国际信息安全技术标准发展(英文版)(共20页).ppt

国际信息平安技术标准开展国际信息平安技术标准开展 ISO/IEC JTC 1/SC 27/WG 4 ISO/IEC JTC 1/SC 27/WG 4江明灶江明灶 Meng-Chow Kang, CISSP, CISAMeng-Chow Kang, CISSP, CISAConvener, Security Controls & Services Working Group (WG 4), Convener, Security Controls & Services Working Group (WG 4), ISO/IEC JTC 1 SC 27 (Security Techniques)ISO/IEC JTC 1 SC 27 (Security Techniques)Chief Security AdvisorChief Security AdvisorMicrosoft Great China RegionMicrosoft Great China Region来自 中国最大的资料库下载WG1 ISMS StandardsChair Ted HumphreysVice-Chair Angelika PlateWG4 Security Controls & ServicesChair Meng-Chow KangWG2Security TechniquesChair Prof. K NaemuraWG3Security EvaluationChair Mats OhlinWG5Privacy Technology, ID management and BiometricsChair Kai RannenbergISO/IEC JTC 1 SC 27ISO/IEC JTC 1 SC 27Chair Walter FumyChair Walter FumyVice Chair Marijike de SoeteVice Chair Marijike de SoeteSecretary Krystyna PassiaSecretary Krystyna Passia来自 中国最大的资料库下载2700027000Fundamental & Fundamental & VocabularyVocabulary2700427004ISMS ISMS MeasurementMeasurement2700527005ISMS Risk ISMS Risk ManagementManagement2700627006Accreditation Accreditation RequirementsRequirements2700127001ISMS RequirementsISMS Requirements2700327003ISMS ISMS Implementation Implementation GuidanceGuidanceInformation Security Management Information Security Management Systems (ISMS)Systems (ISMS)2700227002Code of PracticeCode of PracticeISMSISMSFamilyFamily来自 中国最大的资料库下载Risk manage; Prevent occurrence; Risk manage; Prevent occurrence; Reduce impact of occurrenceReduce impact of occurrencePrepare to respond; eliminate or Prepare to respond; eliminate or reduce impactreduce impactSC27 WG4 Roadmap FrameworkSC27 WG4 Roadmap FrameworkInvestigate to establish facts Investigate to establish facts about breaches; identify who about breaches; identify who done it and what went wrongdone it and what went wrongUnknown and emerging security issuesKnown security issuesSecurity breaches and compromises来自 中国最大的资料库下载Network Security (27033)Network Security (27033)TTP Services SecurityTTP Services SecurityICT Readiness for Business ICT Readiness for Business Continuity (27031)Continuity (27031)SC27 WG4 RoadmapSC27 WG4 RoadmapApplication Security (27034)Application Security (27034)Forensic InvestigationForensic InvestigationCybersecurity (27032)Cybersecurity (27032)Includes ISO/IEC 24762, Vulnerability Mgmt, IDS, & Incident Response related standardsAnti-Spyware, Anti-SPAM, Anti-Phishing, Cybersecurity-event coordination & information sharingISO 18028 revision; WD for new Part 1, 2 & 3; New Study Period on Home Network Security1st WD available for commentsFuture NPNew Study Period proposed; Includes outsourcing and off-shoring security来自 中国最大的资料库下载Gaps between Readiness & ResponseGaps between Readiness & ResponseIT Security, BCP, and DRP Planning & ExecutionIT Security, BCP, and DRP Planning & ExecutionProtectDetectReact/ResponseIT Security PlanningActivateBCPActivate DCRPPlanPrepare & TestPlanPrepare & TestBusiness Continuity PlanningDisaster Contingency & Recovery PlanningDisasterEventsIT SystemsFailuresICT Readiness for Business ContinuityICT Readiness for Business Continuity What is ICT Readiness?What is ICT Readiness? Prepare organization ICT technology (infrastructure, operation, Prepare organization ICT technology (infrastructure, operation, applications), process, and people against unforeseeable focusing applications), process, and people against unforeseeable focusing events that could change the risk environmentevents that could change the risk environment Leverage and streamline resources among traditional business Leverage and streamline resources among traditional business continuity, disaster recovery, emergency response, and IT security continuity, disaster recovery, emergency response, and IT security incident response and managementincident response and management Why ICT Readiness focus on Business Continuity?Why ICT Readiness focus on Business Continuity? ICT systems are prevalent in organizationsICT systems are prevalent in organizations ICT systems are necessary to support incident, business continuity, ICT systems are necessary to support incident, business continuity, disaster, and emergency response and management needsdisaster, and emergency response and management needs Business continuity is incomplete without considering ICT systems Business continuity is incomplete without considering ICT systems readinessreadiness Responding to security incident, disasters, and emergency situations Responding to security incident, disasters, and emergency situations are about business continuityare about business continuity来自 中国最大的资料库下载Implications of ICT ReadinessImplications of ICT ReadinessOperational StatusTimeIncidentCurrent IHM, BCM and DRP focus on shortening period of disruption and reducing the impact of an incident by risk mitigation and recovery planning.T=0T=iT=kT=lT=j100%x%y%z%Early detection and response capabilities to prevent sudden and drastic failure, enable gradual deterioration of。