001:2017BS ISO/IEC 27017:2015BS EN ISO 22301:2014BS ISO/IEC 27007:2011BS ISO 31000:2009BS ISO/IEC 27005:2011BS EN ISO/IEC 27000:2017BS ISO/IEC 27004:2016BS ISO/IEC 27003:2017All current amendments available at time of purchase are included with the purchase of this document.