?????s?, ?p?t? - PowerPoint PPT Presentation

About This Presentation
Title:

?????s?, ?p?t?

Description:

Title: PKI services in the Public Sector of the EU Member States Author: Lekkas Dimitris Last modified by: sak Created Date: 4/3/2003 2:26:15 PM Document presentation ... – PowerPoint PPT presentation

Number of Views:79
Avg rating:3.0/5.0
Slides: 91
Provided by: LekkasD7
Category:
Tags:

less

Transcript and Presenter's Notes

Title: ?????s?, ?p?t?


1
?????s?, ?p?t?µ?s? ?a? ??a?e???s? ?p????d???t?ta?
?.S.
  • Sp???? ?????????
  • ?a?ep?st?µ?? ???a???
  • sak_at_aegean.gr

2
?e??e??µe?a
  • ??sa???? ?a? ßas???? ?????e?
  • ? a?a??a??t?ta d?a?e???s?? t?? ep????d???t?ta?
  • ?? p??t?p? ISO 27005
  • ? µe??d?????a CRAMM
  • ???e? µe??d?????e?
  • ???t??? ep?s??p?s?

3
??sa????
  • ?? e?d?af???? ??a t?? asf??e?a ?d??e? se
    s?µa?t??? ??e??a ?a? a??pt??? te?????? ?a?
    e??a?e???
  • ??t??t???
  • ?a epe?s?d?a pa?aß?as?? s?st?µ?t?? a??????? se
    p????? ?a? s?ßa??t?ta

4
??sa????
  • S????e?? d?s????e? st?? a??pt??? t?? asf??e?a?
    ?.S. se ep??e???se??/???a??sµ???
  • ??s????a a?t??????s?? ??st??? asf??e?a?
  • ??s????a ep????????a? µe d?????t??? ste????
  • ??s????a e?asf???s?? e?e???t???? s?µµet????
    ???st?? ?a? d?a????? ?p?st?????? ap? t? d?????s?
  • ??t????? ?t? ? asf??e?a e??a? µ??? te????? ??t?µa
  • ??s????a a??pt???? ????????µ???? ?a?
    ap?te?esµat???? s?ed??? asf??e?a? ?.S.
  • ???sd????sµ?? ?a? ap?t?µ?s? ???a??s?a???
    ep?pt?se?? ap? t?? efa?µ??? t?? s?ed??? asf??e?a?
    ?.S.

5
? ?????a t?? ep????d???t?ta?
  • ? ?p????d???t?ta (?) ????eta? ?? t? ????µe??
    t?? ???a??t?ta? (?) p?a?µat?p???s?? e???
    epe?s?d??? asf??e?a? ep? t? (??????µ??? ? ????)
    ??st?? (?) p?? ?a ep?f??e?, ?t??
  • ? ? x ?

6
?p????d???t?ta ?a? s??afe?? ?????e?
7
?p?t?µ?s? t?? ep????d???t?ta?
  • ???a t?? st???e??? t?? s?st?µat??, ta ?p??a
    ef?s?? ????? a??a ap??a????ta? a?a?? (assets). ?
    a??a e??a? s????t?s? t?? ep?pt?s?? ap? t??
    p??sß??? t?? a?a???
  • ???a??t?ta e?d???s?? µ?a? ape????
  • ???a??t?ta a???p???s?? µ?a? e?p??e?a? ?a?
    p?a?µat?p???s?? t?? ape????

8
?????s? ep????d???t?ta?
  • ?????s? ????st? ???e pa?????ta (a??a a?a???,
    p??a??t?ta ape????, s?ßa??t?ta e?pa?e???).
  • S???es? t?? pa?a???t?? ??a t?? ?p?????sµ? t??
    ßa?µ?? ep????d???t?ta?
  • ????ete? t?? pa-?ad?s?a?? (?et?-??st???) µ???d?
    t?? a?a????sµ??.
  • ?as??eta? st?? stat?st??? Bayes

9
??a?e???s? ?p????d???t?ta?
  • ? ??a?e???s? ?p????d???t?ta? ?? µe??d?????a
  • ??a?e???s? ep????d???t?ta? ?????s?
    ep????d???t?ta? ??t?µet?p?s? t?? ep????d???t?ta?

10
??a?e???s? ?p????d???t?ta? (s??e?.)
  • ?et? t?? a????s? ep????d???t?ta?
  • ?p????? a?t?µ?t??? (countermeasures)
  • ?a????sµ?? p???t???? asf??e?a?
  • S??ta?? s?ed??? asf??e?a?
  • ?fa?µ??? ?a? pa?a???????s? S?ed??? ?sf??e?a?
  • S??d?? asf??e?a? ????t??? asf??e?a? ??t?a
    p??stas?a? St?at????? efa?µ????

11
?e?????sµ?? ep????d???t?ta?
  • ?p????µe ?a µ?de??s??µe t?? ep????d???t?ta
  • ??de???? ep????d???t?ta s??ep??eta? µ?de???? a??a
    t?? st???e??? t?? s?st?µat?? ? µ?de????
    p??a??t?ta p?a?µat?p???s? µ?a? ape????.
  • ?.?. d?a??t??µe ????sµ??? p??, ?µ??, de? µp????µe
    ?a p??state?s??µe ap? pe??ate?a. ???????µe t?
    ep??e???µat??? µa? s??d?? ?a? t? p??sf????µe
    d??e??
  • St???? ? pe?????sµ?? t?? ep????d???t?ta? se
    "a?e?t?" ep?peda.
  • S????e? ???t???? ??st?? a?t?µ?t???/µe??s?
    ep????d???t?ta?

