摘要： ISO 27001给出了信息安全管理体系要求方面的最佳实践标准，但并没有说明体系要求方面内在的逻辑关系。该文将ISO 27001分解为过程方法要求和安全控制要求2个部分，在过程方法上按照PDCA的循环模型重新解构了过程方法要求之间的关系，在安全控制上按照主体访问客体的方式重组了安全控制要求之间的关系。

关键词: 信息安全管理体系, PDCA循环, 主客体, 过程方法要求, 安全控制要求

Abstract: ISO 27001 provides a best practice of information security management, but it dosen’t present the internal logical relations among the security management requirements. This paper divides ISO 27001 into two parts: methodological requirements and security control requirements. The methodological requirements are organized into the Plan-Do-Check-Act(PDCA) model, and the security control requirements are arranged into "subject access object" model.

Key words: Information Security Management System(ISMS), Plan-Do-Check-Act(PDCA), subject-object, methodological requirements, security control requirements

中图分类号: 

• TP391