287设置,provisioning。其本来的意思是供应、条款等,在计算机中,经常翻译为设置,例如:The provisioning process completed successfully,设置过程成功完成。而且对照A.9.2.1描述,也可以猜测就是这个意思。其中有这样的说法: Providing or revoking access to information or information processing facilities is usually a two step procedure:a) assigning and enabling, or revoking,a user ID;b)providing, or revoking, access rights to such user ID (see 9.2.2)。注意b)提供或撤销这些用户ID的访问权(见9.2.2),也就是说9.2.2是讨论这个问题的,当然,直接看其内容也可以判断。
289本节在ISO/IEC 27001:2005中为:特权管理(Privilege management),ISO/IEC 27001:2013改成了Management of privi - 2加在ISO/IEC 27002: 2013的“其他信息”中解释:Inappropriate use of system administration privileges (any feature or facility of an information system that enables the user to override system or application controls) is a major contributory factor to fail -ures or breaches of systems,大致意思是:系统管理员特权的不适当使用(任何能超越系统或应用控制信息系统的特征或便利)是系统失效或违反的主要原因。