12
???p?? d?a?e???s?? ep????d???t?ta?
  • ?e??s? p??a??t?ta? e?d???s?? ape????
  • ??t?µet?p?s? e?pa?e???
  • ?e?????sµ?? ep?pt?se??
  • ????aµ??
  • ?etaß?ßas? ep????d???t?ta?
  • ?p?d??? ep????d???t?ta?

13
S????e?? d?s????e?
  • ?p??e?µe????t?ta ap?t?µ?s?? a??a? a?a??? ?
    a?t?st???a t?? µe?????? t?? ep?pt?se??
  • ???aµ??? pe??ß????? d??aµ????, s?µp???e? ?a?
    p?????e? ape????
  • ? a????p??? s?µpe??f??? d?s???a p??ß??peta? ?a?
    µ??te??p??e?ta?
  • ?? p???? p?? d?a??t??µe e??a? pepe?asµ????

14
??e??e?t?µata ??a?e???s?? ?p????d???t?ta?
  • ??t??????s? ??st??? a?t?µ?t???
  • ?e?t??s? ep????????a? a??µesa st??? e?d????? t??
    p????f?????? ?a? t? d?????s? t?? ???a??sµ??
  • ??????t? µe??d?????a, µp??e? ?a efa?µ?ste? µe
    p???????? t??p???
  • ?a??pte? t?? apa?t?se?? t?? ??µ??es?a?
  • ????? st?? ?ata???s? t?? ?.S.
  • ?p?te?e? t?? p???? d?aded?µ??? µe??d?????a

15
?e???e?t?µata ??a?e???s?? ?p????d???t?ta?
  • St????eta? se ??a ap????? µ??t??? t?? ?.S.,
    a?????ta? ta ?d?a?te?a ?a?a?t???st??? t?? ???e
    ???a??sµ??
  • ?µpe????e? s?µa?t??? ?p??e?µe????t?ta, p?? s????
    s???a??pteta? µ?s? t?? a?st???t?ta? t??
    µa??µat????-p??a??t???? µ??t????
  • ?as??eta? se ap??? stat?st???? µe??d???

16
ISO/IEC 27005
  • ISO/IEC 270052011 Information Technology
    Security Techniques Information security risk
    management
  • ????e? st? se??? p??t?p?? ISO/IEC 27000
  • S?µp?????e? t? ISO/IEC 27001

17
ISO/IEC 27005 ??? e??as???
18
?a????sµ?? pe??e??µ???? Context establisment
  • St???? ?a ?a????ste? ? s??p?? t?? d?e??as?a?
  • ??s?d?? ?p??ad?p?te s?et??? p????f???a ??a t??
    ???a??sµ?
  • ???se??
  • ?a????sµ?? t?? ßas???? ???t????? (ap?t?µ?s?
    ep????d???t?ta?, ep?pt?se??, ap?d???
    ep????d???t?ta?)
  • ???sµ?? t?? pe??e??µ???? ?a? t?? ?????
  • ??µ??????a t?? ?at??????? ???a??s?a??? d?µ?? ??a
    t?? e?t??es? t?? d?e??as?a?
  • ???d?? ?? p??d?a??af?? a?t?? t?? pa?aµ?t???

19
?p?t?µ?s? ep????d???t?ta? Risk assessment
  • St???? ? a?a?????s?, p?s?t???p???s? ? p???t???
    pe????af? ???d???? ?a? ? p??te?a??p???s? t???
  • ??s?d?? ? ???d?? t?? p??????µe??? d?e??as?a?
  • ???se?? ap?te?e?ta? ap? t?e?? ?p?d?e??as?e? (ß?.
    pa?a??t?)
  • ???d?? ??a? ?at?????? ap?t?µ?µ???? ???d???? µe
    p??te?a??t?te? s?µf??a µe ta ???t???a ap?t?µ?s??
    ep????d???t?ta?

20
??a?????s? ???d???? Risk identification
  • St???? ?a ?a????ste? t? ?a µp????se ?a s?µße?
    p?? ?a p???a???se µ?a p??a?? ap??e?a ?a? ?a ???e?
    saf?? t? p??, p?? ?a? ??at? ?a µp????se ?a
    ?p???e? ap??e?a
  • ??s?d?? ? ??tas? ?a? ta ???a t?? ap?t?µ?s??
    ep????d???t?ta?, ?at?????? a?a???, p????f???e?
    ??a p??a??? ape????, te?µ????s? ?pa????t?? µ?t???
    asf??e?a?, e?de??µ???? p???p?????ta s??d?a
    a?t?µet?p?s?? ???d????, ?at?????? ep??e???s?a???
    d?e??as???.

21
??a?????s? ???d???? Risk identification
(s????e?a)
  • ???se??
  • ??a?????s? a?a???
  • ??a?????s? ape????
  • ??a?????s? ?f?st?µe??? µ?t??? p??stas?a?
  • ??a?????s? ad??aµ???
  • ??a?????s? s??epe???

22
??a?????s? ???d???? Risk identification
(s????e?a)
  • ???d?? ?at?????? a?a??? p?? ??????? p??stas?a?,
    s?et???? ep??e???s?a??? d?e??as?e?, s?et????
    ape????, ?at?????? ?f?st?µe??? ?a? s?ed?a??µe???
    µ?t??? asf??e?a?, ?at?????? e?pa?e???
    s?et???µe??? µe ta a?a?? ?a? t?? a?a?????sµ??e?
    ape????, ?at?????? e?pa?e??? p?? de? s?et????ta?
    µe ?aµ?? a?a?????sµ??? ape???, ?at?????? se?a????
    epe?s?d??? µe t?? ep?pt?se?? t???, ta s?et???
    a?a?? ?a? t?? s?et???? ep??e???s?a??? d?e??as?e?.

