![Page 1: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/1.jpg)
1
ISO/IEC 13335
Information Technology – Guidelines for the Management of IT Security
普華資安股份有限公司報告人:蔡興樺
![Page 2: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/2.jpg)
2
ISO 13335 part 1
ISO 13335 part 2
ISO 13335 part 3
ISO 13335 part 4
報告大綱
![Page 3: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/3.jpg)
3
Concepts for the
Management of IT
Security
Security Elements
Processes for the
Management of IT
Security
ISO 13335 Part 1
![Page 4: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/4.jpg)
4
Approach
Objectives, Strategies and Policies
Concepts for the Management of IT Security
![Page 5: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/5.jpg)
5
Assets Threat Vulnerability Impact
Risk Safeguard Residual Risk Constraints
Security Elements
![Page 6: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/6.jpg)
6
Configuration Management
Change Management Risk Management Risk Analysis
Accountability Security Awareness Monitoring Contingency Plans and
Disaster Recovery
Processes for the Management of IT Security
![Page 7: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/7.jpg)
7
Management of IT Security
Corporate IT Security Policy
Organizational Aspects of IT
Security
Corporate Risk Analysis
Strategy Options
IT Security Recommendations
ISO 13335 Part 2
![Page 8: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/8.jpg)
8
IT System Security Policy
IT Security Plan
Implementation of
Safeguards
Security Awareness
Follow-up
ISO 13335 Part 2 (cont.)
![Page 9: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/9.jpg)
9
Management of IT Security
Planning and Management Process Overview
Risk Management Overview Implementation Overview Follow-up Overview
![Page 10: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/10.jpg)
10
Corporate IT Security Policy
Objective Management Commitment Policy Relationships Corporate IT Security Policy Elements
![Page 11: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/11.jpg)
11
Organizational Aspects of IT Security
Roles and Responsibilities Commitment Consistent Approach
![Page 12: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/12.jpg)
12
Corporate Risk Analysis Strategy Options
Baseline Approach Information Approach Detailed Risk Analysis Combined Approach
![Page 13: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/13.jpg)
13
IT Security Recommendations
Safeguard Selection
Risk Acceptance
![Page 14: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/14.jpg)
14
ISO 13335 Part 3
Techniques for the Management of IT Security
IT Security Objectives, Strategy Options
Corporate Risk Analysis Strategy Options
![Page 15: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/15.jpg)
15
ISO 13335 Part 3(Cont.)
Combined Approach
Implementation of the
IT Security Plan
Follow-up
![Page 16: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/16.jpg)
16
IT Security Objectives, Strategy Options
IT Security Objectives, Strategy and Policies
Corporate IT Security Policy
![Page 17: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/17.jpg)
17
Corporate Risk Analysis Strategy Options
Baseline Approach Information Approach Detailed Risk Analysis Combined Approach
![Page 18: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/18.jpg)
18
Combined Approach
High Level Risk Analysis Baseline Approach Detailed Risk Analysis Selection of Safeguards Risk Acceptance IT System Policy Security IT Security Plan
![Page 19: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/19.jpg)
19
Implementation of the IT Security Plan
Implementation of Safeguards Security Awareness Security Training Approach of IT System
![Page 20: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/20.jpg)
20
Follow-up
Maintenance Security Compliance Checking Change Management Monitoring Incident Handling
![Page 21: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/21.jpg)
21
ISO 13335 Part 4
Introduction to Safeguard Selection and the Concept of Baseline
Basic Assessments Safeguards Baseline Approach :
Selection of Safeguards According to the Type of IT System
![Page 22: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/22.jpg)
22
ISO 13335 Part 4 (Cont.)
Selection of Safeguards According to Security Concerns and Threats
Selection of Safeguards According to Detail Assessment
Development of an Organization-wide Baseline
![Page 23: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/23.jpg)
23
Basic Assessment
Identification of the type of IT System Identification of Physical/Environment
Conditions Assessment of Existing/planned Safeguards
![Page 24: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/24.jpg)
24
Safeguards
Organizational and Physical Safeguards IT System Specific Safeguards
![Page 25: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/25.jpg)
25
Selection of Safeguards According to the type of IT System
General Applicable Safeguards IT System Specific Safeguards
![Page 26: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/26.jpg)
26
Selection of Safeguards According to security Concerns and Threat
Assessment of Security Concerns Safeguards for Confidentiality Safeguards for Integrity Safeguards for Availability Safeguards for Accountability,
Authenticity, Reliability
![Page 27: 1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺 Steven.Tsai@mail.pwcglobal.com.tw](https://reader036.vdocuments.pub/reader036/viewer/2022062515/56649c755503460f94928ed6/html5/thumbnails/27.jpg)
27
Selection of Safeguards According to Detailed Assessment
Relation Between Part 3 and Part 4 of this Technical Report
Principles of Selection