ДСТУ ISO/IEC 27102:2023 Керування інформаційною безпекою. Настанови щодо кіберстрахування (ISO/IEC 27102:2019, IDT)



ДСТУ ISO/IEC 27102:2023
(ISO/IEC 27102:2019, IDT)

Керування інформаційною безпекою.
Настанови щодо кіберстрахування

 
   
 
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)

Contents

Foreword

Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Structure of this document

5 Overview of cyber-insurance and cyber-insurance policy

5.1 Cyber-insurance

5.2 Cyber-insurance policy

6 Cyber-risk and insurance coverage

6.1 Risk management process and cyber-insurance

6.2 Cyber-incidents

6.3 Business impact and insurable losses

6.4 Supplier risk

6.5 Silent or non-affirmative coverage in other insurance policies

6.6 Vendors and counsel for incident response

6.7 Cyber-insurance policy exclusions

6.8 Coverage amount limits

7 Risk assessment supporting cyber-insurance underwriting

7.1 Overview

7.2 Information collection

7.3 Cyber-risk assessment of the insured

8 Role of ISMS in support of cyber-insurance

8.1 Overview

8.2 ISMS as a source of information

8.3 Sharing of information about risks and controls

8.4 Meeting cyber-insurance policy obligations

Annex A (informative) Examples of ISMS documents for sharing

Bibliography