Scribd Logo
Upload

Welcome to Scribd!

  • Chuong 2 Tieu Chuan Am Toan Mang 9895

    Uploaded by

    phuc1231991
    8 views29 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views29 pages

    Chuong 2 Tieu Chuan Am Toan Mang 9895

    Uploaded by

    phuc1231991

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 29

    TIU CHUN AN TON MNG

    An ton thng tin l cc bin php nhm m bo tnh b mt (confidentiality), tnh ton vn (integrity) v tnh sn sng (availability) ca thng tin. ISO 17799: Mc tiu ca BS7799 / ISO 17799 l to nn mng cho s pht trin cc tiu chun v A TTT v cc bin php qun l A TTT hiu qu trong mt t chc , ng thi to ra s tin cy trong cc giao dch lin t chc

    ISO 17799 nhm thit lp h thng qun l bo mt thng tin, gm cc bc nh sau: n a) Xc nh phm vi v ranh gii ca h thng ISMS ph hp vi c im ca hot ng kinh doanh, vic t chc, v tr a l, ti sn v cng ngh, v bao gm cc chi tit ca chng v cc minh chng cho cc loi tr trong phm vi p dng.

    b) Xc nh mt chnh sch ca h thng bo mt ph hp vi c im ca hot ng kinh doanh, vic t chc, v tr a l, ti sn v cng ngh m: n 1) Bao gm c cu cho vic thit lp cc mc tiu v xy dng thc chung trong nh hng v cc nguyn tc hnh ng v bo mt thng tin.

    2) Quan tm n cc hot ng kinh doanh v cc yu cu ca lut hoc php l, v cc bn phn bo mt tha thun. n 3) Sp xp thc hin vic thit lp v duy tr h thng ISMS trong chin lc ca t chc v vic qun l cc ri ro. n 4) Thit lp tiu chun nh gi cc ri ro n 5) c duyt bi lnh o

    c) Xc nh cch thc nh gi ri ro ca t chc n 1) Xc nh phng php nh gi ri ro ph hp vi h thng mng, v nhng thng tin ca hot ng kinh doanh xc nh, cc yu cu ca lut v php ch n 2) Xy dng tiu chun chp nhn cc ri ro v xc nh cc mc chp nhn

    d) Xc nh cc ri ro
    n

    1) Xc nh cc ti sn thuc phm vi ca h thng mng v cc ch nhn ca nhng ti sn ny n 2) Xc nh cc ri ro cho cc ti sn n 3) Xc nh cc yu im m c th b khai thc hoc li dng bi cc mi e da n 4) Xc nh cc nh hng hoc tc ng lm mt tnh b mt, ton vn v sn c m c th c cc ti sn ny

    e) Phn tch v nh gi cc ri ro n 1) nh gi cc tc ng nh hng n hot ng ca t chc c th c do li bo mt, Quan tm xem xt cc hu qu ca vic mt tnh bo mt, ton vn hoc sn c ca cc ti sn n 2) nh gi kh nng thc t c th xy ra cc li bo mt do khinh sut cc mi e da v yu im ph bin hoc thng gp,

    v do cc nh hng lin quan n cc ti sn ny, v do vic p dng cc bin php kim sot hin hnh. n 3) c lng cc mc ri ro n 4) nh r xem coi cc ri ro c th chp nhn c hay cn thit phi c x l bng cch s dng cc tiu chun chp nhn ri ro c lp trong mc c2

    f) Xc nh v nh gi cc phng n x l cc ri ro n 1) p dng cc bin php kim sot thch hp n 2) Ch tm v mt cch khch quan chp nhn cc ri ro, vi iu kin chng tha mn mt cch r rng cc chnh sch ca t chc v cc chun mc chp nhn ri ro.

    3) Trnh cc ri ro n 4) Chuyn cc cng vic ri ro lin i cho cc t chc/c nhn khc nh nh bo him, nh cung cp
    n

    g) Chn cc mc tiu kim sot v cc bin php kim sot x l cc ri ro n h) Thng qua lnh o cc sut v cc ri ro cn li sau x l n i) c php ca lnh o p dng v vn hnh h thng qun l bo mt thng tin
    n

    j) Chun b bn tuyn b p dng n 1) Cc mc tiu kim sot v cc bin php kim sot c v cc l do chn chng n 2) Cc mc tiu kim sot v cc bin php kim sot hin ang c p dng n 3) Cc ngoi l ca bt k cc mc tiu kim sot v cc bin php kim sot v minh chng cho chng.

