Fdadfsd
Páginas: 44 (10792 palabras)
Publicado: 19 de diciembre de 2012
UNIT PEMODENAN TADBIRAN DAN PERANCANGAN PENGURUSAN MALAYSIA (MAMPU) JABATAN PERDANA MENTERI
STATEMENT OF APPLICABILITY GCERT
MS ISO/IEC 27001:2007
Disediakan/Disemak Oleh:
Diluluskan Oleh:
......................................... Nama : Nur Hidayah binti Abdullah Jawatan : Ketua Penolong Pengarah Kanan, Seksyen Pengukuhan ICT Tarikh : 21 Jun 2010.......................................... Nama : Osman bin Abdul Aziz Jawatan : Pengarah Bahagian Pematuhan ICT Tarikh : 21 Jun 2010
Versi: 1.5 12 Julai 2010 Versi: (Tarikh)
Muka Surat Muka Surat:
i
MAMPU-BPICT-ISMS-P1-011
STATEMENT OF APPLICABILITY GCERT
REKOD PINDAAN DOKUMEN
TARIKH NO. KELUARAN / PINDAAN BAB / MUKA SURAT KETERANGAN PINDAAN
2 Jun 2010 10 Jun 2010 21 Jun 2010
Versi 1.1 Versi 1.2 Versi 1.3Semua Muka Depan Nama dokumen Nombor rujukan
Pengasingan dokumen SoA GCERT dan PRISMA Pindaan perkataan MS ISO/IEC 27001:2006 kepada MS ISO/IEC 27001:2007 Pindaan nama dokumen Statement of Applicability kepada Statement of Applicability GCERT Pindaan nombor rujukan MAMPU-BPICT-ISMSP1-010 kepada MAMPU-BPICT-ISMS-P1-011
Memindahkan justifikasi pengecualian dari lajur Reference ke lajurJustification bagi kawalan A.10.8.5 Memindahkan justifikasi pengecualian dari lajur Reference ke lajur Justification bagi kawalan A.11.4.2 Menyatakan justifikasi bagi pengecualian kawalan bagi kawalan A.11.5.5 Menyatakan justifikasi bagi pengecualian kawalan bagi kawalan A.11.5.6 Menyatakan pemakaian bagi kawalan A.11.7.2 Memindahkan justifikasi pengecualian dari lajur Reference ke lajur Justificationbagi kawalan A.12.5.5 Menggugurkan rujukan Perintah Am, Bab B 1. Meminda perkataan “Disediakan/Disemak Oleh” kepada “Disemak oleh” pada muka depan dokumen. 2. Menambah para III. Authorization Prepared By: …………………………….. Ibrahim bin Ismail Ketua Penolong Pengarah 12 Julai 2010
25 Jun 2010
Versi 1.4
A.10.8.5 A.11.4.2 A.11.5.5 A.11.5.6 A.11.7.2 A.12.5.5 A.6.1.5
12 Julai 2010
Versi 1.5-
Name: Designation: Date:
Versi: 1.5 12 Julai 2010
Muka Surat
ii
SAMPEL DOKUMEN STATEMENT OF APPLICABILITY
MAMPU-BPICT-ISMS-P1-011
STATEMENT OF APPLICABILITY GCERT I. Overview of Statement of Applicability
The Statement of Applicability (SOA) provides a summary of decisions concerning risk treatment. The SOA documents the control objectives and controls selected fromAnnex A of MS ISO/IEC 27001:2007.
The SOA is usually a table in which each control from Annex A is listed with its description and corresponding columns that indicate whether that control was adopted by GCERT.
The justification for adopting or not adopting the control, and a reference identifies the location where the statement of policy or detailed procedure related to the implementation ofthe control is documented. II. Identify applicable objectives and controls
A Statement of Applicability that was prepared includes the following:
a)
The control objectives and controls selected to meet the requirements identified by the risk assessment and risk treatment process, and reasons for their selection;
b)
The control objectives and controls currently implemented; and
c)The exclusion of any control objectives and controls in MS ISO/IEC 27001:2007 specified in Annex A: Control objectives and controls.
Versi: 1.5 12 Julai 2010
Muka Surat
1
SAMPEL DOKUMEN STATEMENT OF APPLICABILITY
MAMPU-BPICT-ISMS-P1-011
STATEMENT OF APPLICABILITY GCERT III. Statement of Applicability
Annex A of MS ISO/IEC 27001:2007 with 39 Control Objectives and 133Controls: Clause No. A.5 A.5.1 Control SECURITY POLICY Information security policy Objective: To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations. DKICT MAMPU Information security policy document DKICT is the terkini framework and basis Control: on which the An information security policy document shall be...
