Etda Itlaw 100712

BOOK
()
()

http://www.etda.or.th
( )
( )
( )

(e-commerce)
(e-government)

() (.)

..

..
()
()
() ..
()
()
()
()
()
()
()
()
() ..
.

.
() ..

()
()
()
()
()
()
()
()
()
()
()
. .

(e-Commerce) (m-Commerce)
(e-Government)

() .
(Electronic Transactions Development Agency: ETDA)

()

.
() ..
. ..
( ) ..
.
..
.
..
.

..
.
(Certificate Policy)
(Certification Practice Statement)
(Certification Authority) ..
.
..
.
..
.

..
.

..
.
..
.

..
.

( ) ..
.

..
. . /

. . /

. . /

.
..
.

..
.

..
. ..
.
..
.

..
.

..
.

..

()
..
()

()
..
/ / /
()
()
..
..
..

..

() ..

()
()

() . Electronic
Transactions Development Agency (Public Organization) ETDA

()
()

()

()

()
()

()
()
()
()
()
()
()

()
() ()

()
()
()

()
()
()
()

()

()

()

()
()
()
()
()
()

()
()

()
()
()
()
()
()
()

()
()
()

()
()
()
()

()
()
()
()
()
()

()
()
()
()
()
()
()
() ()

()

()
10

()
()
()

() () () () () ()

()
()
()
()
()
()
()
11

()
()

()

()
()

()

()
12

()
()
()

()
()
()
()
()

()
() () () () ()
()

()
()
()
()
()
13
()
()
14
()
15

..

..

..

..

()
16

..

()
17

..

()
18
:-

()
19

..
( ) ..
()
20

..
/ / /
( ) ..
/ / /
()
21
..
------------------------ ..
..

..

/ / /
()
22
()
23
( ) ..
()
24
-

()

()

()
.

.

.

()

()
()

( ) ..
( ) ..
()
25
- ()

()
()

()

( ) ..
( ) ..
()
26
- /
()
()

()

()

()

/ ( ) ..
()
27
-() ()

()

()

() ()

()

() ()

()
28
()
29
()
()
()

()

()
()

()

()

()

()
30
-

()
()

()

()
()
()
()
()
()
()

()
() ()
()
() () ()
() () ()
()
()
31
-
()
()
()
()
()
()
()
() ()
()

()
()
()
()

()
()
()
32
()
33
()
34

()

()
()
()

( ) ..
()
35
-()

()
()
()
()
()
()
36
- /
/ ( ) ..
( ) ..
()
37
- :-

*
.. ..
..

:-
..

/ / /
()
38

( ) ..

..

:-

..

/ / /
()
39
()
40

..
()
41

..
/ / /
()
42

..

.. ( ) ..

..

()

()

()
43
()

()

()
() (Identification) (Authentication)
()
()
()

()
()
()

()
()
()
()
44
()
()
()
()

..
()
()
()
(Identification) (Authentication)

()

()
45
()
()
()

()

()
()
()
()
46

()

..
() (Backup) (Data recovery)
()

()
()
()
() (Identification)
() (Authentication)
() (Authorization)
() (Accountability)

()

()
47

()

()
..

()
48

..
()
49

..
/ / /
()
50

..

.. ( ) ..

()
..

()
51

..
()
52

..
/ / /
()
53

..

/
..
( ) ..

..

(Metadata)
()
54
()

()
()

()
()
()
()

()
55
()
()

()
() ()

() (Identification)
() (Authentication)
() (Authorization)
() (Accountability)

()
56

..

()
57

..

------------------------------
(Resolution)
() 150 (dot per inch dpi)
() 200
() 300
() 72
(Bit Depth)
() - 1 (bit)
() (grayscale) 8
() 24

44.1 (kHz)
16

()
58
-() -5 (Luminance) 13.5

5 (Luminance) 13.5
()
(MHz)
()
(MHz)
8 (bits per
() 8 (bits per
pixel: bpp)
pixel: bpp)
() (Chrominance) 4
(bits per ()
pixel:
bpp) (Chrominance) 4
(bits per ()
pixel:bpp)
(Luminance Resolution) 720 (pixel) x 485
() (Luminance Resolution) 720 (pixel) x 485
(active line)
(active line)
() (Chrominance Resolution) 360 (pixel) x 485
() (Chrominance Resolution) 360 (pixel) x 485
(active line)
(active line)

()
()
()
()
()
()
()
()

()
()
()
()
()
59
--()
()
()
()
()
()
(Metadata)
(Metadata)

( /
( /
) (
) (
) (
) (
)
)

()
()
()
()
()
()

()
()

() (user registration)

() (user management)
() (user password management)

() (review of user access rights)

()
60
-() (password use)

()
()
61

..

