Scribd Logo
Upload

Welcome to Scribd!

  • Antoanthongtin

    Uploaded by

    hvktqs2010
    13 views22 pages

    Original Title

    antoanthongtin

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views22 pages

    Antoanthongtin

    Uploaded by

    hvktqs2010

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    An Ton Thng Tin Information Security Management

    The British Standards Institution 2010

    Gii Thiu
    u t vo tiu chun ISO/IEC 27001:2005 l u t cho tng lai cho mt t chc
    H Thng Qun L da trn nn tng Qun L Ri Ro gip cc t chc lp k hoch, thc thi v duy tr H thng Qun L An Ton Thng Tin. Gip cc t chc thc thi v tip cn n cc bin php An Ton thng tin bng cch:
    Chn ng i tng, phng php, th tc v cng ngh ph hp vi mc ch An Ton thng tin. Hn ch cc nguy hi m cc t chc gp phi c gy ra bi hnh ng c tnh hay ngu nhin.

    Gii Thiu
    ISO/IEC 27001 xc nh r cc yu cu Qun L An Ton Thng Tin. Tiu chun c xy dng m bo bn s c mt h thng An Ton y v cn xng, n gip bo v thng tin v to nim tin cho cc bn lin quan trong c c khch hng. ISO/IEC 27001 khng phi l tiu chun IT duy nht; thng tin l ti sn ca mt t chc. Tiu chun khng yu cu nn tng cng ngh mc d c cc bin php kim sot lin quan n h thng IT.

    ISO/IEC 27000 Series Published


    BS ISO/IEC 27000 Fundamentals and vocabulary (Thut ng v nh ngha) BS ISO/IEC 27001 Information security management systems Requirements BS ISO/IEC 27002 (ISO 17799) Code of practice for Information security BS ISO/IEC 27003 Implementation guidance (Hng dn p dng ) BS ISO/IEC 27004 Metrics and measurement (Php o v o lng An Ton thng
    tin h tr nh gi hiu qu vic thc hin h thng qun l An Ton thng tin) thng tin ) (Cc yu cu c bn v H thng qun l An Ton thng tin m theo t chc c chng nhn) management (Tiu chun miu t tp hp cc mc tiu v tm tt ni dung chnh, cc bin php kim sot An Ton thc hnh tt nht)

    2009 2005 2007 2010 2009 2008 2007

    BS ISO/IEC 27005 Information security risk management (Qun l ri ro an ton BS ISO/IEC 27006 Guidance to CBs (Hng dn cng nhn cc t chc chng
    nhn ISMS)

    BS ISO/IEC 27011 Guidance to Telecommunications (Hng dn qun l An Ton


    thng tin cho vin thng) Ton mng)

    2008 2009

    BS ISO/IEC 27033-1 Security Techniques, Network Security (K thut An Ton v An

    ISO/IEC 27000 Series Development


    Standard ISO/IEC 27035 ISO/IEC 27032 ISO/IEC 27034-1 ISO/IEC 27007 ISO/IEC 27008 ISO/IEC 27012 ISO/IEC 27031 ISO/IEC 27033 ISO/IEC 27033-2 Title Information security incident management (Qun l An Ton thng tin tm n) Guidelines for cyber security (Hng dn An Ton mng) Guidelines for application security -- Part 1: Overview and concepts (Hng dn An Ton ng dng Phn 1: Tng Quan v khi nim) Guidelines for information security management systems auditing (Hng dn nh gi h thng An Ton thng tin) Guidance for auditors on ISMS controls (Hng dn chuyn gia nh gi v cc bin php kim sot ISMS) ISM guidelines for e-government services (Hng dn qun l An Ton thng tin cho chnh ph in t) ICT readiness for business continuity (ICT Readiness cho Qun l s lin tc trong kinh doanh) Information technology -- IT Network security (Cng ngh thng tin An Ton mng) IT network security -- Part 2: Guidelines for the design and implementation of network security (An Ton mng Phn 2: Hng dn thit k v thc thi An Ton mng) IT network security -- Part 3: Reference networking scenarios -- Risks, design techniques and control issues (An Ton mng Phn 3: Vin cnh, R ro, k thut thit k v cc vn kim tra) Oct Nov Nov Date 2010 2010 2010

    May 2011 May 2011 May 2011 May 2011 May 2011 May 2011

    ISO/IEC 27033-3

    May 2011

    Li ch ca vic chng nhn ISO/IEC 27001


    L c s tnh n cc yu cu v hp ng, quy ch v quy tc php l ca cng ty C nng lc chng minh s bn vng c lp , kim sot ni b t chc (Qun tr doanh nghip) Minh chng rng cp qun l cao cp cam kt bo mt thng tin kinh doanh v thng tin ca khch hng em li li th cnh tranh cho doanh nghip Gim thiu thi gian v cng sc khi t chc c kim sot nh gi ni b hoc nh gi bn ngoi

    Li ch ca vic chng nhn ISO/IEC 27001


    Thun tin cho vic huy ng vn v ngun lc cho nhm v mc tiu An Ton thng tin em li mc tiu chung gp phn thc thi h thng An Ton thng tin v kim sot thng tin thun tin hn. Tiu chun ha cc bc, trnh t v ti liu trong vic thc hin An Ton thng tin Xc nh v qun l c cc ri ro m t chc s gp phi Cho khch hng thy rng thng tin ca h hon ton c bo mt.