23
?????s? ep????d???t?ta? Risk analysis
  • ??s?t??? ? p???t???
  • ??s?d?? ? ???d?? t?? d?e??as?a? a?a?????s??
    ???d????
  • ???se??
  • ????????s? s??epe???
  • ????????s? p??a??t?ta? epe?s?d???
  • ?a????sµ?? ep?p?d?? ep????d???t?ta?
  • ???d?? ?at?????? ???d???? µe ?a????sµ??a ep?peda
    ep????d???t?ta?

24
????????s? ep????d???t?ta? Risk evaluation
  • St???? ?a ??f???? ap?f?se?? ??a µe????t????
    e????e?e?
  • ??s?d?? ? ???d?? t?? d?e??as?a? a????s??
    ep????d???t?ta?
  • ???se?? s?????s? t?? ep?p?d?? ep????d???t?ta? µe
    ta ???t???a a???????s?? ep????d???t?ta? ?a? ta
    ???t???a ap?d???? ep????d???t?ta? p??
    ?a????st??a? ap? t? d?e??as?a ?a????sµ??
    pe??e??µ????
  • ???d?? ?at?????? ???d???? µe p??te?a??t?te?

25
??t?µet?p?s? ep????d???t?ta? Risk treatment
26
??t?µet?p?s? ep????d???t?ta? Risk treatment
(s????e?a)
  • St???? ? ep????? µ?t??? asf??e?a? ??a ?a
    µe???e?, ?a d?at????e?, ?a ap?fe???e?, ? ?a
    µetafe??e? ? ep????d???t?ta ?a? ? ?a????sµ??
    s?ed??? a?t?µet?p?s?? t?? ep????d???t?ta?
  • ??s?d?? ? ???d?? t?? d?e??as?a? ap?t?µ?s??
    ep????d???t?ta?
  • ?p?????? a?t?µet?p?s??
  • ???p?p???s?
  • ??at???s?
  • ??aµ???asµ??
  • S??d?asµ??

27
??t?µet?p?s? ep????d???t?ta? Risk treatment
(s????e?a)
  • ?a?????te? p?? ep??e????? t?? ap?fas?
  • ??st?? ???e f??? p?? s?µßa??e? t? s?et???
    epe?s?d??
  • S????t?ta eµf???s??
  • St?s? ap??a?t? st?? ???d???
  • ??????a ???p???s?? t?? apa?t??µe??? µ?t???
    asf??e?a?
  • ??a??s?µ?? p????
  • ??????se? ep??e???s?a???/te??????????
    p??te?a??t?te?
  • ???a??s?a??? ?a? d?????t???? p???t????

28
??t?µet?p?s? ep????d???t?ta? Risk treatment
(s????e?a)
  • ?e??s? p??a??t?ta? e?d???s?? ape????
  • ??t?µet?p?s? e?pa?e???
  • ?e?????sµ?? ep?pt?se??
  • ????aµ??
  • ?etaß?ßas? ep????d???t?ta?
  • ?p?d??? ep????d???t?ta?

29
?p????????a ?a? s?µß???e?t??? Risk
communication and consultation
  • S??p?? ? ep?te??? s??a?t?????? ??a ??e? t??
    p?e???? t?? ep????d???t?ta? µeta?? t?? d??a??????
    (stakeholders) t?? ???a??sµ??
  • ???a? apa?a?t?t? ? ?pa??? ?a?? ?a????sµ????
    s?ed??? t?s? ??a ?a??????? s?????e ?s? ?a? ??a
    ??ta?t? a?????

30
?a?a???????s? ?a? a?a?e???s? ep????d???t?ta?
Risk monitoring and review
  • ??a???? d?e??as?a
  • S??p?? t?? pa?a???????s?? ? a????e?s?
    ?p??asd?p?te µe??s?? t?? ap?d?s?? µ??a??sµ?? ?a?
    ?p??es??? ?a? ? ??a??? d?????t???? ????se??
  • S??t???s? µ?t??? asf??e?a?
  • S??p?? t?? a?a?e???s?? epa??p?????sµ??
    ep????d???t?ta? ?ta? a??????? ?? pa?????te? p??
    t?? ep??e?????
  • ?s?te????? ??e????

31
????d?? ??a?e???s?? ?p????d???t?ta?
  • ????d?? e??a? "? s?st?µat???? ?a?
    p????aµµat?sµ???? t??p?? p??se???se??, e?et?se??,
    a?a??se?? ?a? e?µ??e?a? p??ß??µ?t?? ? fa???µ????
    ß?se? s???e???µ???? ?a?????"
  • ??te a????????µe t? ISO27005, e?te ???,
    apa?te?ta? ? ?????t?s? µ?a? µe??d?? p?? ?a µa?
    ?a??d???se? st? d?a?e???s? t?? ep????d???t?ta?

32
????d?? ??a?e???s?? ?p????d???t?ta?
  • ?e??ss?te?e? ap? 100 d?af??et???? µ???d??
    a????s?? ?/?a? d?a?e???s?? ep????d???t?ta? ?.S.

