Professional Documents
Culture Documents
Ly Thuyet Thuyet Trinh
Ly Thuyet Thuyet Trinh
12 Operations security............................................................................................... 1
12.1 Operational procedures and responsibilities...................................................1
12.1.1 Documented operating procedures...........................................................1
9. Qun l truyn thng v vn hnh.........................................................................1
9.1. Cc trch nhim v th tc vn hnh..............................................................1
9.1.1. Cc th tc vn hnh c ghi thnh vn bn...........................................2
12.1.2 Change management...................................................................................... 2
9.1.2. Qun l thay i......................................................................................... 3
12.1.3 Capacity management.............................................................................. 4
9.3.1. Qun l nng lc h thng.........................................................................4
12.1.4 Separation of development, testing and operational environments..........5
9.1.4. Phn tch cc chc nng pht trin, kim th v vn hnh.......................6
12.2 Protection from malware................................................................................. 7
12.2.1 Controls against malware..........................................................................7
9.4. Bo v chng li m c hi v m di ng........................................................8
9.4.1. Qun l chng li m c hi........................................................................8
12.3 Backup.......................................................................................................... 10
12.3.1 Information backup.................................................................................10
9.5. Sao lu........................................................................................................... 11
9.5.1. Sao lu thng tin......................................................................................... 11
12.4 Logging and monitoring................................................................................ 12
12.4.1 Event logging.......................................................................................... 12
9.10. Gim st....................................................................................................... 12
9.10.1. Ghi nht k nh gi.............................................................................. 13
12.4.2 Protection of log information...................................................................13
9.10.3. Bo v cc thng tin nht k..................................................................14
12.4.3 Administrator and operator logs.............................................................14
9.10.4. Nht k ca ngi iu hnh v ngi qun tr......................................15
12.4.4 Clock synchronisation.............................................................................15
9.10.6. ng b thi gian................................................................................... 16
12.5 Control of operational software.....................................................................16
12 Operations security
12.1 Operational procedures and responsibilities
Objective: To ensure correct and secure operations of information processing
facilities.
Cc th tc vn hnh cn a ra cc hng dn thc hin chi tit tng cng vic gm:
a) x l v qun l thng tin
b) sao lu (xem 9.5.1);
c) cc yu cu v thi gian biu, bao hm c s ph thuc vi cc h thng khc, cc thi im bt u
cng vic sm nht v cc thi im kt thc cng vic mun nht;
d) cc hng dn x l cc s c hoc cc iu kin ngoi l khc, nhng vn ny c th xut hin
trong khi thc hin cng vic, bao gm c cc gii hn s dng cc tin ch ca h thng (xem 10.5.4);
e) h tr lin lc trong cc trng hp c tr ngi khng mong mun v vn hnh hoc k thut;
f) cc hng dn x l thit b v d liu u ra c bit, nh s dng dng vn phng c bit hoc
qun l d liu u ra bo mt bao gm cc th tc loi b mt cch an ton d liu u ra t cc cng
vic b li (xem 9.7.2 v 9.7.3);
g) cc th tc khi ng v khi phc h thng trong trng hp c li h thng;
h) qun l truy vt v thng tin nht k ca h thng (xem 9.10).
Cc th tc khai thc v cc vn bn th tc cho cc hot ng ca h thng cn c coi nh cc vn
bn chnh thc v c cp php thay i bi ban qun l. Nu iu kin k thut cho php th cc h
thng thng tin cn c qun l lin tc bng cc th tc, cng c v cc tin ch nht qun.
Nhng ngi qun l cn s dng thng tin ny nhm xc nh v phng trnh hin tng nt c chai
tim n v trnh ph thuc vo mt c nhn ch cht v iu c th e da n s an ton h thng
hoc cc dch v, v ln k hoch hnh ng ph hp.
9.4. Bo v chng li m c hi v m di ng
Mc tiu: Nhm bo v tnh ton vn ca thng tin v phn mm.
Cn c nhng phng nhm ngn nga v pht hin s c mt ca m c hi v
m di ng tri php.
Phn mm v cc phng tin x l thng tin l cc i tng rt d b tn ti bi
m c, v d cc loi virut my tnh, su mng, nga trojan, v bom my tnh.
