ISO 27002 GV : CH.Nguyn Duy Email : [email protected]
1
Ni dung ATTT l g ? Mc tiu ca ATTT ? Phm vi ca ATTT ? Phn tch ISO 27002-2005
Nguyn Duy
Xy dng chnh sch ATTT
2
ATTT l g ? Thng tin l g ? Ti sn : Phn cng, phn mm, d liu,
ATTT l bo v ti sn trnh cc mi e da nh cp thng tin t bn ngoi. Nhng khng nh hng g ti hiu sut kinh doanh ca cng tyNguyn Duy Xy dng chnh sch ATTT3
Mc tiu ca ATTT ? m bo cc tnh cht c bn lin quan n bo mt thng tin Tnh tin cy Tnh ton vn Tnh sn sng
Nguyn Duy
Xy dng chnh sch ATTT
4
Phm vi ca ATTT ?
Nguyn Duy
Xy dng chnh sch ATTT
5
Phn tch ISO 27002-2005Li ch : ISO 27002 gip cho chng ta c ci nhn tng quan v vn ATTT ISO 27002 l chun quc t v hng dn thc hin qun l an ton thng tin v cp n mi thnh phn trong h thng thng tin ca doanh nghip
Nguyn Duy
Xy dng chnh sch ATTT
6
Phn tch ISO 27002-2005Ni dung : Chnh sch an ton thng tin An ton thng tin ca t chc Phn loi v kim sot ti nguyn An ton nhn s An ton vt l v mi trng Qun l truyn thng v vn hnh Kim sot truy cp Pht trin v duy tr h thng Qun l tc nghip lin tc S tun thXy dng chnh sch ATTT7
Nguyn Duy
Phn tch ISO 27002-2005 1.Chnh sch an ton thng tin Mc tiu: Nhm nh hng qun l v h tr bo m an ton thng tin tha mn vi cc yu cu trong hot ng nghip v, mi trng php l v cc quy nh phi tun th Ti liu chnh sch an ton thng tin Duyt li nhng chnh sch a ra
Nguyn Duy
Xy dng chnh sch ATTT
8
Phn tch ISO 27002-2005 2.An ton thng tin ca t chcNi b : Mc tiu: Nhm qun l an ton thng tin bn trong t chc Cam kt ca ban qun l v bo m ATTT Phi hp bo m an ton thng tin Phn nh trch nhim bo m an ton thng tin Quy trnh u quyn cho phng tin x l thng tin Cc tha thun v bo mt Lin lc vi nhng c quan/t chc c thm quyn
Nguyn Duy
Xy dng chnh sch ATTT
9
Phn tch ISO 27002-2005 2.An ton thng tin ca t chcBn ngoi t chc : Mc tiu: Nhm duy tr an ton i vi thng tin v cc phng tin x l thng tin ca t chc c truy cp, x l, truyn ti hoc qun l bi cc b phn bn ngoi t chc. Xc nh cc ri ro lin quan n cc b phn bn ngoi Gii quyt vn v an ton khi thng tho vi khch hng Gii quyt vn v an ton trong cc tha thun vi bn th baNguyn Duy Xy dng chnh sch ATTT10
Phn tch ISO 27002-2005 3.Phn loi v kim sot ti nguynTrch nhim i vi ti sn Mc tiu: Nhm hon thnh v duy tr cc bin php bo v thch hp i vi ti sn ca t chc Kim k ti sn Quyn s hu ti sn S dng hp l ti sn
Nguyn Duy
Xy dng chnh sch ATTT
11
Phn tch ISO 27002-2005 3.Phn loi v kim sot ti nguynPhn loi thng tin Mc tiu: Nhm m bo thng tin s c mc bo v thch hp. Hng dn phn loi Gn nhn v qun l thng tin
Nguyn Duy
Xy dng chnh sch ATTT
12
Phn tch ISO 27002-2005 4.An ton nhn sTrc khi tuyn dng Mc tiu: m bo rng cc nhn vin, nh thu v cc bn th ba hiu r trch nhim ca mnh v ph hp vi vai tr c giao, ng thi gim thiu cc ri ro v vic nh cp, gian ln hoc lm dng chc nng, quyn hn. Vai tr v trch nhim Sng lc iu khon v iu kin tuyn dngNguyn Duy Xy dng chnh sch ATTT13
