Iso 27001 внедрение технических защитных мер

  • View
    1.897

  • Download
    2

Embed Size (px)

Transcript

27001 -

ISO 27001: , isqa.ru

: 27001 27001 , () : 27001 ,

~114 3

? ?, /. , , , (segregation) , DLP ..4 () () 27002 ( ): :

? - , ,

5

( )7 , , BCP

.. initial audit. , .

7

. , ( )

, 8

: -> , () , , ,

9

/9

: -> , ,

10

, 15-30 % . .10

11 : , , , ,

, 11

12

, , , , , - / (/ , /) . (HDD, ) PIN, -, ..

13

(JIRA, SVN )13

- , (need to know, least privilege) IdM, IAM , Active directory / RACI , User rights pattern14

-

( , ) . ( ) ( , ).

15

15

, ( , -, ) (change mgmt.), WiFi , : ISO/IEC 27033-1/6 Network security, NIST SP 800-53 , SLA ( , , )

16

18.2.3. ()17

, , ,

( , ) ( ) , ,

18

( , ) ,

: ( ?) (, firewalls, VPN),

19

19

(DLP, SIEM .) : ?:) 20

?NIST Cybersecurity Framework 21

22

rasputitsa Aleksey Lukatskiy

23

, CISM

isqa.ruevmenkov@gmail.com : , 27001 27002

3 , 8-10 2016.http://edu.softline.by/courses/smib.html

24