Ngi ng cn c nhn thc v nhng: mi nguy him t m c hi. Nu thch
hp th ngi qun l cn a ra cc bin php qun l nhm ngn chn, pht hin,
loi b m c hi v x l m di ng.
d) ci t v thng xuyn cp nht phn mm khc phc v pht hin m c hi qut my tnh v
cc phng tin vi vai tr nh mt bin php phng nga; cc cuc kim tra cn bao gm:
1) trc khi s dng cn kim tra m c hi i vi tt c cc tp trn thit b in t hoc quang hc,
v cc tp nhn c trn mng;
2) trc khi s dng cn kim tra m c hi i vi cc tp nh km trn th in t v cc tp ti
c trn mng; vic kim tra ny cn c thc hin ti cc ni khc nhau, v d ti c cc my ch
th in t, cc my tnh bn v c khi xm nhp vo mng ca t chc;
3) kim tra m c hi trong cc trang mng;
e) xc nh cc th tc v trch nhim qun l trong vic bo v chng li m c hi trn cc h thng,
o to s dng cc th tc ny, bo co v khi phc h thng trc s tn cng ca m c hi (xem
12.1 v 12.2);
f) chun b cc k hoch m bo s lin tc v nghip v cho vic khi phc sau nhng tn cng ca
m c hi, bao gm ton b nhng chun b khi phc v sao lu phn mm v d liu cn thit (xem
13);
g) trin khai cc th tc nhm thng xuyn thu thp thng tin, v d ng k vo danh sch th in t
v/hoc kim tra cc a ch mng cho thng tin v cc loi m c hi mi;
h) trin khai cc th tc xc thc thng tin lin quan n m c hi v m bo rng cc bn tin cnh
bo l chnh xc v cung cp c nhiu thng tin; nhng ngi qun l cn m bo c cc ngun tin
cy, v d cc t bo c ting tm, cc a ch internet hoc cc nh sn xut phn mm chng m c
hi ng tin cy, c s dng nhm phn bit gia cc tr la o v m c hi thc s; tt c nhng
ngi dng cn c trang b kin thc v nhng tr la o v nhng vic phi lm khi nhn c
chng
Thng tin khc
S dng hai hoc nhiu sn phm phn mm chng m c hi ca nhiu nh cung cp khc nhau trong
mi trng x l thng tin c th nng cao hiu qu phng chng m c.
Phn mm gip bo v chng li m c hi c th c ci t nhm cung cp cc ni dung cp nht
ca cc tp nh ngha v cc cng c qut nhm chc chn rng vic bo v c cp nht. Hn
na, phn mm ny c th c ci t trn mi my tnh bn nhm thc hin kim tra t ng.
Cn quan tm n vic bo v chng li s xm nhp ca m c hi trong cc th tc bo dng v
khn cp, do chng c th b b qua khi s dng cc bin php chng m c hi thun ty.
9.4.2. Kim sot cc m di ng
Bin php qun l
i vi cc m di ng hp l, vic ci t phi m bo ph hp vi cc chnh sch an ton c
t ra. Ngc li, cc on m di ng tri php s b ngn chn.
Hng dn trin khai
Cn quan tm n cc hot ng sau nhm ngn chn m di ng thc hin cc hot ng cha c
cp php:
a) thc thi m di ng trong mt mi trng c c lp v mt logic;
b) hn ch s dng m di ng;
c) hn ch nhn m di ng;
d) kch hot cc bin php k thut sn sng trn mt h thng chuyn dng nhm qun l m di ng;
e) qun l cc ngun ti nguyn sn sng cho truy cp m di ng;
f) qun l bng mt m nhm xc thc m di ng.
Thng tin khc
M di ng l mt m phn mm truyn t my tnh ny sang my tnh khc v sau t ng thc hin
mt chc nng no m khng c tng tc ngi dng hoc ch c mt t. M di ng lin quan n
rt nhiu dch v phn mm trung gian.
Bn cnh vic m bo m di ng khng cha m c hi th vic qun l m c hi cng rt cn thit
nhm ngn nga s dng tri php hoc lm ph v h thng, mng, hoc cc ngun ti nguyn ng
dng v cc vi phm an ton thng tin khc.
