Professional Documents
Culture Documents
8 2550
ICT 1
........................................................................................................................................................... 3
1. ...........................................................................................................................3
2. ..........................................................................................................................3
3. ............................................................................................ 4
/ ...................................................................................... 5
1. .......................................................................................................5
2. .................................................................................................................5
3. (ICT Security Policy) ..............................7
4. ............................................................................................................. 7
5. (SSP -System Security Plan) ..................12
6.
(Security Standard Operating Procedures -SOPs) ........................................................................13
7. ....................................................17
8. ....17
9. ..................................................................................................20
............................................................................................................................................. 21
ICT 2
1.
(.. 2549 2551)
ISO/IEC 27001
2.
1) ISMS
2) ISMS
ICT 3
3.
(Confidentiality) (Integrity) (Availability)
(IT)
3
(Confidentiality)
(Integrity)
(Availability)
(Authentication)
(Authorization)
(Data backup)
(Data protection)
(Data security)
(Security policy)
ICT 4
/
1.
1)
2)
3)
4) /
5)
6)
2.
1)
2) /
3) /
ICT 5
ICT security
/
Web server hosting Public website
(Security-In-Confident)
(Secret) (Restrict)
(Unclassified)
ICT 6
1)
2)
3)
4)
5)
6)
7)
8)
4.
1 (Stage 1: Establishing the Context)
2 (Stage 2: Identifying the Risks)
3 (Stage 3: Analysing the Risks)
4 (Stage 4: Assessing and Prioritising Risks)
5 (Stage 5: Developing a Risk Treatment Plan)
ICT 7
1 ,
2
, ,
-, ,
3
,
, ,
,
4
,
/ , costsbenefits
5
, ,
/
2
1
ICT 8
1
2
3
(Matrix)
, ,
, (Major)
,
,
,
(moderate)
ICT 9
, (minor)
,
, ,
,
E
Extreme
H
M
L
High
Moderate
Low
10
ICT
(Matrix)
Almost certain
Likely
Possible
Unlikely
Rare
1
()
2 1
3 1
11
ICT
5
(Risk Treatment Plan)
/
1
2
3 Cost/benefit
4
5 4
6
5. (SSP -System Security Plan)
ICT Security
-
1)
2)
3)
12
ICT
4)
5)
6)
7)
()
( /)
6.
(Security Standard Operating Procedures -SOPs)
/ (ITSA)
System Manager
System Administrator
SOPs
(SOPs)
13
ICT
1) / (ITSA)
ITSAs SOPs
Audit logs
System integrity audit
System software
access controls
14
ICT
System maintenance
Configuration control
Access control
System backup and recovery
software vulnerabilities
software patched/updates
hardening techniques
anti-virus software
System closedown
, , Cleaning up
directories & files
audit logs, backup
tapes, recovering from system failures
15
ICT
Security incidents
Classification
(Temporary absence)
Media control
Hardcopy
Visitors
Classified material
(hardcopy)
system media & system output
16
ICT
malicious code
unauthorized software, firmware, hardware
7.
(
)
8.
Confidentiality,
Integrity, Availability Authentication Access control
ICT Security
1)
17
ICT
ICT Security
System hardware
System or application software
system access controls
3) Security Incidents
Security incident Confidentiality, Integrity
Availability unauthorized access, disclosure, modification,
misuse, damage, loss destruction
Countermeasures against malicious code
Intrusion detection strategies
Audit analysis
System integrity checking
Vulnerability assessments
software tools
18
ICT
4) Security Incidents
Software malfunctions
/
/
5)
Security incidents
19
ICT
9.
Security
(Best practice)
20
ICT
21
ICT