情報セキュリティ監査 用語集 - jasa.jp

1 2015 1 22 .. 2 .. 4 .. 20 .. 32 .. 35 .. 37 .. 43 .. 44 .. 45 .. 49 2003 10 3 2014 4 17 i-3c one JSAT 1 2015 2014 3 JIS Q 27000:2014 JIS Q 27001:2014 JIS Q 27002.

2 2014 JIS Q 27000:2014 2015 1 22 2 1 2 - - ALE( ) NIST ALE Annualized Loss Exposure 1 ALE ALE ALE - 3 (ID )

3 4 - - availability JISQ27000:2014 (Audit) (JISQ19011:2012) - Audit opinion) 5 - - 4 6 - Audit plan

4 - 2005 - - 7 (Audit evidence) Audit trail - (JISQ19011.)

5 2012) - - 8 - 2005 - 9

6 1 (Working papers) - (Observation) 10 - (Audit procedure) - Audit program (Auditor)

7 11 2005 - - - 12 (Audit report) - (Reporting of the audit) - - - - (Audit risk)

8 13 3 Integrity JISQ27000:2014 Control modifying JISQ27000:2014 Control - 14 - - (Standard) IT - Confidentiality JISQ27000.

9 2014 - (Threat JISQ27000:2014 - - 15 2005 IT - - - - - (Assertion) 16 (Statement of assertions))

10 - - (Agree) - Agreed Upon Procedure AUP ( - - 17 - - COBIT( ) IT Control Objectives for Information and related Technology (COBIT) EDP EDPAF control objectives (IT) COBIT IT IT - (Reasonable assurance))