Please enable JavaScript.
Coggle requires JavaScript to display documents.
資訊安全架構 (TQM (Total Quality Management) (Audit 稽核 (第一者稽核 (內部), 第二者稽核…
資訊安全架構
TQM
(Total Quality Management)
ISMS
Information Security Management System
ISO27001
ITSM
Informatoin Technology Service Management
ISO20000
SLM
Service level management
SLA
Service level agreement
服務水準協議
OLA
operational level agrement
各單位彼此責任
UC
underpinning contracts
外部廠商服務
availability management
可用性
continuity management
持續性
incident management
事件管理
helpdesk
problem management
root case
Change management
release management
CMDB
DSL
CI
Configuration items
CMMI
Capability Maturity Model Integration
ISO9001
Audit
稽核
第一者稽核
內部
第二者稽核
外包商
第三者稽核
驗證公司
E.X:. BSI
TCSEC (Orange Book)
Trusted Computer System Evaluation Criteria
ITSEC
Information Technology Security Evaluation Criteria
TCB
Trusted Computing base
Common Criteria
ISO15408
EAL
PDCA
Do
資產盤點、風險評鑑作業、BCP演練、資產清冊
Check
內部稽核
plan
建立時程及工作規劃
action
持續改善
Risk Management
風險值
機率=弱點*威脅+可能性
損失=資產+衝擊
風險值 = 機率*損失
Risk analysis
風險分析
or
Risk assessment
風險評鑑
qualitative
定性法
transfer
保險
reduce
avoid
accept
quantitative
定量法
ALE
annual loss expectancy
全年損失期望值
ARO
annual rate of occurrence
全年發生率
SLE
single loss expectancy
單一損失期望值
Asset value * exposure factor
exposure factor
暴露因子
Asset value
資產價值
ALE = SLE*ARO
SP800-30
risidual risk
殘餘風險
Contingency planning
緊急應變計畫
CPO
Contingency planning Coordinator
BIA
Business impact analysis
BCP
Business continuity planning
DR
Disaster recovery planning
應變計畫
notification
call tree
Damage Assessment Team
recovery
reconstituation
NIST SP800-34
CIO