CRAMM CORAS
SBA Callio Secura
MEHARI Proteus
OCTAVE RiskWatch
MAGERIT EBIOS
COBRA
33
Security by Analysis (SBA)
  • ??apt?????e st? S???d?a st?? a???? t?? 80.
    ???s?µ?p??e?ta? ??t?te µe ep?t???a s?ed??
    ap???e?st??? st?? S?a?d??aß???? ???e?. ?e? ??e?
    p??sa?µ?ste? st? ISO 27005
  • ???eta? ?t? ?? ?????p?? p?? s?µµet????? st??
    ?a??µe???? ?e?t?????a t?? ?.S. ????? t??
    pe??ss?te?e? p??a??t?te? ?a e?t?p?s??? ta
    p??ß??µata ?a? ?a p??te????? ??se??.
  • ?p?te?e?ta? ap? ??a s????? µe??d?? µe ?????te?e?
    t?? SBA Check ?a? SBA Scenario.

34
SBA Check
  • ?a?e?a ap?t?µ?s? t?? ep?p?d?? asf??e?a? t?? ?.S.
  • St????eta? se e??t?µat?????a.
  • ??e? ?? s?µe?? a?af???? t? ISO/IEC 27002.
  • ?p?st????eta? ap? e?d??? ????sµ???.

35
SBA Scenario
  • ??e?? ep??????
  • Main analysis ?????? a????s? µe st??? t??
    p??sd????sµ? t?? p??a??t?ta? p?a?µat?p???s?? e???
    epe?s?d??? asf??e?a? ?a? t?? e?t?µ?s? t??
    ??st???, µe a?a??t???? a???µ?t???? µe??d???.
  • Ten analysis ?a?e?a a????s? µe t?? p??a??t?ta
    ?a? t? ??st?? ?a p??sd???????ta? st? ???µa?a
    1-10.
  • Risk window S???pt??? a????s? ßas?sµ??? se µ?a
    p???t??? ???µa?a tess???? ßa?µ?d??.

36
St?d?a t?? SBA Scenario
  1. ???et??µas?a (Preparation)
  2. Se????a (Scenarios)
  3. S????? (Overview)
  4. S??d?? d??s?? (Action plan)

37
St?d?? 1 ???et??µas?a
  • S?????t?s? ?µ?d?? a????s?? ?a? d?das?a??a t??
    SBA.
  • ? ????? t?? e?d???? pe??????eta? st? d?das?a??a
    t?? µe??d?? ?a? st? s??t???sµ? t?? e??as??? t??
    ?µ?da?.
  • ?????d????aµµa, ?ata??af?, ??????t?s?,
    p??sd????sµ?? ?????, d?aµ??f?s? s??a?t??????
    ?.?p.

38
St?d?? 2 Se?????
  • ??t?p?sµ?? p??a??? se?a????
  • ??µ???????? f?s? e??as?a?
  • ?????s? ep????d???t?ta?
  • ??a??t??? pe????af? ???e se?a???? ?a? ?ata??af?
    ???? t?? d?a??s?µ?? st???e??? p?? af????? t?
    se?????.
  • ??t?µ?s? p??a??t?ta? p?a?µat?p???s??
  • ??a?e???s? ep????d???t?ta?
  • ???sd????sµ?? e?pa?e??? p?? s??d???ta? µe t?
    se?????
  • ?p????? a?t?µ?t??? ?a? ??st?????s? t???

39
St?d?? 3 S?????
  • ?a????sµ?? p??te?a??t?t?? ???p???s??
  • ???te?a??t?te? ß?se? t?? ep?pt?se?? (ap?
    e?de??µe?? ???p???s? t?? se?a????, ap??s?a t??
    a?t?µ?t???)
  • ???te?a??t?te? ß?se? t?? µe??s?? t??
    ep????d???t?ta? p?? ep?t?????eta? µe t??
    ???p???s? t?? a?t?µ?t???

40
St?d?? 4 S??d?? d??s??
  • ?at??t?s? e??? s???????? s?ed??? d??s?? ??a t??
    asf??e?a t?? ?.S. ?a? ?a????sµ?? ?pe?????? ??a
    t?? ???p???s? t?? µ?t??? p??stas?a?.

41
??e??e?t?µata SBA
  • ????ete? µ?a ???st??? p??s????s? t?? ??t?µat??
    t?? asf??e?a?.
  • ? a????s? ???eta? ap? t??? ?d???? a????p??? p??
    ???s?µ?p????? ?a??µe???? t? s?st?µa.
  • ???a? a??et? ap??, ?ata???t? ap? µ?-e?d????? ?a?
    µp??e? ?a ???p????e? µe µ???? ??st??.
  • ?p?st????eta? ap? ap?? ?a? e????st? ????sµ???.

42
?e???e?t?µata SBA
  • St????eta? se µe???? ßa?µ? st?? ??a??t?te?, t?
    fa?tas?a ?a? t? d???es? ??a s??e?sf??? t??
    a????p?? p?? eµp?????ta?.
  • ????p???te? t?? a??pt??? a????p??e?t????? ?a?
    s?µµet?????? ????t???a?.

43
? µ???d?? CRAMM
  • CRAMM, CCTA Risk Analysis and Management Method
  • ??apt?????e t? 1987 st? ?e???? ??eta??a ap? t??
    ?e?t???? ?p??es?a ?p?????st?? ?a? ?p??????????
    (CCTA).
  • ? te?e?ta?a ??d?s? (V5.0) ?????f???se t? 2003
  • ??a ??d?s? (V5.2) t? 2009
  • ??e? ???s?µ?p????e? se e?at??t?de? µe??te?
    d?e????
  • ?a???e? ?at????? ape???? ?a? a?t?µ?t???