    p dng v vn hnh h thng mng theo ISO 17799 gm cc bc nh sau: n a) Trnh by mt k hoch x l ri ro r rng xc nh s ph hp ca cc hnh ng ca lnh o, cc ngun lc, trch nhim v u tin ca vic qun l cc ri ro bo mt thng tin

    b) p dng k hoch x l ri ro m t c cc mc tiu kim sot xc nh, trong bao gm vic xem xt chi ph (funding) v s phn cng vai tr v trch nhim n c) p dng cc bin php kim sot c la chn nhm t c cc mc tiu kim sot

    d) Xc nh cch thc o lng hiu qu ca cc bin php kim sot chn hoc nhm cc kim sot v xc nh cch thc s dng cc cch o ny kim sot nh gi mt cch hiu qu cho ra cc kt qu c th so snh v ti thc nghim

    e) o to p dng v cc chng trnh nhn thc n f) Qun l hot ng ca h thng mng n g) Qun l ngun lc cho h thng mng n h) p dng cc th tc quy trnh v cc bin php kim sot c th khc kch hot vic pht hin kp thi cc s kin bo mt v i ph vi cc s c bo mt
    n

    Gim st v ti xem xt h thng mng theo ISO 17799, gm cc bc sau: n a) Thc hin gim st v xem xt cc th tc v cc bin php kim sot khc : n 1) Pht hin kp thi sai li ngay trong cc kt qu ca qu trnh x l n 2) Nhn bit kp thi vic th nghim v t nhp thnh cng cc l hng v s c bo mt

    3) cho lnh o xc nh c hot ng bo mt y thc cho ngi hay vn dng cng ngh thng tin ang hot ng c t nh mong i khng n 4) Gip cho vic pht hin s kin bo mt v ngn nga s c bo mt bng vic s dng cc ch s n 5) Xc nh cc hnh ng gii quyt l hng bo mt c hiu qu khng
    n

    b) Thc hin vic xem xt nh k hiu qu ca h thng ISMS (Bao gm vic t c chnh sch bo mt v cc mc tiu, v xem xt cc bin php kim sot bo mt) quan tm n cc kt qu ca vic nh gi bo mt, cc s c, cc kt qu o lng hiu qu, cc kin ngh v phn hi t cc bn quan tm. c) o lng hiu qu ca cc bin php kim sot xc minh l cc yu cu bo mt c tha mn.

    d) Xem xt cc vic nh gi ri ro cc giai on hoch nh v xem xt cc ri ro cn li v cc mc chp nhn ri ro xc nh, quan tm n cc thay i n n 1) C cu t chc n 2) Cng ngh n 3) Mc tiu kinh doanh v cc qu trnh

    4) Cc mi e da xc nh n 5) Hiu qu ca vic p dng cc kim sot n 6) Cc s kin bn ngoi, nh l lut hay mi trng php l thay i, cc bn phn tha thun thay i, v hon cnh x hi thay i.
    n

    e) Thc hin nh gi ni b h thng ISMS theo chu k hoch nh n f) Thc hin vic xem xt lnh o cho h thng mng mt cch nh k nhm m bo phm vi p dng vn cn y v cc ci tin trong qu trnh ca h thng mng c nhn bit

    g) Cp nht cc k hoch bo mt nhm quan tm cc pht hin ca hot ng gim st v xem xt n h) H s ca cc hnh ng v s kin m c th nh hng n hiu qu hoc nng lc ca h thng mng

    Duy tr v ci tin h thng mng theo ISO 17799, gm cc bc sau: n a) p dng cc ci tin nhn bit trong h thng mng n b) Thc hin cc hnh ng khc phc v phng nga . p dng cc bi hc kinh nghim t cc s c bo mt ca cc t chc khc v ca chnh t chc

    c) Trao i cc hnh ng v cc ci tin cho tt c cc bn quan tm vi mc chi tit ph hp vi hon cnh v, khi thch hp, thng nht cch thc thc hin. n d) m bo rng cc ci tin t c mc tiu mong mun cho chng
    n

    Vi v d v ri ro mt an ton thng tin : n B Virus xm nhp: hng d liu, ngng h thng, n B Trojan, Spyware: n cp thng tin, ci t cng hu, n B nh cp mt khu: dn n b gi mo truy nhp thng tin n B Hacker (Tin tc) xm nhp qua mng: ph hoi h thng, ly cp hay sa i thng tin,

    B nghe trm (sniffer) thng tin khi truyn qua mng: l b mt kinh doanh (gi b thu, gi mua hng), b sa sai lch thng tin, n B thng tin gi mo gi n, dn n nhng quyt nh sai gy thit hi nghim trng (vi phm tnh chng t chi): PHISHING, n B sa i trang Web, gy mt uy tn vi KH, bn hng,
    n

    B ngi dng bn trong lm l thng tin cho i th, (information leakage) n B ngi dng bn trong ph hoi, n B l hng, back-door (v tnh hay c ) trong cc ng dng thu cng ty bn ngoi pht trin . n B tn cng t chi dch v: gy ngng tr h thng (mt tnh sn sng)

    THANKS

    You might also like