Phn tch ISO 27002-2005 4.An ton nhn sTrong thi gian lm vic Mc tiu: m bo rng mi nhn vin ca t chc, nh thu v bn th ba nhn thc c cc mi nguy c v cc vn lin quan ti an ton thng tin, trch nhim v ngha v php l ca h, v c trang b cc kin thc, iu kin cn thit nhm h tr chnh sch an ton thng tin ca t chc trong qu trnh lm vic, v gim thiu cc ri ro do con ngi gy ra. Trch nhim ban qun l Nhn thc, gio dc v o to v an ton thng tin X l k lutNguyn Duy Xy dng chnh sch ATTT14
Phn tch ISO 27002-2005 4.An ton nhn sChm dt hoc thay i cng vic: Mc tiu: Nhm m bo rng cc nhn vin ca t chc, nh thu v cc bn th ba ngh vic hoc thay i v tr mt cch c t chc. Trch nhim kt thc hp ng Bn giao ti sn Hy b quyn truy cp
Nguyn Duy
Xy dng chnh sch ATTT
15
Phn tch ISO 27002-2005 5.An ton vt l v mi trngCc khu vc an ton Mc tiu: Nhm ngn chn s truy cp vt l tri php, lm h hi v cn tr thng tin v ti sn ca t chc. Vnh ai an ton vt l Kim sot cng truy cp vt l Bo v cc vn phng, phng lm vic v vt dng Bo v chng li cc mi e da t bn ngoi v t mi trng Lm vic trong cc khu vc an ton Cc khu vc truy cp t do, phn phi, chuyn hngNguyn Duy Xy dng chnh sch ATTT16
Phn tch ISO 27002-2005 5.An ton vt l v mi trngm bo an ton trang thit b Mc tiu: Nhm ngn nga s mt mt, h hi, nh cp hoc li dng ti sn, v s gin on hot ng ca t chc. B tr v bo v thit b Cc tin ch h tr An ton cho dy cp Bo tr thit b An ton cho thit b hot ng bn ngoi nh An ton khi loi b v ti s dng thit b Di di ti snNguyn Duy Xy dng chnh sch ATTT17
Phn tch ISO 27002-2005 6.Qun l truyn thng v vn hnhCc th tc v trch nhim iu hnh Mc tiu: Nhm m bo s iu hnh cc phng tin x l thng tin ng n v an ton. Cc th tc vn hnh c ghi thnh vn bn Qun l thay i Phn tch nhim v Phn tch cc chc nng pht trin, kim th v iu hnh
Nguyn Duy
Xy dng chnh sch ATTT
18
Phn tch ISO 27002-2005 6.Qun l truyn thng v vn hnhQun l vic chuyn giao dch v ca bn th ba Mc tiu: Nhm trin khai v duy tr mc an ton thng tin v vic chuyn giao dch v ph hp vi tha thun chuyn giao dch v ca bn th ba. Chuyn giao dch v Gim st v sot xt cc dch v ca bn th ba Qun l thay i i vi cc dch v ca bn th baNguyn Duy Xy dng chnh sch ATTT19
Phn tch ISO 27002-2005 6.Qun l truyn thng v vn hnhBo v chng li cc m c v m di ng Mc tiu: Nhm bo v tnh ton vn ca phn mm v thng tin. Qun l chng li m c Kim sot cc m di ng
Nguyn Duy
Xy dng chnh sch ATTT
20
Phn tch ISO 27002-2005 6.Qun l truyn thng v vn hnhSao lu Mc tiu: Nhm duy tr s ton vn v sn sng ca thng tin cng nh cc phng tin x l thng tin
Nguyn Duy
Xy dng chnh sch ATTT
21
Phn tch ISO 27002-2005 6.Qun l truyn thng v vn hnhQun l an ton mng Mc tiu: Nhm m bo an ton cho thng tin trn mng v an ton cho c s h tng h tr. Kim sot mng An ton cho cc dch v mng
