第十章資訊安全管理

1 第第第第第第第第第本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本（）（），，本本本本本本本本本本本本本本本本本本本本本本本本本本本本本、、（ 80% 本本本本本本本本本本本本本本本本本本本本本本本本本本本），本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本本，、；，，本本本本本本本本本本本本本本本本本本本。

Upload: kenneth-garza

Post on 30-Dec-2015

95 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

DESCRIPTION

第十章資訊安全管理. 本投影片（下稱教用資源）僅授權給採用教用資源相關之旗標書籍為教科書之授課老師（下稱老師）專用，老師為教學使用之目的，得摘錄、編輯、重製教用資源（但使用量不得超過各該教用資源內容之 80% ）以製作為輔助教學之教學投影片，並於授課時搭配旗標書籍公開播放，但不得為網際網路公開傳輸之遠距教學、網路教學等之使用；除此之外，老師不得再授權予任何第三人使用，並不得將依此授權所製作之教學投影片之相關著作物移作他用。. 第十章資訊安全管理. - PowerPoint PPT Presentation

TRANSCRIPT

80%
(Information Security Management SystemISMS )
10.1
10.1 (Information Security Management SystemISMS ) BS 7799BS 7799( British Standards InstituteBSI )1999BS 7799 Part-1 and Part-2ISOPart-12000ISO/IEC 17799 BS 7799 Part-2 2005 ISO ISO 2700 : 2005
10.2 ( Confidentiality ) ( Integrity ) ( Availability)10-1CIA (Non-repudiation) (Authenticity)( Accountability )
10.2 CIA
10.2 10-1
10.2 CIA ( Non-repudiation ) ( Authentication ) ( Authority )( Accountability )
10.3
10.3.110-2
10.3.1 10-2

F

Wd

{

?

?

p?
10.3.1
10.3.2
10.3.2599.5%99.9%
10.3.2
10.4 1990TCSEC ( Trust Computer System Evaluation Criteria )ITSEC ( Information Technique System Evaluation Criteria )CC (Common Criteria )BS 7799 (Code of Practice for Information Security Management )
10.4 10-3 (Information Security Management SystemISMS ) BS 7799 ( British Standards InstituteBSI ) 1999BS7799 Part 1 Part 22000ISOPart 1ISO/IEC 17799BS 7799 Part 2 2005 ISO ISO 2700 : 200519291931(BSI)
10.4 10-3

OCEDTtw 1990

UK DTITwzIh 1993

ISOISO/IEC 177992000

UK BSITwzIh BS7799-Part11995

ISOISO/IEC 17799J20052005

UK BSITwztWdBS7799-Part 21998

gTwztCNS177992002

gTwzt CNS178002002

UK BSITwztWd BS7799-Part 2J20022002
10.4 ISO/IEC 27002 (ISMS) ISO 177992002 CNS 17799 BS 7799 Part 2 CNS 17800
10.5 PDCA ( Plan ) ( Do ) ( Check ) ( Action )PDCA10-4
10.5 PDCA123

PDCA (Total Quality ManagementTQM)
10.5 10-4 PDCA

pe(Plan)

(Do)

d(Check)

(Action)
10.5 Management ReviewPDCAPlan, Do, Check, Act (Check)
10.6 ISO 17799 ( CNS 17799)PDCA ISO 17799 10-536127
10.6 10-5

Tt

oB}

oM@

wF

Tw

z

HOw

M

w

qTP@~

z

Tt

oB}

oM@

s

TwGz

Bz

`
10.6 (Security Policy) (Organizational Security) (Asset Classification and Control ) (Personnel Security)
10.6 (Physical and Environmental Security) (Communications and Operations Management) (Access Control)
10.6 (Systems Development and Maintenance) ( Information Security Incident Management) (Business Continuity Management) (Compliance)
10.7 (Risk Management) ( Risk Assessment ) ( Risk Mitigation ) ( Risk Evaluation )
10.7 10-6
10.7 10-5

IL{

I

IO

I

IR

T

Ii

Izw

Ipe
10.7
10.8 (Internal Auditing)
10.8