标准化应用於中小企业导入

1NII2AllRightsReservedbyNII24AllRightsReservedbyNIICNS1779935AllRightsReservedbyNII••••6AllRightsReservedbyNII••AuthenticityAccountabilityNon-repudiationReliabilityCNS1779947AllRightsReservedbyNIIFact8AllRightsReservedbyNII?•A48()•B3()•A•B()ÆB59AllRightsReservedbyNII•InformationSecurityManagementSystem,ISMS611AllRightsReservedbyNIIISMS•BS7799-1ÎISO17799:2005ÎCNS17799–Codeofpracticeforinformationsecuritymanagement–•BS7799-2ÎISO27001:2005ÎCNS17800–InformationSecurityManagementSystems-Requirements–12AllRightsReservedbyNIIISO27001:20051139133713AllRightsReservedbyNIIISO27001:2005••••()••ÆPDCAPlan,Do,Check,Action•Æ•14AllRightsReservedbyNIIISO27001:2005EstablishISMSImplementandoperatetheISMSMaintainandimprovetheISMSMonitorandreviewtheISMSDoPlanActCheckInterestedPartiesInformationSecurityrequirementsandexpectationsinputoutputInterestedPartiesManagedInformationsecurity815AllRightsReservedbyNIIISO27001:2005•ISO27001BS7799:20022746ISO27001211##38394258921942491681161514131211109CzechRepublicFinlandAustraliaSingaporeHongKongNetherlandsChinaHungary141520212226273087654321KoreaUSAItalyGermanyTaiwanIndiaUKJapanSource:ISMSInternationalUserGroup917AllRightsReservedbyNII•–116.497.8%NT$100,000–GartnerResearch200540%–)18AllRightsReservedbyNII•–––ISO27001•1019AllRightsReservedbyNII•–––•–ISMS–ISMS––20AllRightsReservedbyNII20-80•Thisrulestatesthat80%ofsecurityriskiseffectivelymanagedbyimplementingthemostimportant20%ofavailabletechnicalsecuritycontrols,whichareremovingunneededservices,keepingservicepatchescurrent,andenforcingstrongpasswords.©SymantecCorporation1121AllRightsReservedbyNII22AllRightsReservedbyNII126167624AllRightsReservedbyNII1325AllRightsReservedbyNII•200•200•20•26AllRightsReservedbyNII()1428AllRightsReservedbyNII•––NDA–()––––•–/––1529AllRightsReservedbyNII()16431.82.163.(74.75.36.(2)24331.(8)2.(12)3.(8)4.(5)1631AllRightsReservedbyNII1712ISMSISMSISMSISMS•••3••0.5•ISMS•ISMS•9•••0.5•ISMS•15•••2•••••••••••••••••3034AllRightsReservedbyNII1016201520501019170e-learning20351835AllRightsReservedbyNII54.02NANA053.2753.774.83.51653.6836AllRightsReservedbyNII•••–3051937AllRightsReservedbyNII38AllRightsReservedbyNII2040AllRightsReservedbyNII2141AllRightsReservedbyNII42AllRightsReservedbyNII•ISO/IEC17799:2005•ISO/IEC27001:2005•CNS17799•CNS17800•ISO/IECTR13335–GuidelineforthemanagementofITSecurity•ISO/TR13569–Bankingandrelatedfinancialservices–Informationsecurityguidelines•ISO19791–Securityassessmentofoperationalsystem•ISO18045–MethodologyforITsecurityevaluation•PD3001–PreparingforBS7799certification•PD3002–GuidetoRiskassessmentandriskmanagement•PD3003–“AreyoureadyforaBS7799audit”•PD3004–GuidetoBS7799auditing•PD3005–GuidetotheselectionofBS7799controls22NIIlliang@nii.org.tw