Nguyn Duy
Xy dng chnh sch ATTT
22
Phn tch ISO 27002-2005 6.Qun l truyn thng v vn hnhQun l phng tin Mc tiu: Nhm ngn nga s tit l, sa i, xo b hoc ph hoi bt hp php cc ti sn v s gin on cc hot ng nghip v. Qun l cc phng tin c th di di Loi b phng tin Cc th tc x l thng tin An ton cho cc ti liu h thngNguyn Duy Xy dng chnh sch ATTT23
Phn tch ISO 27002-2005 6.Qun l truyn thng v vn hnhTrao i thng tin Mc tiu: Nhm duy tr an ton cho cc thng tin v phn mm c trao i trong ni b t chc hoc vi cc thc th bn ngoi. Cc chnh sch v th tc trao i thng tin Cc tha thun trao i Vn chuyn phng tin vt l Thng ip in t Cc h thng thng tin nghip vNguyn Duy Xy dng chnh sch ATTT24
Phn tch ISO 27002-2005 6.Qun l truyn thng v vn hnhCc dch v thng mi in t Mc tiu: Nhm m bo an ton cho cc dch v thng mi in t v vic s dng an ton cc dch v ny. Thng mi in t Cc giao dch trc tuyn Thng tin cng khai
Nguyn Duy
Xy dng chnh sch ATTT
25
Phn tch ISO 27002-2005 7.Kim sot truy cpYu cu nghip v cho qun l truy cp Mc tiu: Qun l cc truy cp thng tin Chnh sch qun l truy cp Bin php qun l: Chnh sch qun l truy cp cn c thit lp, ghi thnh vn bn v sot xt da trn cc yu cu bo mt v nghip v cho cc truy cp.
Nguyn Duy
Xy dng chnh sch ATTT
26
Phn tch ISO 27002-2005 7.Kim sot truy cpQun l truy cp ngi s dng Mc tiu: Nhm m bo ngi dng hp l c truy cp v ngn chn nhng ngi dng khng hp l truy cp tri php n h thng thng tin. ng k thnh vin Qun l c quyn Qun l mt khu ngi s dng Kim sot cc quyn truy cp ca ngi dngNguyn Duy Xy dng chnh sch ATTT27
Phn tch ISO 27002-2005 7.Kim sot truy cpCc trch nhim ca ngi dng Mc tiu: Nhm ngn chn nhng ngi dng tri php truy cp, lm tn hi hoc ly cp thng tin cng nh cc phng tin x l thng tin. S dng mt khu Cc thit b v ch Chnh sch gi sch bn v mn hnh lm vic
Nguyn Duy
Xy dng chnh sch ATTT
28
Phn tch ISO 27002-2005 7.Kim sot truy cpQun l truy cp mng Mc tiu: Nhm ngn chn cc truy cp tri php cc dch v mng. Chnh sch s dng cc dch v mng Xc thc ngi dng cho cc kt ni bn ngoi nh danh thit b trong cc mng Bo v cng cu hnh v chn on t xa Phn tch trn mng Qun l kt ni mng Qun l nh tuyn mngXy dng chnh sch ATTT29
Nguyn Duy
Phn tch ISO 27002-2005 7.Kim sot truy cpQun l truy cp h thng iu hnh Mc tiu: Nhm ngn chn cc truy cp tri php ti h thng iu hnh Cc th tc ng nhp an ton nh danh v xc thc ngi dng H thng qun l mt khu S dng cc tin ch h thng Thi gian gii hn ca phin lm vic Gii hn thi gian kt niNguyn Duy Xy dng chnh sch ATTT30
Phn tch ISO 27002-2005 7.Kim sot truy cpiu khin truy cp thng tin v ng dng Mc tiu: Nhm ngn chn cc truy cp tri php n thng tin lu trong cc h thng ng dng. Hn ch truy cp thng tin Cch ly h thng nhy cm
Nguyn Duy
Xy dng chnh sch ATTT
31