44
??t??s? t?? ep????d???t?ta?
  • ? µ?t??s? t?? ep????d???t?ta? (se ???µa?a 17)
    ???eta?
  • ?e ap?t?µ?s? pe????s?a??? st???e??? (???µa?a
    110), ß?se? t?? ep?pt?se?? st?? ???a??sµ?
  • ?e a???????s? ape???? (???µa?a 15)
  • ?e a???????s? e?pa?e??? (???µa?a 13)

45
St?d?a ?a? ß?µata t?? CRAMM
  • S1 ???sd????sµ?? ?a? a???????s? t??
  • a?a??? (assets)
  • ???te??p???s? ?.S., ?p?t?µ?s? st???e???
  • ?.S., ?p?ßeßa??s? ?a? ep?????s?
  • S2 ?????s? t?? ?p????d???t?ta?
  • ???sd????sµ?? ape???? ??a ???e a?a??
  • ??t?µ?s? ape???? ?a? ad??aµ???
  • ?p?????sµ?? ?p????d???t?ta?
  • ?p?ßeßa??s? ?a? ep?????s?
  • S3 ??a?e???s? t?? ?p????d???t?ta?
  • ???sd????sµ?? ??sta? p??te???µe???
    a?t?µ?t???
  • ?at??t?s? S?ed??? ?sf??e?a?

46
St?d?? 1 ??µa 1.1
  • St?d?? 1 ???sd????sµ?? ?a? a???????s? a?a???
    ??µa 1.1 ??µ??????a t?? µ??t???? t?? ?.S.
  • ???sd????sµ?? t?? ded?µ???? p?? epe?e????eta? t?
    ?.S. ?a? ?µad?p???s?
  • ???sd????sµ?? t?? ?????? st???e??? (physical
    assets)
  • ???sd????sµ?? t?? ????? ?a? t?? e??atast?se??
  • ???sd????sµ?? t?? ????sµ????
  • ??µ??????a µ??t???? p?? s?s?et????? ta a??t???

47
St?d?? 1 ??µa 1.2
  • St?d?? 1 ???sd????sµ?? ?a? a???????s? a?a???
    ??µa 1.2 ?p?t?µ?s? t?? st???e??? t?? ?.S.
  • ???µa?a 1-10
  • ???tas? ?a? ap?t?µ?s? ep?pt?se??
  • S??e?te??e?? ???st??
  • ?pe?e??as?a ap? t? ????sµ??? t?? CRAMM

48
St?d?? 1 ??µa 1.2
  • ??eta??µe?e? pe??pt?se??
  • ??-d?a?es?µ?t?ta
  • ?atast??f?
  • ?p???????
  • ??-e???s??d?t?µ??? µetaß???
  • ??e??µ??? µetaß???
  • ???? µet?d?s?? ded?µ????
  • ???µat??? a??a ??????/????sµ???? (??st??
    a?t??at?stas??)

49
St?d?? 1 ??µa 1.2
  • ?p?pt?se??
  • S?µat??? a?e?a??t?ta ?a? ??? f?s???? p??s?p??
  • ??sa??s?e?a ap? ???es? p??s?p???? p????f?????
  • ??µ???? ep?pt?se??
  • ?a?eµp?d?s? d??a??s????
  • ??????µ???? ap??e?e?
  • ??at??a?? d?µ?s?a? t????
  • ??-efa?µ??? p???t???? ???a??sµ??
  • ?p??e?a t?? eµp?st?s???? t?? ??????
  • ?p?????sµ?? a??a? a?a???, a???p????ta? ?a? t?
    µ??t???.

50
St?d?? 1 ??µa 1.3
  • St?d?? 1 ???sd????sµ?? ?a? a???????s? a?a???
    ??µa 1.3 ?p?ßeßa??s? ?a? ep?????s? t??
    ap?t?µ?s??
  • ?a???s?as? ap?te?esµ?t?? p??t?? Stad??? st?
    d?????s? ?p? µ??f? a?af????
  • S?s?e?? ep?????s?? ap?te?esµ?t??

51
St?d?? 2 ??µa 2.1
  • St?d?? 2 ?????s? ?p????d???t?ta? ??µa 2.1
    ???sd????sµ?? t?? ape???? p?? af????? t? ???e
    a?a??
  • S??des? ???e a?a??? µe s???e???µ??e? ?at?????e?
    ape????

52
St?d?? 2 ??µa 2.2
  • St?d?? 2 ?????s? ?p????d???t?ta? ??µa 2.2
    ??t?µ?s? ape???? ?a? ad??aµ???
  • S?µp????s? e??t?µat??????? e?t?µ?s?? ape???? ?a?
    ad??aµ???
  • ??t?µat? (ap? t? e??a?e??) ap?t?µ?s? ape????
    (???µa?a 1-5) ?a? ad??aµ??? (???µa?a 1-3)
  • ?p?ßeßa??s? ?/?a? d?????s? t?? t?µ?? ap? t???
    a?a??t??

53
St?d?? 2 ??µa 2.3
  • St?d?? 2 ?????s? ?p????d???t?ta? ??µa 2.3
    ?p?????sµ?? ep????d???t?ta? ??a ???e s??d?asµ?
    a?a???-ape????
  • ??t?µat?? (ap? t? e??a?e??) ?p?????sµ?? e???
    ßa?µ?? ep????d???t?ta? (se ???µa?a 1-7) ??a ???e
    ?e???? a?a???-ape????.

