Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺

Similar presentations


Presentation on theme: "1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺"— Presentation transcript:

1 1 ISO/IEC Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺

2 2  ISO part 1  ISO part 2  ISO part 3  ISO part 4 報告大綱

3 3  Concepts for the Management of IT Security  Security Elements  Processes for the Management of IT Security ISO Part 1

4 4  Approach  Objectives, Strategies and Policies Concepts for the Management of IT Security

5 5  Assets  Threat  Vulnerability  Impact  Risk  Safeguard  Residual Risk  Constraints Security Elements

6 6  Configuration Management  Change Management  Risk Management  Risk Analysis  Accountability  Security Awareness  Monitoring  Contingency Plans and Disaster Recovery Processes for the Management of IT Security

7 7  Management of IT Security  Corporate IT Security Policy  Organizational Aspects of IT Security  Corporate Risk Analysis Strategy Options  IT Security Recommendations ISO Part 2

8 8  IT System Security Policy  IT Security Plan  Implementation of Safeguards  Security Awareness  Follow-up ISO Part 2 (cont.)

9 9 Management of IT Security  Planning and Management Process Overview  Risk Management Overview  Implementation Overview  Follow-up Overview

10 10 Corporate IT Security Policy  Objective  Management Commitment  Policy Relationships  Corporate IT Security Policy Elements

11 11 Organizational Aspects of IT Security  Roles and Responsibilities  Commitment  Consistent Approach

12 12 Corporate Risk Analysis Strategy Options  Baseline Approach  Information Approach  Detailed Risk Analysis  Combined Approach

13 13 IT Security Recommendations  Safeguard Selection  Risk Acceptance

14 14 ISO Part 3  Techniques for the Management of IT Security  IT Security Objectives, Strategy Options  Corporate Risk Analysis Strategy Options

15 15 ISO Part 3(Cont.)  Combined Approach  Implementation of the IT Security Plan  Follow-up

16 16 IT Security Objectives, Strategy Options  IT Security Objectives, Strategy and Policies  Corporate IT Security Policy

17 17 Corporate Risk Analysis Strategy Options  Baseline Approach  Information Approach  Detailed Risk Analysis  Combined Approach

18 18 Combined Approach  High Level Risk Analysis  Baseline Approach  Detailed Risk Analysis  Selection of Safeguards  Risk Acceptance  IT System Policy Security  IT Security Plan

19 19 Implementation of the IT Security Plan  Implementation of Safeguards  Security Awareness  Security Training  Approach of IT System

20 20 Follow-up  Maintenance  Security Compliance Checking  Change Management  Monitoring  Incident Handling

21 21 ISO Part 4  Introduction to Safeguard Selection and the Concept of Baseline  Basic Assessments  Safeguards  Baseline Approach : Selection of Safeguards According to the Type of IT System

22 22 ISO Part 4 (Cont.)  Selection of Safeguards According to Security Concerns and Threats  Selection of Safeguards According to Detail Assessment  Development of an Organization-wide Baseline

23 23 Basic Assessment  Identification of the type of IT System  Identification of Physical/Environment Conditions  Assessment of Existing/planned Safeguards

24 24 Safeguards  Organizational and Physical Safeguards  IT System Specific Safeguards

25 25 Selection of Safeguards According to the type of IT System  General Applicable Safeguards  IT System Specific Safeguards

26 26 Selection of Safeguards According to security Concerns and Threat  Assessment of Security Concerns  Safeguards for Confidentiality  Safeguards for Integrity  Safeguards for Availability  Safeguards for Accountability, Authenticity, Reliability

27 27 Selection of Safeguards According to Detailed Assessment  Relation Between Part 3 and Part 4 of this Technical Report  Principles of Selection

28 28 敬請指教 普華資安:蔡興樺


Download ppt "1 ISO/IEC 13335 Information Technology – Guidelines for the Management of IT Security 普華資安股份有限公司 報告人:蔡興樺"

Similar presentations


Ads by Google