Annex B(informative) Categorizes terms

Annex B(informative) Categorizes terms 附录B 术语分类术语分类如表-2中所示。 Bibliography 参考文献

共列出了13项参考文献，这些参考文献本身就是ISMS标准族成员或者是通用要求， 值得逐一阅读，因此在这里列出来。

[1] IS()/IEC 17021: 2006 Conformity assessment--Requirements for bodies providing audit and certification of management systems，本标准给出了审核与认证组织的通用要求， ISMS标准族中的IS()/IEC 27006：2007可以认为是本标准在特定行业的应用。

[2] IS() 9000: 2005 Quality management systems-Fundamentals and vocabulary

[3] IS0 19011: 2002 Guidelines for quality and/or environmental management sys- tems auditing，本标准为质量／环境管理体系的审核提供了指南，实际上是为所有的管理体系审核提供了指南。

[4] ISO/IEC 27001: 2005- Information technology-Security techniques-Information security management systems-Requirements

[5] ISO/IEC 27002: 2005 Information technology-Security techniques-Code of practice for information security management

[6] IS()/IEC 27003 Information technology--Security techniques-Information securi- ty management system implementation guidance

[7] ISO/IEC 27004 Information technology-Security techniques-Information securi- ty management-Measurement

[8] IS()/IEC 27005: 2008 Information technology-Security techniques-Information security risk management

[9] IS()/IEC 27006: 2007 Information technology-Security techniques-Requirements for bodies providing audit and certification of information security management systems

[10] ISO/IEC 27007 Information technology-Security techniques--Guidelines for in- formation security management systems auditing

[11] ISO/IEC 27011 Information technology-Security techniques-Information secu- rity management guidelines for telecommunications organizations based on ISO/IEC 27002

[12] IS0 27799: 2008 Health informatics-Information security management in health using ISO/IEC 27002，文献[4] -文献[12]在表2-1中都有概述，部分标准在下文中还有更详细的介绍。

[13] ISO/IEC Guide 73: 2002, Risk Management-Vocabulary-Guidelines for use in standardso