ISO 17799/ BS7799: A Global Risk Management Program BS7799?? - PowerPoint PPT Presentation

About This Presentation
Title:

ISO 17799/ BS7799: A Global Risk Management Program BS7799??

Description:

Title: Author: Last modified by: eric Created Date: 9/19/2004 7:07:37 AM Document presentation format – PowerPoint PPT presentation

Number of Views:106
Avg rating:3.0/5.0
Slides: 45
Provided by: 6649734
Category:

less

Transcript and Presenter's Notes

Title: ISO 17799/ BS7799: A Global Risk Management Program BS7799??


1
ISO 17799/ BS7799 A Global Risk Management
ProgramBS7799??
  • ReporterLiao Wen-Zi

2
????
  1. ????
  2. BS7799??????
  3. BS7799????????
  4. Case study???????
  5. BS7799????

3
????
  • ?????????? BS7799 ??
  • ???paper to the Symposium on Risk Management and
    Cyber-Informatics RMCI '05
  • Absract accept on 1,26

4
???????
  • ????????????(Oganization for Economic Cooperation
    and Development,OECD)??
  • ?????????????????????????,?????????????????????
  • ??????????????(50)
  • ???????????????(???????,1997)

5
??????? (cont.)
  • ???(Confidentiality)
  • Assures that information is used only by those
    authorized to use it.
  • Secret.
  • ???(Integrity)
  • Assures that information is not changed without
    authorization.
  • Safe.
  • ???(Availability)
  • Assures that information is there when needed.

6
BS7799??????(1/2)
  • ???????(BSI,British Standard
  • Istitution)?1995???
  • BS 7799 ???????
  • BS 7799-1??????????,??????????
  • BS 7799-2??????????,???????

7
BS7799??????(2/2)
  • ????ISMS ?????????????,?ISMS ?????????????,???????
    ??
  • ????????????????(????????????????????????????????
    ?????????????????????????????????????)
  • 127 ???????? 500 ???????,????????????

8
BS7799???(1/2)
  • ??ISMS International User Group established in
    1997 (www.xisec.com)
  • ?????1004 ????? BS77992-2002 ??
  • ???? 32 ????????????
  • ????????,???????????????

9
BS7799???(2/2)
  • ????????????92???????????????????????93????BS7799?
    ?????????????????
  • ??????????????????????????????????????????????????
    ?

10
????(Security Policy)
  • ????????????????
  • ?????????????
  • brief explanation of the security policies,
    principles, standards and compliance requirements
  • ?????(Review and evaluation)

11
???????(Security Policy)
  • ????????
  • ????
  • ???????
  • ??
  • ???

12
???????(Security Policy)
  • ??????
  • ????
  • ??????

13
??????(Security Organisation)
  • ???????
  • ???????????????????????
  • ??????

14
?????????(Asset Classification and Control)
  • ?????????
  • ?????? (???????????
  • ?)

15
????(Personnel Security)
  • ????????????????
  • ????????
  • ??????????????(????????????????)

16
?????????(Physical and Environmental Security)
  • ???? (???????)
  • ???? (?????????)
  • ??????(General Controls Section) (????????)

17
???????(Communications and Operations Management)
  • ???????
  • ??????
  • ????
  • ???????
  • ????????

18
???????????
  • ?????????
  • ???????????????
  • ????
  • ????????????????????????
  • ??????????????
  • ???? password protected screen savers

19
?????
  • ??????
  • ????
  • ???????????????
  • ?????????????(hardware failure)
  • ??servers???????
  • ??????

20
????
  • ?????????????
  • ???????????PDA,??????
  • ????????
  • ????????,?????

21
????(Access Control) (1/2)
  • ???????
  • ?????
  • ??????
  • ????????
  • ????????
  • ??????

22
????(Access Control)(2/2)
  • ????????????????? ???
  • ????????????????
  • ????????

23
???????(Systems Development and Maintenance)
  • ??????
  • ?????????
  • ????
  • ???????
  • ??????????

24
??????(Business Continuity Management)
  • ????????
  • ??????
  • ???????????
  • ???????????

25
?????????(Compliance to avoid any breaches of
criminal and civil law)
  • ????????????????????
  • ??????

26
BS 7799 ??(1/2)
  • ??????
  • ????????
  • ????????
  • ????
  • ??????
  • ???????
  • ??????

27
BS 7799 ??(2/2)
  • ??????
  • ??????

28
BS7799 ????????(1/2)
  • Plan-Do-Check-Act (PDCA)???????????????????,??
    ????ISMS ??,??ISMS?????????
  • ????????????????
  • ?????? ??????????????
  • ?????? ????????

29
BS7799 ???????? (2/2)
  • ????????????????
  • ????????????????????
  • ?????? ????????
  • BS 7799 ??

30
(No Transcript)
31
?????????
  • ????
  • ??
  • ??

32
???? (1/2)
  • ????(???????????????)
  • ????(??????????????)
  • ????(?????????????????)

33
????(2/2)
  • ??(??????????????????)
  • ??(??????????????????)

34
??
  • ?????
  • ??????
  • ????

35
??
  • ????????
  • ???????????
  • ??????
  • ???????????
  • ?????????
  • ????
  • ??????

36
????????????(1/2)
  • ???????????????????
  • ?????(Assets Grouping)
  • ????????(Threat And Vulnerability Valuation)
  • ?????
  • Risk f(????,??,??)

37
????????????(2/2)
  • ??ISMS ???????
  • ??ISMS ?????(Legal Requirement)
  • ????????
  • ??????????????????????????????????????,????????
    ?

38
???????
  • ???????
  • ??????????
  • ??
  • ?????????

39
???????
  • ?????
  • ?????
  • ????
  • ??????(PERT or CPM)
  • ????
  • ????
  • ????

40
BS7799?????(1/2)
  • ????????
  • ?????????????(??????)
  • ??????????????
  • ???????????????
  • ??????
  • ???????????
  • ??????

41
BS7799?????(2/2)
  • ?????????
  • ??????
  • ???????????
  • ????????????
  • ???????

42
BS7799????
  • ?94?4?23?? 94?12?1?, ???7????
  • ???????????????????
  • ?????????????
  • ??????????
  • ????????????? ?????????????????

43
BS7799?????
  • ???????????,?????????
  • ??????,????????????
  • ??????,????????
  • ????????,??????
  • ??????

44
BS7799????
  • ?????????????
  • ?????????
  • ?????????????
Write a Comment
User Comments (0)
About PowerShow.com