--------------------------------------

(Metadata)
(Metadata)

(Physical Condition Tag) (IQA Tag)

: JPEG 8-bit Grayscale 100 dpi
: TIFF Black & White
200 dpi
: TIFF Black & White
200 dpi

()
62
---

()
()

()
()

()
()
()
63

() (Identification)
() (Authentication)
()
(Authorization)
() (Accountability)

()
64

(Certification Authority)
..
()
65

(Certificate Policy) (Certification Practice Statement)
(Certification Authority) ..
/ / /
()
66
..

(Certificate Policy) (Certification Practice
Statement) (Certification Authority)
() () ()
..


..

()
67
.
(Electronic Certificate)
(Digital Signature)

(Server) (Entity)
(Public Key Infrastructure PKI)

Internet Engineering Task Force IETF
(Internet Architecture)
Internet X.509 Public Key
Infrastructure Certificate Policy and Certification Practices Framework (RFC 3647)

. (Definition) (Acronym)
/
RFC
The Internet Request For Comments

(Protocol)
()
68
-/
Certificate
Revocation List
(CRL)
Online
Certificate
Status Protocol
(OCSP)
Object Identifier
(OID)
Public Key
Private Key
Key Pair

(Server)
(Operating Unit/Site) (Device)
(Protocol)
(Information Object)
Object

()
69
-/
Registration
Authority (RA)
(Compromise)
.
(Introduction)

(Publication and Repository Responsibilities)
(Identification and Authentication)

(Certificate Life-Cycle Operation Requirements)

(Facility, Management, and Operational Controls)
(Technical Security Controls)

(Certificate, CRL, and OCSP Profiles)

(Compliance Audit and Other Assessment)
(Other Business and Legal Matters)
()
70
-.
(Introduction)

. (Overview)

PKI

PKI
PKI
. (Document Name and Identification)

(Other Identifier)
OID ASN.1 Object
Identifier OID

OID OID Information
Object OID
OID American National Standard
Institute (ANSI) , ISO
. (PKI Participants)
(Identity) (Entity)

. (Certification Authority)

. (Registration Authority)

(Identification)
(Authentication)
()
71
-

. (Subscriber)

. (Relying Party)

. (Other Participants)

(Providers of Repository Services) Outsource

. (Certificate Usage)
()
72
-. (Policy Administration)

. (Definitions and Acronyms)

(Publication and
Repository Responsibilities)

(Repository)

(Security Controls) (Trade Secret)

(Access Control)

((Identification and Authentication (I&A))

()
73
-

. (Naming)
(Naming Convention)

. X.500 Distinguished Name RFC 822 Names
(e-mail) X.400
.
.
(Anonymous or Pseudonymous)
. X.500 RFC 822
. (Unique Name)
. (Initial Identity Validation)
(Identification)
(Authentication)

.

Certificate Request
Message
.

.

()
74
-. (Identification and
Authentication for Re-key Requests)

.
(Identification and Authentication for Revocation Requests)

(Certificate
Life-Cycle Operation Requirements)

. (Certificate Application)
.
(Certificate Subject) RA
.

()

()

()
75
-. (Certificate Application Processing)

.

.
. (Certificate Issuance)

.

. (Certificate Acceptance)
.

()
()
.
X.500 Directory LDAP repository
.

()
76
-. (Key Pair and Certificate Usage)

.
(Private Key)

.

. (Certificate Renewal)

.

.
(Password)
.
.
()
77
-. (Certificate Re-key)

.

.

.
.
. (Certificate Modification)

.

Distinguished Name
.

.
.
.
. (Certificate Revocation and Suspension)
()
78
-.

.

.
.
. Certificate Revocation List (CRL)

CRL CRL

.
. (Certificate Status Services)

.

.
. (End of Subscription)
. (Key Escrow and Recovery)
Session Key (Session Key Encapsulation)
()
79
-
(Facility, Management, and Operational Controls)
(Key Generation)
(Subject Authentication) (Certificate Issuance)
(Certificate Revocation)
(Auditing and Archiving)

(Physical Security Controls)
. (Site Location and Construction)

(High
Security Zone)

. (Physical Access)

Backup Media

. (Physical Security Controls)
()
80
-.

