資訊安全研習 淺談資訊安全威脅與個人資訊安全防護epaper.hss.nthu.edu.tw/261/files/d3.pdf · 資訊安全的主要目的 降低安全威脅發生的機會,並且縮短災難發生時
第十章 資訊安全管理
-
Upload
kenneth-garza -
Category
Documents
-
view
95 -
download
0
description
Transcript of 第十章 資訊安全管理
-
80%
-
(Information Security Management SystemISMS )
-
10.1
-
10.1 (Information Security Management SystemISMS ) BS 7799BS 7799( British Standards InstituteBSI )1999BS 7799 Part-1 and Part-2ISOPart-12000ISO/IEC 17799 BS 7799 Part-2 2005 ISO ISO 2700 : 2005
-
10.2 ( Confidentiality ) ( Integrity ) ( Availability)10-1CIA (Non-repudiation) (Authenticity)( Accountability )
-
10.2 CIA
-
10.2 10-1
-
10.2 CIA ( Non-repudiation ) ( Authentication ) ( Authority )( Accountability )
-
10.3
-
10.3.110-2
-
10.3.1 10-2
F
Wd
{
?
?
p?
-
10.3.1
-
10.3.2
-
10.3.2599.5%99.9%
-
10.3.2
-
10.4 1990TCSEC ( Trust Computer System Evaluation Criteria )ITSEC ( Information Technique System Evaluation Criteria )CC (Common Criteria )BS 7799 (Code of Practice for Information Security Management )
-
10.4 10-3 (Information Security Management SystemISMS ) BS 7799 ( British Standards InstituteBSI ) 1999BS7799 Part 1 Part 22000ISOPart 1ISO/IEC 17799BS 7799 Part 2 2005 ISO ISO 2700 : 200519291931(BSI)
-
10.4 10-3
OCEDTtw 1990
UK DTITwzIh 1993
ISOISO/IEC 177992000
UK BSITwzIh BS7799-Part11995
ISOISO/IEC 17799J20052005
UK BSITwztWdBS7799-Part 21998
gTwztCNS177992002
gTwzt CNS178002002
UK BSITwztWd BS7799-Part 2J20022002
-
10.4 ISO/IEC 27002 (ISMS) ISO 177992002 CNS 17799 BS 7799 Part 2 CNS 17800
-
10.5 PDCA ( Plan ) ( Do ) ( Check ) ( Action )PDCA10-4
-
10.5 PDCA123
PDCA (Total Quality ManagementTQM)
-
10.5 10-4 PDCA
pe(Plan)
(Do)
d(Check)
(Action)
-
10.5 Management ReviewPDCAPlan, Do, Check, Act (Check)
-
10.6 ISO 17799 ( CNS 17799)PDCA ISO 17799 10-536127
-
10.6 10-5
Tt
oB}
oM@
wF
Tw
z
HOw
M
w
qTP@~
z
Tt
oB}
oM@
s
TwGz
Bz
`
-
10.6 (Security Policy) (Organizational Security) (Asset Classification and Control ) (Personnel Security)
-
10.6 (Physical and Environmental Security) (Communications and Operations Management) (Access Control)
-
10.6 (Systems Development and Maintenance) ( Information Security Incident Management) (Business Continuity Management) (Compliance)
-
10.7 (Risk Management) ( Risk Assessment ) ( Risk Mitigation ) ( Risk Evaluation )
-
10.7 10-6
-
10.7 10-5
IL{
I
IO
I
IR
T
Ii
Izw
Ipe
-
10.7
-
10.8 (Internal Auditing)
-
10.8