中海信托信息安全風險評估及整改項目技術(shù)方案

1、北京天融信公司第32頁目錄1概述概述.................................................................................................................................................351.1項目背景................................................

2、.................................................................................351.2項目目標.................................................................................................................................3

3、51.3項目內(nèi)容.................................................................................................................................361.4項目設(shè)計原則........................................................................

4、.................................................371.5項目范圍.................................................................................................................................381.6文件和法律法規(guī).....................

5、................................................................................................382天融信對本項目的理解天融信對本項目的理解.....................................................................................................

6、............392.1對項目目標的理解.................................................................................................................392.2對項目特點的理解.....................................................................

7、............................................393項目總體方法與流程項目總體方法與流程.....................................................................................................................413.1概述...............................

8、..........................................................................................................413.2天融信風險評估方法....................................................................................................

9、.........443.3本項目采用的安全風險評估方法.........................................................................................453.4技術(shù)難點和關(guān)鍵突破.........................................................................................

10、....................484信息資產(chǎn)調(diào)查和賦值信息資產(chǎn)調(diào)查和賦值.....................................................................................................................504.1信息資產(chǎn)概述...................................................

11、......................................................................504.2信息資產(chǎn)分類.........................................................................................................................504.3保護對象框架.......

12、..................................................................................................................564.4資產(chǎn)識別過程...............................................................................................

13、..........................584.5信息資產(chǎn)賦值.........................................................................................................................594.6賦值工作操作方法指南...............................................

14、..........................................................645IT設(shè)備評估設(shè)備評估....................................................................................................................................665.1評估的過程.......

15、......................................................................................................................665.2評估的方法............................................................................................

16、.................................685.3評估的內(nèi)容.............................................................................................................................705.4評估的風險和應(yīng)對.......................................

17、..........................................................................726網(wǎng)絡(luò)設(shè)備安全風險評估網(wǎng)絡(luò)設(shè)備安全風險評估.................................................................................................................736.1評估過程描

18、述.........................................................................................................................746.2評估的方法........................................................................................

19、.....................................776.3評估的內(nèi)容.............................................................................................................................786.4評估的風險和應(yīng)對...................................

20、..............................................................................817應(yīng)用系統(tǒng)和管理安全風險評估應(yīng)用系統(tǒng)和管理安全風險評估.....................................................................................................817.1評估過程描述.

21、........................................................................................................................847.2評估方法...........................................................................................

22、......................................467.3評估內(nèi)容.................................................................................................................................477.4風險及應(yīng)對措施................................

23、.....................................................................................608安全增強與加固安全增強與加固......................................................................................................................

24、.......618.1安全加固內(nèi)容.........................................................................................................................628.2安全加固流程......................................................................

25、...................................................649應(yīng)急響應(yīng)服務(wù)應(yīng)急響應(yīng)服務(wù).................................................................................................................................659.1服務(wù)目標：...............

26、..............................................................................................................65北京天融信公司第34頁19.1項目風險分析及規(guī)避措施..................................................................................

27、...................9219.2項目的保密控制.....................................................................................................................9420天融信信息安全服務(wù)業(yè)務(wù)介紹天融信信息安全服務(wù)業(yè)務(wù)介紹.........................................

28、........................................................9520.1安全服務(wù)組織結(jié)構(gòu)圖.............................................................................................................9520.2安全服務(wù)業(yè)務(wù)范圍..........................

29、.......................................................................................9621項目實施質(zhì)量保證項目實施質(zhì)量保證.................................................................................................................

30、....9821.1項目執(zhí)行人員的質(zhì)量職責.....................................................................................................9821.2天融信安全服務(wù)質(zhì)量保證體系嚴格貫徹以下過程.............................................................9822項目驗收方式

31、項目驗收方式...........................................................................................................................10122.1驗收方法確認..............................................................................

32、.........................................10222.2驗收程序...............................................................................................................................10322.3版本控制..............................

33、.................................................................................................10522.4交付件歸檔辦法.............................................................................................................