.

. (Procedural Controls)
.
(Compromise and Disaster Recovery)

.
(CA or RA Termination)

(Technical Security Controls)
PIN Password
.
(Key Pair Generation and Installation)

.

.
()
81
-.
. 1,024 RSA 1,024 DSA

.
.
X.509
X.509 3
. (Private Key Protection)
(Cryptographic Module Engineering Control)

. (
)
.
( m out of n)
. (Key Escrow)
. (Private Key Backup)
. (Private Key Archival)
.
. (Private Key Storage in Cryptographic
Module) (Plaintext)
(Encrypted) (Split Key)
.
.
.
()
82
-. (
FIPS 140-1
. (Other Aspects of Key Pair
Management)

. (Public Key Archival)

.
. (Activation Data)
(Activation Data) (Reference Code) (Installation

Code)
. (Computer Security Controls)

(Access
Control) (Audit)
(Identification Authentication) (Security testing)
(Penetration Testing)
The Trusted System Evaluation Criteria (TCSEC)
. (Life Cycle Technical Controls)

(Tools) (procedure)
(Operational Systems) (Networks)
()
83
-. (Network Security Controls)

(Router)
(Firewall) (Intrusion Detection System: IDS)
. (Time-stamping)

(Certificate, CRL, and OCSP Profiles)
. (Certificate Profile)
( IETF RFC 3280)
.
. Certificate Extensions (Criticality) OID
(Cryptographic Algorithm Object Identifiers)
.
. OID
. (Certification Revocation List Profile)
. ( IETF RFC 3280)

. CRL Entry Extensions
(Criticality)
. OCSP (OCSP Profile)
OCSP (Online Certificate Status Protocol) OCSP

OCSP ( IETF RFC 2560)
()
84
-
(Compliance Audit and Other Assessment)

(Methodology)
WebTrust

(Other Business and Legal Matters)
(Fees)
(Financial Responsibility)

(Limitation of
Liability)

. (Fees)

(Certificate Issuance or Renewal Fees)
(Certificate Access Fees)

(Refund Policy)
()
85
-. (Financial Responsibility)
(Operational PKI
Responsibilities)
(to Remain Solvent and Pay Damages)
(Insurance Coverage for Liabilities)
(Contingencies) (Assets on The Balance Sheet)
(Surety Bond) (Letter of Credit)
(Indemnity) (Insurance)
(Warranty)
. (Confidentiality of Business Information)

(Business Plan) (Sales Information) (Trade Secrets)
(Nondisclosure Agreement)

(Compromise)
. (Privacy of Personal
Information)

OECD Guidelines

. (Intellectual Property Rights)

()
86
. (Representations and Warranties)

(Subscriber Agreement)
(Relying Party Agreement)
. (Disclaimers of Warranties)

. (Limitations of Liability)

(Incidental Damages)
(Consequential Damages)
. (Indemnities)

Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices
Framework (RFC 3647)
()
87
..
()
88
..
/ / /
()
89
..
..
..

..

..

()
90
()
()

()
91
:-
..

()
92

..
()
93
..
/ / /
()
94
..
..
..

()

..

..

()
95
()

()

()

()

()

()

()
()
96
()
()

()
97
:-

..

()
98

..
()
99

..
/ / /
()
100
..

..

()

()
101
()
() (asset)
()

() (information security)
(confidentiality) (integrity) (availability)
(authenticity) (accountability)
(non-repudiation) (reliability)
() (information security event)

() (information
security incident)
(unwanted or unexpected)

()
()

()
()
102

()
()

()
()

-
(access control)

()
()

()

(business
requirements for access control)

(user access management)

(information security awareness
training)
()
103
()



(user responsibilities)

() (password use)

()
() (clear desk and

clear screen policy)

()
104
()
..
(network access control)

()
() (user authentication for external

connections)
() (equipment identification in networks)

() (remote diagnostic and
configuration port protection)
() (segregation in networks)

() (network connection control)

() (network routing control)

(operating system access control)

()
()
105
() (user identification and authentication)

() (password management system)

(interactive)

() (use of system utilities)

()
(session time-out)
() (limitation of connection time)

(application and information access control)
() (information access restriction)
(functions)
()

(mobile computing
and teleworking)
()

()
106
() (teleworking)

()
()

()

()
()

()
(information security audit and assessment)
()
(internal auditor)
(external auditor)
()
107

..

