Annex B(informative) Categorizes terms 附錄B 術(shù)語分類術(shù)語分類如表-2中所示。 Bibliography 參考文獻

共列出了13項參考文獻，這些參考文獻本身就是ISMS標準族成員或者是通用要求， 值得逐一閱讀，因此在這里列出來。

[1] IS()/IEC 17021: 2006 Conformity assessment--Requirements for bodies providing audit and certification of management systems，本標準給出了審核與認證組織的通用要求， ISMS標準族中的IS()/IEC 27006：2007可以認為是本標準在特定行業(yè)的應(yīng)用。

[2] IS() 9000: 2005 Quality management systems-Fundamentals and vocabulary

[3] IS0 19011: 2002 Guidelines for quality and/or environmental management sys- tems auditing，本標準為質(zhì)量／環(huán)境管理體系的審核提供了指南，實際上是為所有的管理體系審核提供了指南。

[4] ISO/IEC 27001: 2005- Information technology-Security techniques-Information security management systems-Requirements

[5] ISO/IEC 27002: 2005 Information technology-Security techniques-Code of practice for information security management

[6] IS()/IEC 27003 Information technology--Security techniques-Information securi- ty management system implementation guidance

[7] ISO/IEC 27004 Information technology-Security techniques-Information securi- ty management-Measurement

[8] IS()/IEC 27005: 2008 Information technology-Security techniques-Information security risk management

[9] IS()/IEC 27006: 2007 Information technology-Security techniques-Requirements for bodies providing audit and certification of information security management systems

[10] ISO/IEC 27007 Information technology-Security techniques--Guidelines for in- formation security management systems auditing

[11] ISO/IEC 27011 Information technology-Security techniques-Information secu- rity management guidelines for telecommunications organizations based on ISO/IEC 27002

[12] IS0 27799: 2008 Health informatics-Information security management in health using ISO/IEC 27002，文獻[4] -文獻[12]在表2-1中都有概述，部分標準在下文中還有更詳細的介紹。

[13] ISO/IEC Guide 73: 2002, Risk Management-Vocabulary-Guidelines for use in standardso