12.3 Backup
Objective: To protect against loss of data.
when necessary; this should be combined with a test of the restoration procedures
and checked
against the restoration time required. Testing the ability to restore backed-up data
should be
performed onto dedicated test media, not by overwriting the original media in case
the backup or
restoration process fails and causes irreparable data damage or loss;
f) in situations where confidentiality is of importance, backups should be protected
by means of encryption.
Operational procedures should monitor the execution of backups and address
failures of scheduled
backups to ensure completeness of backups according to the backup policy.
Backup arrangements for individual systems and services should be regularly tested
to ensure that
they meet the requirements of business continuity plans. In the case of critical
systems and services,
backup arrangements should cover all systems information, applications and data
necessary to recover
the complete system in the event of a disaster.
The retention period for essential business information should be determined,
taking into account any requirement for archive copies to be permanently retained.
9.5. Sao lu
Mc tiu: Nhm duy tr s ton vn v s sn sng ca thng tin v cc phng tin
x l thng tin.
Cn thit lp cc th tc thng xuyn nhm thc hin chin lc v chnh sch sao
lu c tha thun (xem 13.1) trong vic sao lu v kp thi khi phc d liu.
Event logging sets the foundation for automated monitoring systems which are
capable of generating
consolidated reports and alerts on system security.
Other information
Event logs can contain sensitive data and personally identifiable information.
Appropriate privacy
protection measures should be taken (see 18.1.4).
Where possible, system administrators should not have permission to erase or deactivate logs of their own activities (see 12.4.3).
9.10. Gim st
Mc tiu: Nhm pht hin cc hot ng x l thng tin tri php
Cn gim st cc h thng v ghi li cc s kin lin quan n an ton thng tin.
Cc nht k ca ngi iu hnh v nht k li c th c s dng nhm m bo
nhn bit c tt c cc vn v h thng thng tin.
T chc cn tun th tt c cc yu cu php l lin quan trong cc hot ng gim
st v ghi nht k.
Gim st h thng cng cn c s dng nhm kim tra tnh hiu qu ca cc bin
php qun l c p dng v kim chng s ph hp vi mt m hnh chnh sch
truy cp.
l) vic kch hot v gii kch hot cc h thng bo v, v d nh cc h thng chng virut v cc h
thng pht hin xm nhp.
Thng tin khc
Cc nht k nh gi c th cha d liu c nhn b mt. Cn thc hin cc bin php bo v ring ph
hp (xem thm 14.1.4). Nu c th th nhng ngi qun tr h thng khng c php xa b hoc gii
kch hot cc nht k v cc hot ng ring ca h (xem 9.1.3).
c) dung lng lu tr ca phng tin ghi nht k ang b vt, dn n li i vi cc s kin ghi
c hoc ghi ln cc s kin ghi trc y.
Mt s nht k nh gi c th c yu cu nh mt phn ca chnh sch lu gi cc bo co hoc do
cc yu cu phi thu thp v lu gi chng c (xem thm 12.2.3).
Thng tin khc
Cc nht k h thng thng cha mt lng ln thng tin, phn ln trong s chng li khng lin quan
n vic gim st an ton. d dng nhn din cc s kin quan trng cho cc mc ch gim st an
ton th cn quan tm n vic t ng sao chp li cc loi thng ip ph hp vo mt nht k th hai,
v/hoc s dng cc tin ch h thng ph hp hoc cc cng c nh gi nhm thc hin iu tra v
hp l ha tp.
Cc nht k h thng cn c bo v, v nu d liu c th b sa i hoc d liu trong nht k b xa
b th s tn ti ca chng c th gy ra li an ton thng tin.
Bn cnh vic kim sot nhng ngi qun tr v iu hnh, c th s dng thm h thng pht hin
xm nhp nhm gim st h thng v cc hot ng qun tr mng cn tun th.
Mc tiu: Nhm gim thiu cc mi nguy him xut pht t vic tin tc li dng cc
im yu k thut c cng b.
Vic qun l cc im yu k thut cn c trin khai theo mt phng thc hiu
qu, c h thng v lp li vi cc bin php c thc hin nhm xc nhn hiu
qu ca n. Nhng i tng cn quan tm phi bao gm c cc h iu hnh, v
cc ng dng khc ang c s dng.