()
108

..
()
109

..
/ / /
()
110

..

..

()

()

()
111
()

()

()

()

()

()
()
()
112

()
()
()

()

()

()

()
113
() (Cookies)

() (Demographic Information)

() (Log Files)
(IP Address)
(Browser)

()

()

(Data Subject)

()
114
()

()

()

()

()
115
()

()

()

()

()

()
()

()
()
()
()
()
116

(Trust Mark)

(Trust Mark)
..

()
117

..
()
118
..
/ / /
()
119
..
..
..

..

..

()
120
(Electronic Data Capture : EDC)

(EDC Network)

(Transaction Switching)
()
121
(Clearing)

(Settlement)

()
122

()
()

()
()
()
()
()
()

()
()

()
()

()
123

()
()
()
()

()
()
()
.
()
() ()
()
()
()
()
()
()
124

..

()

()
125
()
126

()
()
()
()
()
()
() .
()

.

()
()
()
()
()
127
()
()

()
.
()

()
. () ()

.

.

. .
()
128

.

..

.
.

..

()
..
()
() .

()
129
()
130

..
()
()
()
()

()
()
()
()
()
()

()
131
:-

()
132
..
()
133

..

/ / /
()
134
..

..
..

..

..

..

..

..
()
135
()
136
()
()

()
()
()

()
()
()

()
()
()
137
()

()

()
()
()
()
()
()

()
()
138
()
()
()
()
()
()

..
()
139
()
140

..

()
141
. / .

..
....................
.... ..
..
.. ..
( .....................................................................................)
(..)

.. .........

..
.............................................. (..)
..

.. ..................... .. ....
()
(................................................)
()
142
- .
../..
...........................................

../ .

/ .. .
.. ..
.. ...
( )
(.)
... (.) ............................................

(.)
. ..

()
143
( ) ..
()
144

( ) ..
/ / /
()
145

( )
..
()
..

( )
..

..

(Issuer)
(Acquirer)

()
() (Issuer) (Acquirer)
() ()
()
()
146
() ()
() ()

() (Acquirer)
(Issuer)
() (Transaction Switching)
() (Clearing)
() (Settlement)

(IT Outsourcing) .

.

..

()
147

..
()
148
/ / /
()
149

..

..

.. ( )
( )
( )
( )

(e-Money )
( )
() (Credit Card Network)
() (EDC Network)
() (Transaction Switching
)
()

(e-Money )
()
150
( )
() (Clearing)
() (Settlement)
()
() (Transaction Switching )
()
()

(e-Money )
.

..

..

() (Clearing)
() (Settlement)
()
151
()


()
()

(e-Money )

.
..
()
152

.
()
.

() .
()
()
()
153
()

.
()

() .
()
()
()
.
()
() .
.

..

.
..
() () () () () () ()
()
154

()
()
()
()
() .

()
()
() (Financial Risk) ()

()

()
155
()

() .

()
()

()
()
.
()
.
() .

.
()
156
.
.

.
..

. .

.
..

(Outsourcing)

()
(Outsourcing)
()
.
()
157

. .

..

(e-Money)

()
()
()
()
158
()

()
() (Know Your Customer:

KYC) (Customer Due Diligence: CDD)
(.)
()

()
..

(Credit Card Network)
(EDC Network)
(Transaction Switching)

(Access and Exit Criteria)

()
159

(Clearing)

.
.
()

()

.
.

.

()
160

(Settlement)

(Settlement Risk)

.
.

.

(Know Your Customer: KYC)
(Customer Due Diligence: CDD)
(.)
()
161

()

()
..

()
162
........... / 25....
( )
.......... ............................ .. ..............

.................................................................................
()
.................................................................... ...........................................
()
..........................................
........................................ ......................................... ............
1. ...................................... ..................................................................
2. ...................................... ..................................................................
3. ...................................... ..................................................................
4. ...................................... ..................................................................
5. ...................................... ..................................................................
( 5

)

(e-Money )
.. 2551

.

