Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Technology – Guidelines for the Management of IT Security

Published byJamar Kenworthy Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Technology – Guidelines for the Management of IT Security"— Presentation transcript:

1 Information Technology – Guidelines for the Management of IT Security
ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺

2 報告大綱 ISO 13335 part 1 ISO 13335 part 2 ISO 13335 part 3

3 ISO 13335 Part 1 Concepts for the Management of IT Security
Security Elements Processes for the Management of IT Security

4 Concepts for the Management
of IT Security Approach Objectives, Strategies and Policies

5 Security Elements Assets Threat Vulnerability Impact Risk Safeguard
Residual Risk Constraints

6 Processes for the Management of IT Security
Configuration Management Change Management Risk Management Risk Analysis Accountability Security Awareness Monitoring Contingency Plans and Disaster Recovery

7 ISO 13335 Part 2 Management of IT Security
Corporate IT Security Policy Organizational Aspects of IT Security Corporate Risk Analysis Strategy Options IT Security Recommendations

8 ISO 13335 Part 2 (cont.) IT System Security Policy IT Security Plan
Implementation of Safeguards Security Awareness Follow-up

9 Management of IT Security
Planning and Management Process Overview Risk Management Overview Implementation Overview Follow-up Overview

10 Corporate IT Security Policy
Objective Management Commitment Policy Relationships Corporate IT Security Policy Elements

11 Organizational Aspects of IT Security
Roles and Responsibilities Commitment Consistent Approach

12 Corporate Risk Analysis Strategy Options
Baseline Approach Information Approach Detailed Risk Analysis Combined Approach

13 IT Security Recommendations
Safeguard Selection Risk Acceptance

14 ISO 13335 Part 3 Techniques for the Management of IT Security
IT Security Objectives, Strategy Options Corporate Risk Analysis Strategy Options

15 ISO 13335 Part 3(Cont.) Combined Approach
Implementation of the IT Security Plan Follow-up

16 IT Security Objectives, Strategy Options
IT Security Objectives, Strategy and Policies Corporate IT Security Policy

17 Corporate Risk Analysis Strategy Options
Baseline Approach Information Approach Detailed Risk Analysis Combined Approach

18 Combined Approach High Level Risk Analysis Baseline Approach
Detailed Risk Analysis Selection of Safeguards Risk Acceptance IT System Policy Security IT Security Plan

19 Implementation of the IT Security Plan
Implementation of Safeguards Security Awareness Security Training Approach of IT System

20 Follow-up Maintenance Security Compliance Checking Change Management
Monitoring Incident Handling

21 ISO Part 4 Introduction to Safeguard Selection and the Concept of Baseline Basic Assessments Safeguards Baseline Approach : Selection of Safeguards According to the Type of IT System

22 ISO Part 4 (Cont.) Selection of Safeguards According to Security Concerns and Threats Selection of Safeguards According to Detail Assessment Development of an Organization-wide Baseline

23 Basic Assessment Identification of the type of IT System
Identification of Physical/Environment Conditions Assessment of Existing/planned Safeguards

24 Safeguards Organizational and Physical Safeguards
IT System Specific Safeguards

25 Selection of Safeguards According to the type of IT System
General Applicable Safeguards IT System Specific Safeguards

26 Selection of Safeguards According to security Concerns and Threat
Assessment of Security Concerns Safeguards for Confidentiality Safeguards for Integrity Safeguards for Availability Safeguards for Accountability, Authenticity, Reliability

27 Selection of Safeguards According to Detailed Assessment
Relation Between Part 3 and Part 4 of this Technical Report Principles of Selection

28 敬請指教 普華資安:蔡興樺

Download ppt "Information Technology – Guidelines for the Management of IT Security"

Similar presentations

I-Secure Product Overview © 2010 ECC International. All Rights Reserved www.eccIgroup.com 1 ECC International PHILIPPINES :: MALAYSIA :: VIETNAM © 2010.

I-Secure Product Overview © 2010 ECC International. All Rights Reserved 1 ECC International PHILIPPINES :: MALAYSIA :: VIETNAM © 2010.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Session 2 World Bank Institute Katalin Demeter

Session 2 World Bank Institute Katalin Demeter
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Information Systems Security Officer

Information Systems Security Officer
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Overview and Introduction

Overview and Introduction
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Computer Security: Principles and Practice

Computer Security: Principles and Practice
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Risk Management Vs Risk avoidance William Gillette.

Risk Management Vs Risk avoidance William Gillette.
Session 3 – Information Security Policies

Session 3 – Information Security Policies

Similar presentations

Ads by Google