54
St?d?? 2 ??µa 2.4
  • St?d?? 2 ?????s? ?p????d???t?ta? ??µa 2.4
    ?p?ßeßa??s? ?a? ep?????s? t?? ?a?µ??
    ?p????d???t?ta?
  • ?a???s?as? se µ??f? a?af???? t?? a????s??
    ep????d???t?ta?. ?p?ßeßa??s? t?? ap?t?µ?s?? ap?
    t? ??????s? se ????? s?s?e?? e??as?a? µe t???
    a?a??t??.

55
St?d?? 3 ??µa 3.1
  • St?d?? 3 ??a?e???s? ?p????d???t?ta? ??µa 3.1
    ???sd????sµ?? t?? ??sta? t?? p??te???µe???
    a?t?µ?t???
  • ??t?µat? pa?a???? (ap? t? e??a?e??) ??sta?
    p??te???µe??? a?t?µ?t???.
  • ?p????? µ?t??? p??? ???p???s?

56
St?d?? 3 ??µa 3.1
  • ? ep????? ßas??eta? sta e??? ???t???a
  • ?p?d?as? a?t?µ?t??? st? ?e?t?????a t?? ???a??sµ??
  • ??a??s?µ?? p???p?????sµ??
  • ??st?? efa?µ???? ?a? d?a?e???s?? a?t?µ?t???
    (???µat??? ?a? se a????p????? p?????)
  • ?p??? t?? ??????s?? ?a? st???? t?? ???a??sµ??
  • ??de??e?? ??a µe????t??? ??tas? ? ?fes? t??
    ape????
  • ?p?te?esµat???t?ta a?t?µ?t???

57
St?d?? 3 ??µa 3.1
  • ?at?????e? a?t?µ?t??? se f?????sa se???
    ap?te?esµat???t?ta?
  • ?e??s? t?? ape????
  • ?e??s? t?? ad??aµ???
  • ?e??s? t?? ep?pt?s??
  • ?????e?s? t?? pa?aß?as??
  • ????aµ?? (recovery)

58
St?d?? 3 ??µa 3.1
  • ?atast?se?? a?t?µ?t???
  • ?d? e??atest?µ??? (installed)
  • ?p??e?µ??? ??a e??at?stas? (to be installed)
  • ?p? ???p???s? (implementing recommendation)
  • ??e? ???p????e? (implemented recommendation)
  • ??e? ?d? ?a??f?e? ap? ???? a?t?µet?? (already
    covered)
  • ??a?aµß??eta? ? ep????d???t?ta ?a? de?
    ???p??e?ta? (accept level of risk)
  • ?p? s???t?s? (under discussion)
  • ?? efa?µ?s?µ? (not applicable)

59
St?d?? 3 ??µa 3.2
  • St?d?? 3 ??a?e???s? ?p????d???t?ta? ??µa 3.2
    ?at??t?s? s?ed???/p????? asf??e?a?
  • S??ta?? s?ed??? asf??e?a?, t? ?p??? pe???aµß??e?
    (a) ????t??? ?sf??e?a?, (ß) ?at?????? ??t?µ?t???,
    (?) St?at????? efa?µ????
  • ?at??es? t?? S?ed??? st? ??????s? ?a? ep?????s?
    t?? se ????? s?s?e??

60
????p???se?? ep?t???a?
  • S?µµet??? ?a? ?p?st????? t?? a??te??? ??????s??
  • S?µµet??? ste?e??? t?? ???a??sµ??
  • ???? ep????? de??µat?? ste?e??? ??a t??
    p?a?µat?p???s? s??e?te??e??
  • ????ß?? ??????t?s? t?? µe??t??

61
??e??e?t?µata CRAMM
  • ?a??pte? ??e? t?? f?se?? t?? a????s?? ?a?
    d?a?e???s?? ep????d???t?ta?
  • ?a??pte? ??e? t?? s???st?se? asf??e?a? (p.?.
    ??µata p??s?p????, d?ad??as???, te????? ??µata,
    f?s??? asf??e?a ?.?.)
  • ??e? d???µaste? µe ep?t???a ?a? ?p???e? µe????
    d?e???? eµpe???a
  • S???de?eta? ap? e?d??? e??a?e?? p?? d?e??????e?
    t?? efa?µ??? t?? ?a? pa???e? µ?a µe????
    ß?ß??????? a?t?µ?t???

62
?e???e?t?µata CRAMM
  • St????eta? se µe???? ßa?µ? st? s??e??as?a µe t???
    ???ste? ?a? t? d?????s? t?? ???a??sµ?? ?a? t??
    d???? t??? (?p??e?µe????? ap??e??)
  • ??e? ????? ??st?? efa?µ???? (?????? ?a? a????p???
    p??sp??e?a)
  • St????eta? se ??a p??? ap????? µ??t??? t??
    p????f???a??? s?st?µat??
  • ?st???e? ??s?ast??? µ??? sta ded?µ??a ?a?
    ?aµß??e? ?p??? t??? a????p??? µ??? ?? p????
    ape????

63
?e???e?t?µata CRAMM
  • ?pa?te? a??et?? f???? t?? ep?µßas? t?? a?a??t?
    ?a? t?? p??sa?µ??? t?? ap?te?esµ?t?? t??
    a?t?µat?? ?p?????sµ??
  • ?? te???? ap?t??esµa st????eta? se µe???? ßa?µ?
    se ?p??e?µe????? e?t?µ?se??, ?? ?p??e? ?µ?? s????
    de? ?????ta? a?t???pt?? ?? t?t??e?.
  • ?pa?te? epe?e??as?a t?? p??te???µe??? a?t?µ?t???
    ??a t?? p??sa?µ??? t??? sta ?d?a?te?a
    ?a?a?t???st??? t?? ?p? µe??t? ?.S. ?a pe??ss?te?a
    a?t?µet?a e??a? p??? ?e????.