13 Communications security
13.1 Network security management
Objective: To ensure the protection of information in networks and its supporting
information processing
facilities.
Mc tiu: Nhm m bo an ton cho thng tin trn mng v an ton cho c s h tng h tr.
Vic qun l an ton mng, c th m rng ra ngoi phm vi t chc, i hi phi ch n lung d
liu, cc vn php l lin quan, vic gim st, v bo v.
C th yu cu thm cc bin php qun l h tr nhm bo v khng cho thng tin nhy cm lt ra cc
mng cng cng.
13.1.1 Kim sot mng
Kim sot
Nhng ngi qun l mng cn trin khai cc bin php qun l nhm m bo s an ton ca thng tin
trn mng, v m bo bo v cc dch v kt ni trc s truy cp tri php. C th l, cn quan tm
n cc vn sau:
a) nu cn, phi tch bch trch nhim v mt khai thc mng vi vic vn hnh my tnh (xem 9.1.3);
b) cn thit lp cc trch nhim v th tc i vi vic qun l thit b xa, bao gm c thit b trong
phm vi ca ngi dng;
c) cn thit lp cc bin php qun l c bit nhm bo v tnh b mt v s ton vn ca d liu i qua
cc mng cng cng hoc qua cc mng v tuyn, v bo v cc h thng c kt ni v cc ng dng
(xem 10.4 v 11.3); cc bin php bo v c bit c th c yu cu nhm duy tr kh nng sn sng
ca cc dch v mng v cc my tnh c kt ni;
d) cn p dng hnh thc ghi nht k v gim st ph hp nhm ghi li cc hot ng lin quan n an
ton thng tin;
e) cn phi hp cht ch cc hot ng qun l nhm ti u dch v ng thi m bo rng cc bin
php qun l c p dng nht qun qua h tng x l thng tin.
Thng tin khc
C th tm thm thng tin v an ton mng trong ISO/IEC 18028, Cng ngh thng tin - Cc k thut an
ton - An ton mng IT
Cc thng tin khc
B sung thng tin v an ninh mng c th c tm thy trong ISO / IEC 27033. [15] [16] [17] [18] [19]
connection controls;
b) technical parameters required for secured connection with the network services
in accordance
with the security and network connection rules;
c) procedures for the network service usage to restrict access to network services or
applications,
where necessary.
--------------------------------- tu dich
Kim sot
C ch bo mt, mc dch v v yu cu qun l ca tt c cc dch v mng
nn c
xc nh v bao gm trong tha thun cc dch v mng, cho d cc dch v ny
c cung cp trong nh
hoc thu ngoi.
Hng dn thi hnh
Kh nng ca cc nh cung cp dch v mng qun l cc dch v tho thun
trong mt cch an ton nn c
xc nh v theo di thng xuyn, v quyn c kim ton phi c s ng .
Cc bin php an ninh cn thit cho cc dch v c bit, chng hn nh tnh nng
bo mt, mc dch v
Cn quan tm n vic phn tch cc mng khng dy khi cc mng ni b v mng c nhn. Nu
khng xc nh c cc vnh ai mng ca mng khng dy th cn thc hin nh gi ri ro xc
nh cc bin php qun l (v d xc thc mnh, cc phng php m ha, v la chn tn s) duy
tr s phn tch mng.
Thng tin khc
Mng cng ngy cng c xu hng m rng ra ngoi ranh gii ca t chc, v cc quan h i tc kinh
doanh c hnh thnh c th yu cu kt ni hoc chia s cc phng tin mng v phng tin x l
thng tin. Cc mng m rng c th lm tng nguy c truy cp tri php vo cc h thng thng tin hin
ang s dng mng, mt s mng m rng c th i hi phi c bo v trc nhng ngi dng
mng khc v tnh cht quan trng hay nhy cm ca cc mng ny.