(1)
()
163
-2-
(2)

(1)
(2)

(1)
(2)
(3)
(4)
(5)
6)
.
(1)
1.1
1.2

1.2.1
1.2.2
1.2.3
1.2.4
1.3

1.3.1
1.3.2

1.3.3
()
164
-3-
1.4
1.5
()
1.6
(Outsourcing)
(2)
(3)
(4)

..........................................................
(
( )
()
165
........... / 25....
( )
.......... ............................ .. ..............

.................................................................................
()
.................................................................... ...........................................
()
..........................................
........................................ ......................................... ............
1. ...................................... ..................................................................
2. ...................................... ..................................................................
3. ...................................... ..................................................................
4. ...................................... ..................................................................
5. ...................................... ..................................................................
( 5

)

.. 2551 ( 9
)
(1) (Credit Card Network)

(2) (EDC Network)
(3) (Transaction
Switching )
(4)

(e-Money )
()
166
-2-

(1)
(2)

(1)
(2)
(3)
(4)
(5)
(6)
.
(1)
1.1
1.2
1.3

1.3.1
1.3.2

1.3.3
1.4

1.5
()
()
167
-3-
1.6
(Outsourcing)
(2)
(3)
(4)
(5)
(6) (Business Continuity Management:

BCM)

6.1
6.2

6.2.1 (Strategic Risk)
6.2.2 (Liquidity Risk)
6.2.3 (Operation Risk)
6.2.4 (Legal Risk)
6.2.5 (Reputation Risk)
6.3
(Business Continuity Planning: BCP)
6.4 BCP
(7)
7.1
7.2 (Outsourcing)
(
)
()
168
-4-
(8) (Feasibility Study)
(9)

(.)
(10)
()

..........................................................
(
( )
()
169
-5-
(e-Money )
1.
1.1
1.2
1.3
1.4
()
2. ()
2.1

2.2
2.3
2.4
3
3.1
3.2
3.3
-

-
-

-
-
-
-
-
()
170
........... / 25....
( )
.......... ............................ .. ..............

.................................................................................
()
...............................................................................................................
()
..........................................
........................................ ......................................... ............
1. ...................................... ..................................................................
2. ...................................... ..................................................................
3. ...................................... ..................................................................
4. ...................................... ..................................................................
5. ...................................... ..................................................................
( 5

)

.. 2551 ( 9
)
(1) (Clearing)
(2) (Settlement)
(3)
(4) (Transaction Switching

)
(5)
()
171
-2-
(6)

(e-Money )
.
(1)
(2)
(3)
(4)
(5)
(6)
.
(1)
1.1
1.2
1.3

1.3.1
1.3.2

1.3.3
1.4

1.5
()
()
172
-3-
1.6
(Outsourcing)
(2)
(3)
(4)
3
(5)
(6) (Business Continuity Management:

BCM)

6.1
6.2

6.2.1 (Strategic Risk)
6.2.2 (Liquidity Risk)
6.2.3 (Operation Risk)
6.2.4 (Legal Risk)
6.2.5 (Reputation Risk)
6.3
(Business Continuity Planning: BCP)
6.4 BCP
(7)
7.1
7.2 (Outsourcing)
(
)
()
173
-4-
(8) (Feasibility Study)
(9)

(.)
(10)
()

..........................................................
(
( )
()
174
-5-

1. (e-Money )
1.1
1.1.1
1.1.2
1.1.3
1.1.4
()
1.2 ()
1.2.1

1.2.2
1.2.3
1.2.4
1.3
1.3.1
1.3.2
1.3.3
-

-
-

-
-
-
-
-
()
175
-6-
2. (Clearing)
2.1
2.2
2.3
2.4

()
3. (Settlement)
3.1
3.2
3.3 (Finality)
(Irrevocable)
3.4 ()
4. (Transaction switching )
4.1
4.2
4.3 ()
5.
5.1
5.2
5.3
()
176
........... / 25....
.......... ............................ .. ..............

.................................................................................
()
...............................................................................................................
()
..........................................
........................................ .........................................

( )

(e-Money ) ............................... ..............................
( ) ............................... ..............................
(1) (Credit card network)
(2) (EDC network)
(3) (Transaction
Switching )
(4)

(e-Money )
()
177
-2-
( ) ............................... ..............................
(1) (Clearing)
(2) (Settlement)
(3)
(4) (Transaction
Switching )
(5)
(6)

(e-Money )
..........................................................
(
( )
()
178
. /

()
179

. /

/ / /
()
180
. /

.