64
???t???a ep?????? ?at??????? µe??d??
  • ?a a?tap?????eta? st? µ??e??? ?a? t? s?µp????t?ta
    t?? ?.S.
  • ?a ??e? ?aµ???te?? ??st?? efa?µ????
  • ?a ta?????e? sta ???a??s?a?? ?a?a?t???st??? ?a?
    t?? ????t???a t?? ???a??sµ??
  • ?a ?p?st????eta? ap? e?e?d??e?µ??? ????sµ???
  • ?a efa?µ?ste? ap? a?a??t?? µe eµpe???a st?
    s???e???µ??? µ???d?
  • ?a ?a??pte? ????? t??? pa?????te? p?? s??d???ta?
    µe t?? asf??e?a ?.S. (te??????? ?a? ???????????)

65
?e??t? pe??pt?s?? ??? ?.?.
  • ?µp?st? ???t? ??t?t?ta ?.?.
  • ???? ??st?p???s?? ?a???? ?a? d?a?e???s? ??f?a???
    p?st?p???t????.
  • T??at???? e???????? t??pe?a?
  • ????? ?µ?da e?d???? p????f??????, ???e???
    ste?e??? p????f??????
  • ????es? µe??t?? asf??e?a? ????? ??st?p???s?? se
    a?ad?????

66
?p????? µe??d??
  • CRAMM d??t?
  • ?µpe???a t?? ?µ?da? µe??t?? st?? efa?µ??? t??
    µe??d??
  • ? CRAMM e??a? a?a?????sµ??? ?a? ???eta? ap?de?t?
    µe e?????a
  • Te??e?ta? ?at?????? ??a efa?µ???? a?t?? t??
    µe??????
  • ?e????e? µ?a ?d?a?te?a p???s?a ß?ß???????
    a?t?µ?t???

67
?fa?µ??? ?e????
  • ???te? d?ap?st?se??/e?t?µ?se??
  • ? ??s? p????f?????? d?a??te? 6-7 ?t?µa ?a? de?
    ??e? ?e?d?se? t?? eµp?st?s??? t?? d?????s??
  • ?esa?a ?a? a??te?a d?????t??? ste???? µe ?et???
    p??d???es?, a??? ????? te?????? ???se??
  • St?at?????
  • ?µp???? st? ???? t?? a??te??? d?????s??
  • S?µµet??? se ??e? t?? s??e?te??e?? e??? ste??????
    t?? ??s?? ?????f?????? (µetaf??? te??????s?a?,
    d?e??????se?? st? d?e?a???? t?? s??e?te??e??)
  • ???se?t??? ??????t?s? t?? µe??t??

68
?fa?µ??? CRAMM St?d?? 1
  • St?d?? 1 ???sd????sµ?? ?a? a???????s? t?? a?a???
  • ?ata??af? µe t? ß???e?a t?? ??s?? ?????f??????
  • ????????s? ß?se? s??e?te??e?? µe ste???? ??s??
    ?????f??????, Ge????? ??t?, ??t? ????se?? ?a?
    ????et????, ??s?? ??????s??
  • ????????s?
  • ?ed?µ???? (d?a?es?µ?t?ta, eµp?ste?t???t?ta,
    a?e?a??t?ta)
  • ?????? (??st?? a?t??at?stas??)
  • ????sµ???? (??st?? a?t??at?stas??)

69
?fa?µ??? CRAMM St?d?? 1
  • ?ed?µ??a
  • ?d??t??? ??e?d? (private key) ?a? ??st?p???t???
    ??? (certificate)
  • ?????f???e? ?ata????? (directory services)
  • ??µ?s?e? ?????f???e?
  • ??????t??? ?ed?µ??a

70
?ed?µ??a ???
71
?ed?µ??a ???
72
?ed?µ??a ???
73
?ed?µ??a ???
74
S??t?µ???af?e?
75
S??t?µ???af?e?
76
?fa?µ??? CRAMM St?d?? 1
  • ?????
  • 3 e??p??et?t??, sta?µ?? e??as?a?, d??t?a???
    e??p??sµ??, µ?sa ap????e?s??
  • S??????? ??st?? a?t??at?stas?? pe?? ta 10.000
    ????

77
?fa?µ??? CRAMM St?d?? 1
  • ????sµ???
  • ?e?t??????? s?st?µa
  • ???p??et?t?? ?st??
  • ???p??et?t?? p?st?p???t????
  • ????sµ??? ?p?st?????? SSL/TLS
  • ??a?e???st?? ß?s?? ded?µ????
  • ???a?e?a a?t?µat?sµ?? ??afe???
  • S??????? ??st?? a?t??at?stas?? pe?? ta 15.000 ????

78
?fa?µ??? CRAMM St?d?? 2
  • St?d?? 2 ?????s? ep????d???t?ta?

79
?fa?µ??? CRAMM St?d?? 2
80
?a??de??µa e?t?µ?s?? ape????/ad??aµ???
81
?fa?µ??? CRAMM St?d?? 2
  • S?µa?t???te?e? ad??aµ?e? (e?p??e?e?)
  • ???e??? ???a??t???? ?p?d?µ??
  • ???e??? te??????s?a? asf??e?a? ?.S.
  • ????p?? f??a?? ?t?????
  • ???at?stas? st? ???t?? t?? p????
  • ???s? ?????? d??t?a??? ?p?d?µ?? ??a p??????a
    efa?µ????
  • ????p?? f?s??? p??stas?a ?a??d??s??
  • ??a???p?st?a d??t??? pa????? ??e?t??sµ??

