The Issue of Information Security Management ?????? - PowerPoint PPT Presentation

Loading...

PPT – The Issue of Information Security Management ?????? PowerPoint presentation | free to download - id: 5471a8-YTBjM



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

The Issue of Information Security Management ??????

Description:

Title: (The Issue of Information Security Management) Author: myday Keywords: , , Information Security Management, ISMS – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 22
Provided by: myD3
Learn more at: http://mail.tku.edu.tw
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: The Issue of Information Security Management ??????


1
The Issue of Information Security
Management ??????
Course Orientation for Information Security
Management ??????????
1012ISM01 MI4 Mon 8, 9 (1510-1700) (B703)
Min-Yuh Day ??? Assistant Professor ?????? Dept.
of Information Management, Tamkang
University ???? ?????? http//mail.
tku.edu.tw/myday/ 2013-02-18
2
????101????2?? ??????? (2013.02 - 2013.06)
  • ?????????? (The Issue of
    Information Security Management)
  • ??????? (Min-Yuh Day)
  • ???????P(TLMXB4P)
  • ?????? ??? 2 ?? (2 Credits, Elective)
  • ?????? 8, 9 (Mon 1510-1700)
  • ????B703

3
????
  • ???????????????????
  • ??????
  • ISO 27001 ????????,
  • ??????,????,????,
  • ??????,
  • ????????,
  • ????,??????,
  • ?????????,???????,
  • ????,?????????????,
  • ??????,??????,
  • ????????????????,
  • ????,????,?????

4
Course Introduction
  • This course introduces the fundamental concepts
    and practices of information security management.
  • Topics include
  • Introduction to ISO 27001 Information Security
    Management System (ISMS),
  • Information Security Risk, Risk Assessment,
  • Information Security Policy, Organization of
    Information Security,
  • Assets Management, Human Resources Management,
  • Physical and Environmental Security,
  • Communications and Operations Management, Access
    Control,
  • Information Systems Acquisition, Development and
    Maintenance,
  • Information Security Incident Management,
  • Business Continuity Management,
  • Compliance,
  • Internal Audit, Management Review, Continuous
    Improvement

5
???? (Objective)
  • ????????????????????????
  • Students will be able to understand and apply the
    fundamental concepts and practices of information
    security management.

6
?????????
  • ????
  • ?????????????
  • ????
  • ????????????

7
???? (Syllabus)
  • ?? ?? ??(Subject/Topics)
  • 1 102/02/18 ??????????
    (Course Orientation for Information Security
    Management)
  • 2 102/02/25 ISO 27001 ??????????
    (Introduction to ISO 27001
    Information Security Management System ISMS)
  • 3 102/03/04 ?????? (Information Security
    Risk) ???? ( Risk
    Assessment)
  • 4 102/03/11 ?????? (Information Security
    Policy)
  • 5 102/03/18 ???????? (Organization of
    Information Security)
    ???? (Assets Management)
  • 6 102/03/25 ?????? (Human Resources
    Management) ?????????
    (Physical and Environmental Security)
    ??????? (Communications and
    Operations Management)
    ???? (Access Control)
  • 7 102/04/01 ??????? (Off-campus study)

8
???? (Syllabus)
  • ?? ?? ??(Subject/Topics)
  • 8 102/04/08 ?????????????
    (Information Systems Acquisition,
    Development and Maintenance)
  • 9 102/04/15 ???? (Midterm Presentation)
  • 10 102/04/22 ?????
  • 11 102/04/29 ????????
    (Invited Talk on Information Security
    Management)(Invited Speaker)
  • 12 102/05/06 ?????? (Information Security
    Incident Management)
    ?????? (Business Continuity Management)
    ???????????????? (Compliance)
  • 13 102/05/13 ???? (Internal Audit)
    ???? (Management Review)
    ???? (Continuous
    Improvement)
  • 14 102/05/20 ???? (Final Presentation)
  • 15 102/05/27 ?????

9
?????????
  • ???? (Textbook)
  • ?? (Slides)
  • ???? (References)
  • ????????,????????????
  • Alan Calder and Steve Watkins (2012), IT
    governance a managers guide to data security
    and ISO 27001/ ISO 27002, 5th edition, Kogan Page.

10
????????
  • ????30.0
  • ????30.0
  • ?? (???????????)40.0 (3 ???)

11
???? (information security)
  • ???? (information security)
  • ???????????????? ??, ?????????????? ????????????
    ? CNS 17799
  • information security
  • preservation of confidentiality, integrity and
    availability of information in addition, other
    properties such as authenticity, accountability,
    non-repudiation and reliability can also be
    involved ISO/IEC 177992005

Source ISO/IEC 270012005, CNS 27001
12
???????? (Information Security Management System,
ISMS)
  • ???????? (Information Security Management System,
    ISMS)
  • ??????????, ???????(??)???, ??????????????????????
    ?????
  • ?? ??????????????????? ???????????????
  • information security management system (ISMS)
  • that part of the overall management system, based
    on a business risk approach, to establish,
    implement, operate, monitor, review, maintain and
    improve information security
  • NOTE The management system includes
    organizational structure, policies, planning
    activities, responsibilities, practices,
    procedures, processes and resources.

Source ISO/IEC 270012005, CNS 27001
13
?????????
  • ?????????????????? ?????????????????????

????????? 2003 ? 2004 ?,????? Wells Fargo
??????????????????????????????????????????,???????
????????
Source??? (2011),?????????,???,??
14
????????
Source??? (2011),?????????,???,??
15
???????
Source??? (2011),?????????,???,??
16
PDCA model applied to ISMS processes
Source ISO/IEC 270012005
17
??? ISMS ???PDCA ??
Source CNS 27001
18
????????/??
Source ????????????,????????
19
????????????
Source ????????????,????????
20
????????????
  • ISO 27001 (ISO 27001 Lead Auditor)
  • BSI (The British Standards Institution)
  • Security
  • CompTIA
  • CISSP (Certified Information Systems Security
    Professional)
  • (ISC)2 (International Information Systems
    Security Certification Consortium)
  • SSCP (Systems Security Certified Practitioner)
  • (ISC)2 (International Information Systems
    Security Certification Consortium)
  • CEH (Certified Ethical Hacker)
  • EC-Council

21
Contact Information
  • ??? ?? (Min-Yuh Day, Ph.D.)
  • ??????
  • ???? ??????
  • ??02-26215656 2347
  • ??02-26209737
  • ???i716 (??????)
  • ?? 25137 ?????????151?
  • Email myday_at_mail.tku.edu.tw
  • ??http//mail.tku.edu.tw/myday/
About PowerShow.com