Download presentation
Published byJamar Kenworthy Modified over 9 years ago
1
Information Technology – Guidelines for the Management of IT Security
ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺
2
報告大綱 ISO 13335 part 1 ISO 13335 part 2 ISO 13335 part 3
3
ISO 13335 Part 1 Concepts for the Management of IT Security
Security Elements Processes for the Management of IT Security
4
Concepts for the Management
of IT Security Approach Objectives, Strategies and Policies
5
Security Elements Assets Threat Vulnerability Impact Risk Safeguard
Residual Risk Constraints
6
Processes for the Management of IT Security
Configuration Management Change Management Risk Management Risk Analysis Accountability Security Awareness Monitoring Contingency Plans and Disaster Recovery
7
ISO 13335 Part 2 Management of IT Security
Corporate IT Security Policy Organizational Aspects of IT Security Corporate Risk Analysis Strategy Options IT Security Recommendations
8
ISO 13335 Part 2 (cont.) IT System Security Policy IT Security Plan
Implementation of Safeguards Security Awareness Follow-up
9
Management of IT Security
Planning and Management Process Overview Risk Management Overview Implementation Overview Follow-up Overview
10
Corporate IT Security Policy
Objective Management Commitment Policy Relationships Corporate IT Security Policy Elements
11
Organizational Aspects of IT Security
Roles and Responsibilities Commitment Consistent Approach
12
Corporate Risk Analysis Strategy Options
Baseline Approach Information Approach Detailed Risk Analysis Combined Approach
13
IT Security Recommendations
Safeguard Selection Risk Acceptance
14
ISO 13335 Part 3 Techniques for the Management of IT Security
IT Security Objectives, Strategy Options Corporate Risk Analysis Strategy Options
15
ISO 13335 Part 3(Cont.) Combined Approach
Implementation of the IT Security Plan Follow-up
16
IT Security Objectives, Strategy Options
IT Security Objectives, Strategy and Policies Corporate IT Security Policy
17
Corporate Risk Analysis Strategy Options
Baseline Approach Information Approach Detailed Risk Analysis Combined Approach
18
Combined Approach High Level Risk Analysis Baseline Approach
Detailed Risk Analysis Selection of Safeguards Risk Acceptance IT System Policy Security IT Security Plan
19
Implementation of the IT Security Plan
Implementation of Safeguards Security Awareness Security Training Approach of IT System
20
Follow-up Maintenance Security Compliance Checking Change Management
Monitoring Incident Handling
21
ISO Part 4 Introduction to Safeguard Selection and the Concept of Baseline Basic Assessments Safeguards Baseline Approach : Selection of Safeguards According to the Type of IT System
22
ISO Part 4 (Cont.) Selection of Safeguards According to Security Concerns and Threats Selection of Safeguards According to Detail Assessment Development of an Organization-wide Baseline
23
Basic Assessment Identification of the type of IT System
Identification of Physical/Environment Conditions Assessment of Existing/planned Safeguards
24
Safeguards Organizational and Physical Safeguards
IT System Specific Safeguards
25
Selection of Safeguards According to the type of IT System
General Applicable Safeguards IT System Specific Safeguards
26
Selection of Safeguards According to security Concerns and Threat
Assessment of Security Concerns Safeguards for Confidentiality Safeguards for Integrity Safeguards for Availability Safeguards for Accountability, Authenticity, Reliability
27
Selection of Safeguards According to Detailed Assessment
Relation Between Part 3 and Part 4 of this Technical Report Principles of Selection
28
敬請指教 普華資安:蔡興樺
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.