.

..

.

..
.
.

.
()
181
..

()
182
. /

()
183

. /

/ / /
()
184
. /

.

.

..
(.)
..
.
.

.. ( )
( )
( )
()
185
( )

(e-Money )
( )
() (Credit Card Network)
() (EDC Network)
() (Transaction Switching
)
()

(e-Money )
( )
() (Clearing)
() (Settlement)
()
()
()

(e-Money )
. (e-Money)
..

()
186
..

..
. (Settlement)
(Finality) (Irrevocable)

.

..
..

..

. .

()
187
..

()
188
. /

()
189

. /
/ / /
()
190
. /

.

.. (.)

.
..
.

..

.
()

()
191
()

()
()
()
()
.
.
()

()
192
..

()
193

1.

1.1

(1)

(2)
()
194
-2-
(3)

1.2
(1)
(2)
(3)

(3.1)

(3.2)

(3.3)

1.3

(Password) (Personal Identification Number)

(Token or Smart Card) (Biometric)
(Public Key Infrastructure)
()
195
-3-
(1)

(2)

2.

2.1

(1)
(2)

(3)
2.2
()
196
-4-
(1)

(2)

(3)
(3.1)

(3.2)

(3.3)
(3.4)

(3.5)

(4)
2.3

(1)

(1.1)
()
197
-5-
(1.2)
(1.3)
(1.4)
(2)
3.

(Peak Time)
3.1

(1)
(2)

(3)
(4)

3.2

()
198
-6-
(1)
(2) (Vulnerability Assessment)

(3)
(Penetration Test)
3.3
(1)

(2)
(3)
3.4
(1)
(2)

(3)
()
199
-7-
3.5
(1)
(2) (Recovery Time Objectives)
(3)

.
.
.
.
(4)
(5)
1
3.6

()
200
-8-
4.

1
(1)
1

(2)

29 2552
()
201

..
()
202
..
/ / /
()
203
..
..
..

..

..

()
204

()
()
()
(information security)

(administrative security)

(physical security)

(confidentiality)

(integrity)

()
205
(availability)

(critical infrastructure)

()
()
()

()

()

()

()

()
206

()
()

()
()
()
()

()

()

()
()
()

()
207

..

()
208
:-

..

()
209
..
()
210

..
/ / /
()
211
..
..

..

..

()
..
()
()
()
()

()
()
212
()
()
()
()
()

()
()
()

()
()

()

()
()
()
213
()

()

()
()

..

()
214

..
()
215

..
/ / /
()
216

..
..

..

..

..

()
217

..
------------------------------------------------
(Confidentiality)
(Integrity) (Availability)

.
.

.
.
.
.

.

.

.
.
()
218
.

.

.

. (Confidentiality agreement NonDisclosure agreement)
.

.

.
.

()
219
.

.

.
. (Security perimeter)

.

. (Power failure)
(Supporting utilities)
.
.

.
()
220
.

.
(Electronic commerce)
.
(Online transaction)

.

. Audit log

. Log Log
. Log
(System
administrator System operator)
.

()
221
.

.
.
.

.

.
.

.
(Laptop Computer)
(Smartphone)
.

.
.
.

()
222
.

.

.
.

.

.

.

.
.

.

.
.
.
()
223

.
.

.
.

.
.
. Log Log

.
(Security domain) (Synchronization)
.

.
.
.
()
224
.
Remote
diagnostic
Configuration facility
.
. Log-on
.
(Interactive)
.

. (Validate)
. (Validate)

. (Key)
. (Source code)
.

.

.

()
225
.

.
.
.
.

.
(Compromise)
.

.

.

.

.

.
.

.

.
()
226
. (Secure area)

.
(Secure area)
.

. (Interception)
.

.

.

.
. Mobile code ( Script

) (Configuration)
Mobile code
Mobile code
Mobile code
.
(Removable media)
.
(Removable media)
()
227
. (System documentation)
. (Electronic messaging)
( E - mail) EDI Instant messaging)
.

.
.
. Clear desk
Clear screen
. (Automatic equipment
identification)

.

.
(Teleworking)
.

. (Validate)
. (Authenticity)
(Integrity)
.
.
()
228
. (Software package)

.
.
.
.

.
(
)
.

.

.

.

-------------------------------------------------
()
229

..
()
230

..
/ / /
()
231
..
..
..

