Categorieën: Alle - 安全 - 系統 - 管理

door chang fy 2 jaren geleden

180

資通安全管理法

資通安全管理法涉及多個方面,包括安全情資分享機制、資通安全責任等級和系統發展生命週期等。這些措施旨在確保系統與資訊的完整性和安全性。安全情資分享機制有助於促進組織之間的信息交流,從而提高整體安全水平。資通安全責任等級則根據不同的風險等級進行分級,並規定了相應的控制措施。系統發展生命週期涵蓋了從需求階段到維運階段的各個過程,確保在每個階段都能進行適當的安全測試和評估。

資通安全管理法

資通安全責任等級分級辦法 -附表十

系統與服務獲得

系統文件
獲得程序
系統發展生命週期委外階段
系統發展生命週期部屬與維運階段
系統發展生命週期測試階段
滲透測試
弱點掃描
系統發展生命週期開發階段
系統發展生命週期設計階段
系統發展生命週期需求階段

系統與通訊保護

資料儲存之安全
傳輸之機密性與完整性

系統與資訊完整性

軟體及資訊完整性
資通系統監控
漏洞修復

識別與鑑別

非內部使用者之識別與鑑別
加密模組鑑別
鑑別資訊回饋
身分驗證管理
內部使用者之識別與鑑別

營運持續計畫

系統備援
系統備份

稽核與可歸責性

稽核資訊之保護
時戳及校時
稽核處理失效之回應
稽核儲存容量
稽核紀錄內容
稽核事件

存取控制

遠端存取
最小權限
帳號管理

資通安全管理法

Begin by entering your organisation's name in the central topic, then press Enter.

Action Plan

In this part of the map, plan out some initial actions for your Balanced Scorecard project.

Use this map to develop the plan further and keep track of actions as you make progress.

Maintenance phase

Add an action for the maintenance phase of your project, once the first round of improvement initiatives have been made. Think about:

Execution phase

Add an action for the execution phase of your project. Think about:

Initiation phase

Add an action for the initiation phase of your project. Think about:

Balanced scorecard perspectives

The four perspectives of the Balanced Scorecard technique help ensure that you are making measurements across all the important areas of your business.
Use the sections below to help identify further measurements, and to group any measurements that have already been identified by examining your stakeholder needs and strategy.

Learning and growth perspective
Motivation, empowerment and enlightenment

Add an employee motivation measurement that reflects the attitude of your staff and predicts future performance.
Measurements should be:

Employee motivationEmployee satisfactionEmployee retentionImprovements achievedTeam performanceTargets reached & exceededStrategic awareness
Information systems capabilities

Add an information systems measurement that reflects the quality and accessibility of information available to your employees.
Measurements should be:

Accuracy of informationAvailability of informationTimeliness of informationAccessibility of informationCommunications efficiency
Employee capabilities

Add an employee capability measurement that reflects the skills, knowledge and performance of your employees, and predicts future capabilities.
Measurements should be:

Employee productivityStrategic skillsEmerging skillsSkills gapsSkills coverage ratioTraining levelsTraining initiatives
Internal business process perspective
Operations processes

Add an operations measurement that reflects the production performance.
Measurements should be:

ProcurementStock levelsQuality measuresLead timesThroughputsScrap ratesYield ratesDefect ratesWaste levelsOn-time deliveries
After-sales service processes

Add an after-sales service measurement that reflects the performance of customer support.
Measurements should be:

ComplaintsSupport requestsSupport turnaroundReturnsRepairsRepair turnaroundService Level Agreements
Innovation processes

Add an innovation measurement that reflects innovation in your organization.
Measurements should be:

Suggestions madeSuggestion adoptedSavings madeInnovation projects startedInnovation projects completedProduct launchesTime to marketTime to break-evenPatents and rights
External customer perspective

Add an external customer measurement that reflects future potential. Choose from the typical ones suggested, or preferably create your own.
Measurements should be:

Market shareCustomer acquisitionCustomer retentionCustomer satisfactionCustomer profitabilityProduct or service attributesCustomer relationshipsImage and reputation
Financial perspectives
Measurement

Measurements in the Financial perspective show whether your company has performed well financially, where improvements can be made, and whether it is in a secure position.

Add a financial measurement that reflects achievement and progress.

The team

Support for your project is vital.
If your project is successful at identifying the need for significant change, then you can be sure there will be barriers to change and people to convince.

Key roles

Add a key player to your project. Think about:

Objectives

A Balanced Scorecard project will require resources and long-term commitment, and the results must be used to implement change, otherwise, it will die. In the same way that Balanced Scorecard is based on measurements, you should identify the KPIs for the project itself by agreeing on objectives and measuring progress towards them.

Project objective

Add an objective for your Balanced Scorecard project. Think about:

第10條

資通安全維護計畫

Continually communicating the results of your Balanced Scorecard project is vital.

Reviewing and taking action

Who will review the results, and what actions can they take?

Add an action for reviewing and applying the measurements.

Designing dashboards

What factors will influence the design of your dashboards, to keep people informed?

Add an action for designing your dashboards to communicate measurements and improvements.

資通安全長
Action

How will the results of your project, and the background information that supports it, be distributed in your company?


Add an action for sharing the measurements from your project.

資通安全情資分享機制

Additional information

第8條

第7條

Identify areas for measurement and management by thinking about your organization's mission, objectives and strategy.

資通安全責任等級

資通安全責任等級分級辦法

第11條

In order to identify measurements that give insights into performance, be clear about the needs of all the stakeholders in your company.
Add a stakeholder who has an interest in the success of your organization.
You can choose from the suggestions, or better, add stakeholders that are specific to your company.

CustomersConsumersOwnersShareholdersStaffMembersRegulatorsThe communityPartnersSuppliers
自行或委外開發之資通系統應依附表九原則分級並依附表十定資通系統防護基準執行控制措施
依資通安全責任等級辦理附表一至八之事項