Page 291 - 捷運技術第28期

P. 291

28 92 2 285

BS 7799-2 1999

Define the Policy

Define the Scope of ISMS

Undertake a Risk Assessment

Risk Analysis Risk
Evaluation Gap Analysis

Manage the Risk

Select Control Objective and Controls to be
Implemented

ISO/IEC 17799
Governance, Control and Audit for Information and
Relational Technology, COBIT

Prepare a Statement of Applicability

Schneier Information Security
is a Process, not a Product 2001 2002

286 287 288 289 290 291 292 293 294 295 296