..

()
232

()

()

()
233

()

()

()
()
234

()

()
()
()
() ()
() () ()

()
235
()

()
()

()
()
()

()

()

()
236
()

()
() () () ()
()

() () () () ()

() () () ()
()

()

()

()
237
()
238
()
239
()
240
:-

()
241
..
()
242
..
/ / /
()
243
..

..

..
..

()
244
..
...............................................
..............................................................
............................................. .......................................
.............................................

..
() ........................................................... .........................................................
() ........................................................... .........................................................
........................
............................ ..........................
..
.............................. .......................................
/ ..................................... ................................ / ...................................
/ ........................................ .................................................................................
...............
.......................................................................................................................................................
......................................................................................................................................................

..........

...............................................................
.......................................................................................................................................................
...............................................
(..............................................)
...............................................
(..............................................)
...............................................
(..............................................)
...............................................
(..............................................)
...............................................
(..............................................)
...............................................
(..............................................)
()
245
..
........................ ......................... ............... .............

................. ............ / ............................ ..........................................
/ ....................................... / ................................ ..............................
.............................................. ..........................
.............................................................................................................
...........................
()
246

..

()
1. ...................
1.1 ............................................................. ........................................................
(model) ...................................... (S/N) ...............................................
Case Type: Mini Tower Mid Tower Full Tower
.............................
PC Stand-alone Server .......................... Client
...........................................................................
Workstation Mainframe
................................................................................................................................
Drives
1
1
Floppy drive(s) 5 4 .......... Floppy drive(s) 3 2 .......... Zip drive(s) .................
Jazz drive(s) .................................... Tape drive(s) .................................. Speakers ......................
CD-ROM drive(s) ......................... CD-ROM types .................... Parallel port(s) ........................
Serial port(s) ................................. USB port(s) ........................... Sound card/port ......................
Modem card/port ....................Video card/port ................... External SCSI card/port.................. .
NIC card/port ............................. ...................................................................................................
Monitor .........................................................................................................................................
Printer ............................................................................................................................................
.......................................................................................................................
1.2 ............................................................. ........................................................
(model) ...................................... (S/N) ...............................................
.............................
...........................................................................
................................................................................................................................
Drives
1
1
NIC card/port ............................. ...................................................................................................
Monitor .........................................................................................................................................
Printer ............................................................................................................................................
.......................................................................................................................
()
247

..
1.3 ............................................................. ........................................................
(model) ...................................... (S/N) ...............................................
.............................
...........................................................................
................................................................................................................................
Drives
1
1
NIC card/port ............................. ...................................................................................................
Monitor .........................................................................................................................................
Printer ............................................................................................................................................
.......................................................................................................................
1.4 ............................................................. ........................................................
(model) ...................................... (S/N) ...............................................
.............................
...........................................................................
................................................................................................................................
Drives
1
1
NIC card/port ............................. ...................................................................................................
Monitor .........................................................................................................................................
Printer ............................................................................................................................................
.......................................................................................................................
()
248
..
2. .............................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
.................................................................................................................................................
()
249
:-
..

()
250

..
()
251

..
/ / /
()
252

..

..

..

()

()

()
253

..

()

. (Telecommunication
and Broadcast Carrier) .
. (Access Service Provider)
.
.
(Host Service Provider) .
. .
() ()
(Content Service Provider) (Application
Service Provider) .
.

() () . .
() () . .

()
254
() () . .

() () . .
() () .

() (Media) (Integrity)
(Identification)
()

Centralized Log Server Data Archiving Data
Hashing
(IT Auditor)

()
..

()
(Identification and Authentication) Proxy Server, Network Address
Translation (NAT) Proxy Cache Cache Engine Free Internet 1222
Wi-Fi Hotspot
()

()
255
(Identification and Authentication)

(Stratum 0)

() () .
() () .
(ISP)
() ()
..

()
256
()
257
()
258
()
259
()
260
()
261
()
262
()
263
()
264
..
()
265

..
/ / /
()
266
..
..

..

..

()
()

() (Information
Security) (Computer Forensics)

()
.
. ()
()
267
. ()

. ()

.

()
()

()
()

()
268
()
()

()
()
()
()
()
()

..

()
269

..
..