Phn tch ISO 27002-2005 7.Kim sot truy cpTnh ton di ng v lm vic t xa Mc tiu: Nhm m bo an ton thng tin khi s dng cc phng tin tnh ton di ng v lm vic t xa. Tnh ton v truyn thng di ng Lm vic t xa
Nguyn Duy
Xy dng chnh sch ATTT
32
Phn tch ISO 27002-2005 8.Pht trin v duy tr h thngYu cu m bo an ton cho cc h thng thng tin Mc tiu: Nhm m bo rng an ton thng tin l mt phn khng th thiu ca cc h thng thng tin. Phn tch v c t cc yu cu v an ton
Nguyn Duy
Xy dng chnh sch ATTT
33
Phn tch ISO 27002-2005 8.Pht trin v duy tr h thngTnh ng n trong x l ca cc ng dng Mc tiu: Nhm ngn chn cc li, mt mt, sa i hoc s dng tri php thng tin trong cc ng dng. Kim tra tnh hp l ca d liu nhp vo Kim sot vic x l ni b Tnh ton vn thng ip Kim tra tnh hp l ca d liu u raNguyn Duy Xy dng chnh sch ATTT34
Phn tch ISO 27002-2005 8.Pht trin v duy tr h thngQun l m ha Mc ch: Nhm bo v tnh b mt, xc thc hoc ton vn ca thng tin bng cc bin php m ha. Chnh sch s dng cc bin php qun l m ha Qun l kha
Nguyn Duy
Xy dng chnh sch ATTT
35
Phn tch ISO 27002-2005 8.Pht trin v duy tr h thngAn ton cho cc tp tin h thng Mc tiu: Nhm m bo an ton cho cc tp tin h thng. Qun l cc phn mm iu hnh Bo v d liu kim tra h thng Qun l truy cp n m ngun ca chng trnh
Nguyn Duy
Xy dng chnh sch ATTT
36
Phn tch ISO 27002-2005 8.Pht trin v duy tr h thngBo m an ton trong cc quy trnh h tr v pht trin Mc tiu: Nhm duy tr an ton ca thng tin v cc phn mm h thng ng dng Cc th tc qun l thay i Kim sot k thut cc ng dng sau thay i ca h thng iu hnh. Hn ch thay i cc gi phn mm S r r thng tin Pht trin phn mm thu khonNguyn Duy Xy dng chnh sch ATTT37
Phn tch ISO 27002-2005 8.Pht trin v duy tr h thngQun l cc im yu v k thut Mc tiu: Nhm gim thiu cc mi nguy him xut pht t vic tin tc khai thc cc im yu k thut c cng b.
Nguyn Duy
Xy dng chnh sch ATTT
38
Phn tch ISO 27002-2005 9.Qun l tc nghip lin tc Mc tiu: Chng li cc gin on trong hot ng nghip v v bo v cc quy trnh hot ng trng yu khi cc nh hng do li h thng thng tin hay cc thm ho v m bo kh nng khi phc cc hot ng bnh thng ng lc. Tnh n an ton thng tin trong cc quy trnh qun l s lin tc ca hot ng nghip v nh gi ri ro v s lin tc trong hot ng ca t chc Xy dng v trin khai cc k hoch v tnh lin tc, trong bao gm vn bo m an ton thng tin. Khung hoch nh s lin tc trong hot ng nghip v Kim tra, bo tr v nh gi li cc k hoch m bo s lin tc trong hot ng ca t chcNguyn Duy Xy dng chnh sch ATTT39
Phn tch ISO 27002-2005 10.S tun th Mc tiu: Nhm trnh s vi phm php lut, quy nh, ngha v theo cc hp ng k kt, cc yu cu v bo m an ton thng tin. Xc nh cc iu lut hin ang p dng c Quyn s hu tr tu (IPR) Bo v cc h s t chc Bo v d liu v s ring t ca thng tin c nhn Ngn nga vic lm dng phng tin x l thng tin Quy nh v qun l m ha
Nguyn Duy
Xy dng chnh sch ATTT
40
Question ???