1 報告人：張克章教授 資訊安全 政策與管理 Dept. Information Management Chang Gung University Information security policy and management 資訊安全政策與管理 資訊安全政策與管理 Information Security.

Presentation on theme: "1 報告人：張克章教授 資訊安全 政策與管理 Dept. Information Management Chang Gung University Information security policy and management 資訊安全政策與管理 資訊安全政策與管理 Information Security."— Presentation transcript:

1 1 報告人：張克章教授 資訊安全 政策與管理 Dept. Information Management Chang Gung University Information security policy and management 資訊安全政策與管理 資訊安全政策與管理 Information Security Policy and Management Prof. Henry Chang February 25, 2016

2 2 報告人：張克章教授 資訊安全 政策與管理 Dept. Information Management Chang Gung University Information security policy and management CONTENTS Introduction of this course Introduction of this course Course illustration Course illustration Q & A Q & A

3 3 報告人：張克章教授 資訊安全 政策與管理 Dept. Information Management Chang Gung University Information security policy and management Some introduction of this course Some introduction of this course 1). Information security policy has his ideas, even some other topics to describe with all graduate students. 2). The contents will include some topics, like purpose, aims and commitments, responsibilities, risk assessment and the classification of information, protection of information systems and assets, protection of confidential information, compliance, and other relevant university policies or guidance. 3). This policy provides a framework for the management of information security through out the environment.

4 4 報告人：張克章教授 資訊安全 政策與管理 Dept. Information Management Chang Gung University Information security policy and management They describe that [1]: 1). All those with access to information systems, including staff, students, visitors and contractors; ; 2). Any systems attached to the computer or telephone networks and any systems supplied by the environment ; 3). All information (data) processed by the pursuant to its operational activities, regardless of whether it is processed electronically or in paper (hardcopy) form; 4). All external parties that provide services in respect of information processing facilities and business activities; [1] https://www.it.ox.ac.uk/policies-and-guidelines/information-security-policy#d.en.81704

5 5 報告人：張克章教授 資訊安全 政策與管理 Dept. Information Management Chang Gung University Information security policy and management 5). Principal information assets including the physical locations from which the environment operates. Information security, InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take.[2] Business security has the same requirement as the information security want to make and defend. [2]s://en.wikipedia.org/wiki/Information_security

6 6 報告人：張克章教授 資訊安全 政策與管理 Dept. Information Management Chang Gung University Information security policy and management Information technology (IT) assurance that data is not lost when critical issues arise. These issues include, but are not limited to: natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost. Threats let computer system come in many different forms. Some of the most common threats today are software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion.

7 7 報告人：張克章教授 資訊安全 政策與管理 Dept. Information Management Chang Gung University Information security policy and management Governments, military, corporations, financial institutions, hospitals and private businesses amass a great deal of confidential information about their employees, customers, products, research and financial status. Like the People's Liberation Army Unit 61398 (PLA 61398) is the true unit, which will make some intrusions to any foreign defenses. We can understand PLA 61398 should a group you have to notice, since the PLA 31698 can derive any security attack to you units. US New Secret Service Security Lapse Uncovered [3] [3] http://hereandnow.wbur.org/2014/10/01/secret-service-lapses

8 8 報告人：張克章教授 資訊安全 政策與管理 Dept. Information Management Chang Gung University Information security policy and management Business uses network as shown in following as: Business uses network as shown in following as: All connections for business communication will provides by networks, especial the Internet of Things (IoT) is the same.

9 9 報告人：張克章教授 資訊安全 政策與管理 Dept. Information Management Chang Gung University Information security policy and management Currently, there is a World Internet Conference, held in WuzHen ( 乌鎮 ), China, Xi Jinping ( 習近平總書記 ) gives some support fro IoT comments. Taiwan has a lot of technologies on IoT, some leaders have their capabilities to pursue functions to support this IoT requirements. Such as Terry Kou ( 郭台銘 ), Jason Chang ( 張虔生 ) can be examples. IoT notices some connections from Internet, the network of physical objects or "things" embedded with electronics, software, sensors, and network connectivity, enables to collect and exchange data. [4] [4] https://en.wikipedia.org/wiki/Internet_of_Things

10 10 報告人：張克章教授 資訊安全 政策與管理 Dept. Information Management Chang Gung University Information security policy and management 20160325 資訊安全政策與管理課程資訊 - Course Information 20160325 資訊安全政策與管理課程資訊 - Course Information 20160325 資訊安全政策與管理課程資訊 - Course Information 20160325 資訊安全政策與管理課程資訊 - Course Information 20160325 資訊安全政策與管理 課程大綱 -Course Syllable 20160325 資訊安全政策與管理 課程大綱 -Course Syllable 20160325 資訊安全政策與管理 課程大綱 -Course Syllable 20160325 資訊安全政策與管理 課程大綱 -Course Syllable 20160325 資訊安全政策與管理 課程進度 -Course Progress Outline 20160325 資訊安全政策與管理 課程進度 -Course Progress Outline 20160325 資訊安全政策與管理 課程進度 -Course Progress Outline 20160325 資訊安全政策與管理 課程進度 -Course Progress Outline Course illustration

11 11 報告人：張克章教授 資訊安全 政策與管理 Dept. Information Management Chang Gung University Information security policy and management Notice please I wish to all graduate students siting at seat and give information as like:   Serial number, 中文, Reachable e-mail address, Dormitory phone, M-phone, ID-number ( 身分證號碼 )   TA needs to provide my idea of “Serial number, graduate student name, topics, dates, comments” on this form.   A table you still to provide as you get a paper to report. TA can give me by e-mail before 3/3, you need to use computer to type, but not pencil. Any one has to report by English, no Mandarin. All graduate students can discuss other, I will point out your understands.

12 12 報告人：張克章教授 資訊安全 政策與管理 Dept. Information Management Chang Gung University Information security policy and management Question And Answer