The Issue of Information Security Management ?????? - PowerPoint PPT Presentation
Title:
The Issue of Information Security Management ??????
Description:
Title: (The Issue of Information Security Management) Author: myday Keywords: , , Information Security Management, ISMS – PowerPoint PPT presentation
Number of Views:92
Avg rating:3.0/5.0
Title: The Issue of Information Security Management ??????
1
The Issue of Information Security
Management??????
Course Orientation for Information Security
Management ??????????
1012ISM01 MI4Mon 8, 9 (1510-1700) (B703)
Min-Yuh Day ??? Assistant Professor ?????? Dept.
of Information Management, Tamkang
University ???? ?????? http//mail.
tku.edu.tw/myday/ 2013-02-18
2
????101????2?????????(2013.02 - 2013.06)
- ?????????? (The Issue of
Information Security Management) - ??????? (Min-Yuh Day)
- ???????P(TLMXB4P)
- ?????? ??? 2 ?? (2 Credits, Elective)
- ?????? 8, 9 (Mon 1510-1700)
- ????B703
3
????
- ???????????????????
- ??????
- ISO 27001 ????????,
- ??????,????,????,
- ??????,
- ????????,
- ????,??????,
- ?????????,???????,
- ????,?????????????,
- ??????,??????,
- ????????????????,
- ????,????,?????
4
Course Introduction
- This course introduces the fundamental concepts
and practices of information security management.
- Topics include
- Introduction to ISO 27001 Information Security
Management System (ISMS), - Information Security Risk, Risk Assessment,
- Information Security Policy, Organization of
Information Security, - Assets Management, Human Resources Management,
- Physical and Environmental Security,
- Communications and Operations Management, Access
Control, - Information Systems Acquisition, Development and
Maintenance, - Information Security Incident Management,
- Business Continuity Management,
- Compliance,
- Internal Audit, Management Review, Continuous
Improvement
5
????(Objective)
- ????????????????????????
- Students will be able to understand and apply the
fundamental concepts and practices of information
security management.
6
?????????
- ????
- ?????????????
- ????
- ????????????
7
???? (Syllabus)
- ?? ?? ??(Subject/Topics)
- 1 102/02/18 ??????????
(Course Orientation for Information Security
Management) - 2 102/02/25 ISO 27001 ??????????
(Introduction to ISO 27001
Information Security Management System ISMS) - 3 102/03/04 ?????? (Information Security
Risk) ???? ( Risk
Assessment) - 4 102/03/11 ?????? (Information Security
Policy) - 5 102/03/18 ???????? (Organization of
Information Security)
???? (Assets Management) - 6 102/03/25 ?????? (Human Resources
Management) ?????????
(Physical and Environmental Security)
??????? (Communications and
Operations Management)
???? (Access Control) - 7 102/04/01 ??????? (Off-campus study)
8
???? (Syllabus)
- ?? ?? ??(Subject/Topics)
- 8 102/04/08 ?????????????
(Information Systems Acquisition,
Development and Maintenance) - 9 102/04/15 ???? (Midterm Presentation)
- 10 102/04/22 ?????
- 11 102/04/29 ????????
(Invited Talk on Information Security
Management)(Invited Speaker) - 12 102/05/06 ?????? (Information Security
Incident Management)
?????? (Business Continuity Management)
???????????????? (Compliance) - 13 102/05/13 ???? (Internal Audit)
???? (Management Review)
???? (Continuous
Improvement) - 14 102/05/20 ???? (Final Presentation)
- 15 102/05/27 ?????
9
?????????
- ???? (Textbook)
- ?? (Slides)
- ???? (References)
- ????????,????????????
- Alan Calder and Steve Watkins (2012), IT
governance a managers guide to data security
and ISO 27001/ ISO 27002, 5th edition, Kogan Page.
10
????????
- ????30.0
- ????30.0
- ?? (???????????)40.0 (3 ???)
11
???? (information security)
- ???? (information security)
- ???????????????? ??, ??????????????????????????
? CNS 17799 - information security
- preservation of confidentiality, integrity and
availability of information in addition, other
properties such as authenticity, accountability,
non-repudiation and reliability can also be
involved ISO/IEC 177992005
Source ISO/IEC 270012005, CNS 27001
12
????????(Information Security Management System,
ISMS)
- ???????? (Information Security Management System,
ISMS) - ??????????, ???????(??)???, ??????????????????????
????? - ?? ??????????????????????????????????
- information security management system (ISMS)
- that part of the overall management system, based
on a business risk approach, to establish,
implement, operate, monitor, review, maintain and
improve information security - NOTE The management system includes
organizational structure, policies, planning
activities, responsibilities, practices,
procedures, processes and resources.
Source ISO/IEC 270012005, CNS 27001
13
?????????
- ???????????????????????????????????????
????????? 2003 ? 2004 ?,????? Wells Fargo
??????????????????????????????????????????,???????
????????
Source??? (2011),?????????,???,??
14
????????
Source??? (2011),?????????,???,??
15
???????
Source??? (2011),?????????,???,??
16
PDCA model applied to ISMS processes
Source ISO/IEC 270012005
17
??? ISMS ???PDCA ??
Source CNS 27001
18
????????/??
Source ????????????,????????
19
????????????
Source ????????????,????????
20
????????????
- ISO 27001 (ISO 27001 Lead Auditor)
- BSI (The British Standards Institution)
- Security
- CompTIA
- CISSP (Certified Information Systems Security
Professional) - (ISC)2 (International Information Systems
Security Certification Consortium) - SSCP (Systems Security Certified Practitioner)
- (ISC)2 (International Information Systems
Security Certification Consortium) - CEH (Certified Ethical Hacker)
- EC-Council
21
Contact Information
- ??? ?? (Min-Yuh Day, Ph.D.)
- ??????
- ???? ??????
- ??02-26215656 2347
- ??02-26209737
- ???i716 (??????)
- ?? 25137 ?????????151?
- Email myday_at_mail.tku.edu.tw
- ??http//mail.tku.edu.tw/myday/
Recommended
CrystalGraphics Presentations