    PDCA Model for an ISMS

    International Survey Results 2009


    Kt qu kho st quc t nm 2009

    Improving information security risk management is the top priority for the next year Ci thin qun l ri ro An Ton thng tin l cng tc c u tin hng u trong
    nm ti.

    50% of respondents will spend more, 39% will spend at least the same on improvements 50% phn hi rng s u t thm, 39% s u t nh ban u. 41% noted an increase in external attacks and 25% an increase in internal attacks 41% c ghi nhn gia tng tn cng bn ngoi v 25% tn cng t bn bn trong. 27% have implemented a formal ISMS (based on ISO/IEC 27001, 27002)
    27% t chc p dng tiu chun An Ton thng tin.

    8% of which have gained certification Trong c 8% t chc nhn c bng


    chng nhn.

    A further 41% are implementing or considering a formal ISMS. Thm 41% t


    chc s thc thi hoc xem xt p dng h thng qun l An Ton thng tin.

    Source Ernst & Young 12th Annual Global Information Security Survey

    10

    11

    12

    13

    NEXT STEPS

    Julian Thrussell Julian.thrussell@bsi-global.com 07967 717 382

    ISO 27001 Certificates by Country


    Japan UK India Taiwan China Germany Czech Republic Korea USA Italy Spain Hungary Malaysia Poland Thailand Greece Ireland Austria Turkey Turkey France Hong Kong Australia Singapore Croatia Slovenia Mexico Slovakia Brazil 4152 573 546 461 393 228 112 107 105 82 72 71 66 61 59 50 48 42 35 35 34 32 30 29 27 26 25 25 24 Netherlands Saudi Arabia UAE Bulgaria Iran Portugal Argentina Philippines Indonesia Pakistan Colombia Russian Federation Vietnam Iceland Kuwait Canada Norway Sweden Switzerland Bahrain Peru Chile Egypt Oman Qatar Sri Lanka South Africa Dominican Republic Morocco 24 24 19 18 18 18 17 16 15 15 14 14 14 13 11 10 10 10 9 8 7 5 5 5 5 5 5 4 4 Belgium Gibraltar Lithuania Macau Albania Bosnia Herzegovina Cyprus Ecuador Jersey Kazakhstan Luxembourg Macedonia Malta Mauritius Ukraine Armenia Bangladesh Belarus Bolivia Denmark Estonia Kyrgyzstan Lebanon Moldova New Zealand Sudan Uruguay Yemen 3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 1 1 1

    14

    Total

    7940

    Source: www.iso27001certificates.com

    ISO 27001 Market share

    Data: Xesec 2009

    16

    ISO/IEC 27001 Customers

    Cc bc ng k chng nhn
    Bc 1 Gi Yu Cu
    Lin h t chc chng nhn ti khu vc tm hiu cc yu cu kinh doanh ca bn cung cp dch v c th p ng yu cu ca bn
    Khch hng in thng tin cng ty

    Bc 2 Xc nh Phm Vi

    Bc 3 Gi Bo Gi

    Xc nh mc ri ro v tnh phc tp ca h thng

    Cc bc ng k chng nhn
    Bc 4 ng k vi t chc chng nhn

    Bc 5 Ch nh on nh gi
    T chc chng nhn s thc hin vic xem xt h s nh gi ri ro, chnh sch, phm vi, tuyn b p dng v cc th tc. iu ny sau s gip xc nh bt k thiu st trong h thng qun l ca bn cn phi c ci tin

    Bc 6 Xem xt ti liu

    Cc bc ng k chng nhn
    Bc 7 Chun b k hoch nh gi

    Bc 8 Tin hnh nh gi giai on 1

    Bc 9 Khch hng gi k hoch khc phc

    Cc bc ng k chng nhn
    Bc 10 Chun b k hoch nh gi giai on 2

    Bc 11 Tin hnh nh gi giai on 2

    Bc 12 Khch hng gi k hoch khc phc

    Cc bc ng k chng nhn
    Bc 13 Hon thin ng k

    Bc 14 Cp giy chng nhn


    Sau 11 thng Sau 12 thng

    Sau 11 thng

    Bc 15 nh gi gim St ln 1

    Bc 16 nh gi gim St ln 2

    Bc 17 Ti ng k

    22

    Thank You !

    You might also like