190823 ISO 27001 A.16

A.16.1		資訊安全事故與改進之管理  Management of information security incidents and improvements
		目標：確保資訊安全事故的管理採用一致且有效的方法，包括安全事件與弱點之傳遞。  Objective: To ensure a consistent and effective approach to the management of information security incidents, including communication on security events and weaknesses.

A.16.1.1		責任與程序 Responsibilities and procedures
		管理責任與程序應加以建立，以確保對資訊安全事故做出迅速、有效且有條理的回應。  Management responsibilities and procedures shall be established to ensure a quick, effective and orderly response to information security incidents.

A.16.1.2		資訊安全事件之通報 Reporting information security events
		資訊安全事件應儘速地透過適當的管理管道通報。  Information security events shall be reported through appropriate management channels as quickly as possible.

A.16.1.3		資訊安全弱點之通報  Reporting information security weaknesses
		應要求使用組織的資訊系統與服務之員工與承包商，在系統或服務中觀察到或有可疑的資訊系統弱點時，必須記錄並回報。  Employees and contractors using the organization’s information systems and services shall be required to note and report any observed or suspected information security weaknesses in systems or services.

A.16.1.4		資訊安全事件的評估與決策  Assessment of and decision on information security events
		資訊安全事件應加以評估並確認是否應將其歸類為資訊安全事故。  Information security events shall be assessed and it shall be decided if they are to be classified as information security incidents.

A.16.1.5		資訊安全事故之回應  Response to information security incidents
		資訊安全事故應依據文件中的程序加以回應。 Information security incidents shall be responded to in accordance with the documented procedures.

A.16.1.6		從資訊安全事故中學習 Learning from information security incidents
		自分析與解決資訊安全事故所獲得的知識，應用來降低未來事故發生之可能性或影響。  Knowledge gained from analysing and resolving information security incidents shall be used to reduce the likelihood or impact of future incidents.

A.16.1.7		證據之收集 Collection of evidence
		組織應定義並採取可做為證據之用的資訊之識別、收集、獲得與保存的程序。  The organization shall define and apply procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence.