This International Standard gives guidance and general principles for an organization to initiate, implement, maintain and improve information security management. The objectives listed in this International Standard provide general guidance for commonly accepted objectives of information security management. The control objectives of this International Standard and the implementation of control measures are designed to meet the requirements identified in the risk assessment. This International Standard serves as a practical guide for establishing an organization's security principles and effective security management practices, and helps build trust in inter-organizational activities.
GB/T 22081-2008 history
2016GB/T 22081-2016 Information Technology—Security Techniques—Code ofpractice for information security controls
2008GB/T 22081-2008 Information technology.Security techniques.Code of practice for information security management
2005GB/T 19716-2005 Information technology.Code of practice for information security management
GB/T 22081-2008 Information technology.Security techniques.Code of practice for information security management has been changed from GB/T 19716-2005 Information technology.Code of practice for information security management.