..
(Information Security)
(Computer Forensics)
. (International Standard Courses)
:
(
. . )
:

(Law Enforcement)
()
Compulsory Course
.
.
. (Case Studies)
. IP Address
(Traffic Data)
/
()
270
/
()

(Information Security)
.
()
Compulsory Course
. General security concepts
. Security Architecture
. Access Controls
. Applications Security
. Operation Security
. Security Management
. Cryptography
. Physical Security
. Telecommunications and Network Security
. Business Continuity Planning
. Law, Investigations, and Ethics
. (Advanced
Information Security Course)
()
. Audit and Monitoring
. Risk, Response and Recovery
. Malicious Code Analysis
. Vulnerabilities Assessment & Penetration Testing
()
271
. (Computer Forensics)
()
Compulsory Course
. The needs for Computer Forensics
. Principles of Computer Forensics and Digital/Electronic Evidence
. Crime scene, Digital/Electronic Evidence and Chain of Custody
. Capturing the Data Image and Volatile Data
. Extracting Information from Captured Data
. Breaking Password and Encryption
. Using Computer Forensics Tools
. Investigation and Interrogation
. Digital/Electronic Evidence Analysis and Synthesis
. Testify in Court, Admissibility requirements
. Different between Computer Forensics and Network/Internet Forensics
. Network/Internet Forensics
. Using Network/Internet Forensics Tools
.
(Professional Computer Forensics Certified Forensic Computer Examiner (CFCE))
()
.
.
.
.
.
Using Computer Forensic Tools Encase, Forensics Toolkits, ILook

Using Network / Internet Forensic Tools Encase Field Intelligence Model
(FIM)
Wireless Forensic Tools Netstumbler, Kismet, Aircrack
Using Handheld Forensics Tools (Cell & PDA) Paraben, MobilEdit, Vogon
Cryptology Cryptography Cryptanalysis
()
272

. (Intensive Courses) ( )
:

(Law Enforcement)
.
.
.
.
.
()
Compulsory Course

(Case Studies)
IP Address
(Traffic Data)
/
/
()

()
273
Compulsory Course
. The needs for Computer Forensics
. Principles of Computer Forensics and Digital/Electronic Evidence
. Crime scene, Digital/Electronic Evidence and Chain of Custody
. Capturing the Data Image and Volatile Data
. Extracting Information from Captured Data
. Breaking Password and Encryption
. Using Computer Forensics Tools
. Investigation and Interrogation
. Digital/Electronic Evidence Analysis and Synthesis
. Testify in Court, Admissibility requirements
. Different between Computer Forensics and Network/Internet Forensics
. Network/Internet Forensics
. Using Network/Internet Forensics Tools
()
274
..
()
275

..
/ / /
()
276
..

..

..

..

..

()
277

..

..

..
..
()
278
BOOK

Etda Itlaw 100712

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Etda Itlaw 100712

Uploaded by

Copyright:

Available Formats

BOOK

() (Backup) (Data recovery)

-() -5 (Luminance) 13.5

() (user password management)

() (review of user access rights)

-() (password use)

The Internet Request For Comments

-. (Certificate Application Processing)

-. (Key Pair and Certificate Usage)

. (Certificate Revocation and Suspension)

. Certificate Revocation List (CRL)

. (Key Escrow and Recovery)

Session Key (Session Key Encapsulation)

(Physical Security Controls)

. (Site Location and Construction)

(Technical Security Controls)

. 1,024 RSA 1,024 DSA

. (Public Key Archival)

(Activation Data) (Reference Code) (Installation

. (Computer Security Controls)

-. (Network Security Controls)

OCSP (Online Certificate Status Protocol) OCSP

. (Representations and Warranties)

(user access management)

() (review of user access rights)

() (clear desk and

() (user authentication for external

() (equipment identification in networks)

() (network routing control)

(operating system access control)

() (user identification and authentication)

() (password management system)

(Electronic Data Capture : EDC)

() (Know Your Customer:

(1) (Credit Card Network)

(6) (Business Continuity Management:

(8) (Feasibility Study)

(4) (Transaction Switching

(6) (Business Continuity Management:

(8) (Feasibility Study)

.......... ............................ .. ..............

(Password) (Personal Identification Number)

(2) (Vulnerability Assessment)

. (Confidentiality agreement NonDisclosure agreement)

. Mobile code ( Script

........................ ......................... ............... .............

(Identification and Authentication)

Using Computer Forensic Tools Encase, Forensics Toolkits, ILook

You might also like