Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Technology – Guidelines for the Management of IT Security

Similar presentations


Presentation on theme: "Information Technology – Guidelines for the Management of IT Security"— Presentation transcript:

1 Information Technology – Guidelines for the Management of IT Security
ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺

2 報告大綱 ISO 13335 part 1 ISO 13335 part 2 ISO 13335 part 3

3 ISO 13335 Part 1 Concepts for the Management of IT Security
Security Elements Processes for the Management of IT Security

4 Concepts for the Management
of IT Security Approach Objectives, Strategies and Policies

5 Security Elements Assets Threat Vulnerability Impact Risk Safeguard
Residual Risk Constraints

6 Processes for the Management of IT Security
Configuration Management Change Management Risk Management Risk Analysis Accountability Security Awareness Monitoring Contingency Plans and Disaster Recovery

7 ISO 13335 Part 2 Management of IT Security
Corporate IT Security Policy Organizational Aspects of IT Security Corporate Risk Analysis Strategy Options IT Security Recommendations

8 ISO 13335 Part 2 (cont.) IT System Security Policy IT Security Plan
Implementation of Safeguards Security Awareness Follow-up

9 Management of IT Security
Planning and Management Process Overview Risk Management Overview Implementation Overview Follow-up Overview

10 Corporate IT Security Policy
Objective Management Commitment Policy Relationships Corporate IT Security Policy Elements

11 Organizational Aspects of IT Security
Roles and Responsibilities Commitment Consistent Approach

12 Corporate Risk Analysis Strategy Options
Baseline Approach Information Approach Detailed Risk Analysis Combined Approach

13 IT Security Recommendations
Safeguard Selection Risk Acceptance

14 ISO 13335 Part 3 Techniques for the Management of IT Security
IT Security Objectives, Strategy Options Corporate Risk Analysis Strategy Options

15 ISO 13335 Part 3(Cont.) Combined Approach
Implementation of the IT Security Plan Follow-up

16 IT Security Objectives, Strategy Options
IT Security Objectives, Strategy and Policies Corporate IT Security Policy

17 Corporate Risk Analysis Strategy Options
Baseline Approach Information Approach Detailed Risk Analysis Combined Approach

18 Combined Approach High Level Risk Analysis Baseline Approach
Detailed Risk Analysis Selection of Safeguards Risk Acceptance IT System Policy Security IT Security Plan

19 Implementation of the IT Security Plan
Implementation of Safeguards Security Awareness Security Training Approach of IT System

20 Follow-up Maintenance Security Compliance Checking Change Management
Monitoring Incident Handling

21 ISO Part 4 Introduction to Safeguard Selection and the Concept of Baseline Basic Assessments Safeguards Baseline Approach : Selection of Safeguards According to the Type of IT System

22 ISO Part 4 (Cont.) Selection of Safeguards According to Security Concerns and Threats Selection of Safeguards According to Detail Assessment Development of an Organization-wide Baseline

23 Basic Assessment Identification of the type of IT System
Identification of Physical/Environment Conditions Assessment of Existing/planned Safeguards

24 Safeguards Organizational and Physical Safeguards
IT System Specific Safeguards

25 Selection of Safeguards According to the type of IT System
General Applicable Safeguards IT System Specific Safeguards

26 Selection of Safeguards According to security Concerns and Threat
Assessment of Security Concerns Safeguards for Confidentiality Safeguards for Integrity Safeguards for Availability Safeguards for Accountability, Authenticity, Reliability

27 Selection of Safeguards According to Detailed Assessment
Relation Between Part 3 and Part 4 of this Technical Report Principles of Selection

28 敬請指教 普華資安:蔡興樺


Download ppt "Information Technology – Guidelines for the Management of IT Security"

Similar presentations


Ads by Google