82
?fa?µ??? CRAMM St?d?? 2
  • ?p?????sµ?? ßa?µ?? ep????d???t?ta?, µ???ste?
    t?µ??
  • ??ast?p??s?p?a ???st? ap? e??te?????? ???ste? ??a
    pa???? p?st?p???t????
  • ??ast?p??s?p?a ???st? ap? e??te?????? ???ste? ??a
    p??sß??? t?? ?st?se??da?
  • ??sa???? ??µ??f???? ????sµ???? st??? e??p??et?t??
  • ?????s? (filtering) d?ad??t?a??? ep??????????
  • ????a??? st? ?t???? t?? ???
  • ???p? ßas???? e??p??sµ??
  • ?a?da??sµ??, t??µ???at??? e????e?a

83
?a??de??µa ?a???? p?st?p???t????
84
?fa?µ??? CRAMM St?d?? 3
  • St?d?? 3 ??a?e???s? ep????d???t?ta?
  • ?? e??a?e?? p??te??e? pe?? ta 500 a?t?µet?a
  • ????? ap? a?t? µ?-efa?µ?s?µa ? p?e??????ta
  • ?p???????a? pe?? ta 150 ?a? p??st????a? a?t?µet?a
    ap? ???e? p????.
  • ?p?s?? p??t????e saf?? ?a? s???e???µ???
    ???a??t??? p?a?s?? d?a?e???s?? asf??e?a? ?.S.

85
S??d?? asf??e?a?
  • ??µe?? est?as??
  • ??sµe?s? t?? a??te??? d?????s?? t?? ??? ??a t??
    p?????s? t?? asf??e?a? ?.S.
  • ?a????sµ?? ???? ????? p?? af????? t?? asf??e?a,
    d?a??µ? t?µ??? e?????? ?a? a??pt??? saf???
    ???a?????µµat?? asf??e?a?
  • ??pa?de?s? t?? te?????? p??s?p???? ?a? e??µ???s?
    t?? s?????? t?? p??s?p????
  • ???s??s? t?? f?s???? asf??e?a? t?? ?t????? ?a?
    t?? d?µat??? p?? e??a? e??atest?µ???? ??
    e??p??et?t??

86
S??d?? asf??e?a?
  • ??µe?? est?as?? (s????e?a)
  • ???s??s? t?? asf??e?a? t?? d??t??? ?a?
    e??at?stas? firewall ?a? s?st?µat?? a????e?s??
    pa?e?sf??se?? (intrusion detection system)
  • ?fa?µ??? ????????µ???? s?ed??? ??a t? ???? ?a?
    d?a?e???s? efed????? a?t????f?? ded?µ????
  • ?fa?µ??? s?ed??? s????e?a? (business continuity
    plan)
  • ?fa?µ??? t?? p???t???? asf??e?a? ?.S.

87
S?µpe??sµata µe??t?? pe??pt?s??
  • ? e?e???? s?µµet??? t?? a??te??? d?????s??
    ????eta? apa?a?t?t?
  • ? e?e???? s?µµet??? t?? a??te??? d?????s?? e??a?
    d?s???? ?a ep?te???e? se ???a??sµ??? ?????
    a?ept??µ??? ????t???a p????f??????
  • ? ??????t?s? t?? µe??t?? ?a p??pe? ?a ??e?
    ep?s?µa ep??????e? p??? t?? ??a??? t?? a????s?
    ep????d???t?ta?
  • ? ?µ?da µe??t?? ?a p??pe? ?a ??e? e?asfa??se? t??
    ap?d??? t?? ap?te?esµ?t?? t?? ???e stad??? p???
    p??????se? st? ep?µe??

88
S?µpe??sµata µe??t?? pe??pt?s??
  • ? µe??t? ?a p??pe? ?a ?aµß??e? ?p??? t? ?????????
    ?a? ???a??s?a?? p?a?s?? ?e?t?????a? t?? ?.S. ?
    s?et??? ad??aµ?a t?? CRAMM e??a? eµfa???
  • ? a????s? ep????d???t?ta? st????eta? se µ?a
    pe?????sµ??? ?p??? t?? asf??e?a? ?.S., p??
    est???e? st?? p??stas?a t?? pe????s?a???
    st???e??? (a?a???, assets). ? a???p???s?, ?µ??,
    t?? µe??t?? apa?te? a??a?? t?? ????t???a?, a???
    ?a? t?? d?µ?? t?? ???a??sµ??

89
S?????
  • ? µe??d?????a t?? ?????s?? ?a? ??a?e???s??
    ?p????d???t?ta?
  • ?? ?????e? t?? ape???? (threat), t?? e?p??e?a?
    (ad??aµ?a?, vulnerability), t?? a?a???
    (pe????s?a?? st???e??, asset) ?a? t?? ep?pt?s??
    (impact)
  • ?? p??t?p? ISO/IEC 27005
  • ??at??t?de? µ???d??. ?a?ade??µata SBA, MEHARI,
    CRAMM
  • ? p?a?t??? efa?µ??? apa?te? ?????????? ?a?
    d?????t???? ???se?? ?a? ??a??t?te? ep?p???? t??
    te?????? ???se??

90
???t?se??
  • ?????s?, ?p?t?µ?s? ?a? ??a?e???s? ?p????d???t?ta?
    ?????f???a??? S?st?µ?t??
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "?????s?, ?p?t?" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!