标题页
DESCRIPTION
标题页. 结合实践构建 电子政务信息安全保障体系 的思路和框架. 2005 年 4 月 北京启明星辰信息技术有限公司 首席战略官 潘柱廷. 摘要. 构建信息安全保障体系 原则和要求 了解威胁( 4 类) 了 解资产和业务( ITA 、安全域) 了解保障措施(产品和服务) 思路( 7 类模型) 框架( PPT+AIDARC ) 当前构建“保障”体系的要点 — 检测. 问题. 什么是信息安全? 到底要解决那些问题? 怎么实施信息安全建设?. 问题. 什么是信息安全? 通过回答最根本的问题,帮助我们探究事物的本原。 到底要解决那些问题? - PowerPoint PPT PresentationTRANSCRIPT
-
20054
-
4ITA7PPT+AIDARC
-
1. 27
-
[2003]272003826
-
-
-
-
-
-
-
1... ...
-
2
-
3... ... ... ...
-
2
-
ABC
-
Advisory typically released
-
3
-
ITITA
-
ITAOA
-
ITA-
-
ITA-
-
ITA-
-
ITA
-
4
-
/
-
VPN
-
VPNIDSIT
-
VPNIDSIT
-
5
-
7()
-
7M1:
M2:
M3:
M4:
M5:
M6:
M7:
-
7M1: M2: M3: M4: M5: PDRM6: M7: PDCA
-
M1: --AST/--PPT--
-
--PPTPeopleProcessTechnology
-
M2: ITA
-
M3: - CIAConfidentiality Integrity Availability
-
7ConfidentialityIntegrityAvailabilityAuthenticityNon-ReputationAccountabilityControllability7FocusExecutionCost-effectiveTime-boundAdaptiveCoherenceCompliance
-
M4: BS7799ISO1333512-ISMC
-
BS7799/ISO17799 Part I: Code of practice for information security managementPart II: Specification for information security management
-
BS7799 / ISO 17799Code of practice for information security management
-
12
-
M5: PDR
-
M6:
-
Riskthe chance of something happening that will have an impact upon objectives. It is measured in terms of consequences and likelihood.
-AS/NZS 4360:1999
-
ISO13335
-
10
-
3
-
AS/NZS 4360
-
/-
-
M7: PDCA
-
7M1: M2: M3: M4: M5: PDRM6: M7: PDCA
-
6
-
-
-
2002912
-
365
-
ITBPM
-
SP800
-
NISTCanadian HandbookPart I Introduction and OverviewPart II Management SafeguardsPart III Operational SafeguardsPart IV Technical SafeguardsIdentification and AuthenticationLogical Access ControlAudit Trails Cryptography
-
NIST SP 800-53
-
-
-
27
-
27
-
27
-
27
-
VPNIDSIT
-
IDSSANScannerIPSPKI
-
NIDSHIDSAFMSLinuxWebkeeperIMS
-
C-SAS
-
MSS
-
VPN
-
SSE-CMMSystem Security Engineering Capability Majority Model Performed Informally Planned and Tracked Well Defined Quantitatively Controlled Continuously Improving
-
4ITA7PPT+AIDARC
-
77+7 BS7799127Control(BSI)IT components, NIST800800