STATEMENT OF APPLICABILITY GCERT
MS ISO/IEC 27001:2007
Disediakan/Disemak Oleh:
Diluluskan Oleh:
......................................... Nama : Nur Hidayah binti Abdullah Jawatan : Ketua Penolong Pengarah Kanan, Seksyen Pengukuhan ICT Tarikh : 21 Jun 2010.......................................... Nama : Osman bin Abdul Aziz Jawatan : Pengarah Bahagian Pematuhan ICT Tarikh : 21 Jun 2010
Versi: 1.5 12 Julai 2010 Versi: (Tarikh)
Muka Surat Muka Surat:
i
MAMPU-BPICT-ISMS-P1-011
STATEMENT OF APPLICABILITY GCERT
REKOD PINDAAN DOKUMEN
TARIKH NO. KELUARAN / PINDAAN BAB / MUKA SURAT KETERANGAN PINDAAN
2 Jun 2010 10 Jun 2010 21 Jun 2010
Versi 1.1 Versi 1.2 Versi 1.3Semua Muka Depan Nama dokumen Nombor rujukan
Pengasingan dokumen SoA GCERT dan PRISMA Pindaan perkataan MS ISO/IEC 27001:2006 kepada MS ISO/IEC 27001:2007 Pindaan nama dokumen Statement of Applicability kepada Statement of Applicability GCERT Pindaan nombor rujukan MAMPU-BPICT-ISMSP1-010 kepada MAMPU-BPICT-ISMS-P1-011
Memindahkan justifikasi pengecualian dari lajur Reference ke lajurJustification bagi kawalan A.10.8.5 Memindahkan justifikasi pengecualian dari lajur Reference ke lajur Justification bagi kawalan A.11.4.2 Menyatakan justifikasi bagi pengecualian kawalan bagi kawalan A.11.5.5 Menyatakan justifikasi bagi pengecualian kawalan bagi kawalan A.11.5.6 Menyatakan pemakaian bagi kawalan A.11.7.2 Memindahkan justifikasi pengecualian dari lajur Reference ke lajur Justificationbagi kawalan A.12.5.5 Menggugurkan rujukan Perintah Am, Bab B 1. Meminda perkataan “Disediakan/Disemak Oleh” kepada “Disemak oleh” pada muka depan dokumen. 2. Menambah para III. Authorization Prepared By: …………………………….. Ibrahim bin Ismail Ketua Penolong Pengarah 12 Julai 2010
25 Jun 2010
Versi 1.4
A.10.8.5 A.11.4.2 A.11.5.5 A.11.5.6 A.11.7.2 A.12.5.5 A.6.1.5
12 Julai 2010
Versi 1.5-
Name: Designation: Date:
Versi: 1.5 12 Julai 2010
Muka Surat
ii
SAMPEL DOKUMEN STATEMENT OF APPLICABILITY
MAMPU-BPICT-ISMS-P1-011
STATEMENT OF APPLICABILITY GCERT I. Overview of Statement of Applicability
The Statement of Applicability (SOA) provides a summary of decisions concerning risk treatment. The SOA documents the control objectives and controls selected fromAnnex A of MS ISO/IEC 27001:2007.
The SOA is usually a table in which each control from Annex A is listed with its description and corresponding columns that indicate whether that control was adopted by GCERT.
The justification for adopting or not adopting the control, and a reference identifies the location where the statement of policy or detailed procedure related to the implementation ofthe control is documented. II. Identify applicable objectives and controls
A Statement of Applicability that was prepared includes the following:
a)
The control objectives and controls selected to meet the requirements identified by the risk assessment and risk treatment process, and reasons for their selection;
b)
The control objectives and controls currently implemented; and
c)The exclusion of any control objectives and controls in MS ISO/IEC 27001:2007 specified in Annex A: Control objectives and controls.
Versi: 1.5 12 Julai 2010
Muka Surat
1
SAMPEL DOKUMEN STATEMENT OF APPLICABILITY
MAMPU-BPICT-ISMS-P1-011
STATEMENT OF APPLICABILITY GCERT III. Statement of Applicability
Annex A of MS ISO/IEC 27001:2007 with 39 Control Objectives and 133Controls: Clause No. A.5 A.5.1 Control SECURITY POLICY Information security policy Objective: To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations. DKICT MAMPU Information security policy document DKICT is the terkini framework and basis Control: on which the An information security policy document shall be...
Leer documento completo
Regístrate para leer el documento completo.