a) cc th tc c thit k nhm bo v thng tin c trao i khi s nghe ln, sao chp, sa i, sai
a ch, v ph hy;
b) cc th tc nhm pht hin v bo v chng li m c hi b pht tn khi s dng cc phng tin
truyn thng in t (xem 9.4.1);
c) cc th tc nhm bo v thng tin in t nhy cm c trao i c tp tin nh km;
chnh sch hoc cc hng dn s lc v s dng cc phng tin truyn thng in t (xem 6.1.3);
e) cc th tc s dng cc phng tin truyn thng v tuyn, quan tm n cc ri ro c th;
f) trch nhim ca nhn vin, ngi ca nh thu v nhng ngi dng khc trong vic khng lm nh
hng xu n t chc, v d ph bng, quy ri, mo danh, chuyn cc bc th hng lot, mua bn tri
php...;
g) c th s dng cc k thut mt m nhm bo v tnh b mt, tnh ton vn v tnh xc thc ca thng
tin (xem 11.3);
h) hng dn ngn chn v hy b cc th t giao dch, bao gm c cc thng ip, theo cc quy nh
v quy ch ni b v quc gia c lin quan;
i) khng c thng tin nhy cm hoc thng tin quan trng trn cc thit b in n, v d cc my sao
chp ti liu, my in, my qut, v chng c th b truy cp bi nhng c nhn khng c php;
j) cc bin php qun l v cc hn ch lin quan n vic chuyn tip cc phng tin truyn thng, v
d t ng chuyn tip th in t vo cc a ch hp th bn ngoi;
k) nhc nh vi mi ngi v vic thc hin phng, v d khng tit l thng tin nhy cm nhm trnh
khng b nghe lm hoc b nghe trm khi ang gi in thoi bi:
1) nhng ngi xung quanh, c bit l khi ang s dng in thoi di ng;
2) nghe trm, v cc hnh thc nghe trm khc thng qua truy nhp vt l n my in thoi cm tay
hoc ng in thoi, hoc s dng cc my thu qut;
3) nhng ngi u my kia;
I) khng cc thng ip cha thng tin nhy cm cc my tr li v cc thng ip ny c th b
nhng ngi khng c quyn nghe li, ct gi trn cc h thng cng cng hoc ct gi khng ng quy
cch do quay s nhm;
m) nhc nh vi mi ngi v cc s c do s dng my sao chp, c th l:
1) truy cp tri php vo cc b lu gi thng ip bn trong nhm ly cc thng ip;
2) c hoc v tnh lp trnh cho cc my thc hin gi cc-thng ip n cc s c th no ;
3) do quay s sai hoc s dng s lu tr sai m gi nhm cc ti liu v cc thng ip;
n) nhc nh mi ngi khng c ng k d liu c nhn, v d cc thng tin nh a ch th in t
hoc cc thng tin c nhn khc, trong bt c phn mm no nhm trnh b thu thp thng tin cho cc
mc ch s dng tri php;
o) nhc nh mi ngi rng cc my sao chp ti liu hin i u c cc b nh trong v c th lu
c ni dung cc trang trong trng hp c li truyn dn hoc li v giy in, cc trang ny s c in
li ngay khi li c khc phc.
The information security content of any agreement should reflect the sensitivity of
the business
information involved.
Other information
Agreements may be electronic or manual, and may take the form of formal
contracts. For confidential
information, the specific mechanisms used for the transfer of such information
should be consistent for all organizations and types of agreements.
9.8.2. Cc tha thun trao i
Bin php qun l
Cc tha thun cn c thit lp cho vic trao i thng tin v phn mm gia t chc v cc thc th
bn ngoi.
Hng dn trin khai
Cc tha thun trao i cn quan tm n cc iu kin an ton sau y:
a) cc trch nhim ca ban qun l trong vic qun l v thng bo v vic truyn, gi v nhn thng tin
chuyn giao;
b) cc th tc thng bo vi ngi gi v vic truyn, gi v nhn;
c) cc th tc m bo kh nng truy vt v khng th chi b;
d) cc tiu chun k thut ti thiu cho vic ng gi v truyn;
e) cc tha thun giao ko;
f) cc tiu chun nhn dng cch thc chuyn;
g) cc trch nhim v ngha v khi c cc s kin an ton thng tin, nh mt d liu;
h) s dng h thng dn nhn tha thun i vi cc thng tin quan trng hoc nhy cm, m bo
rng ngha ca cc nhn c th c hiu ngay v thng tin c bo v ph hp;
i) quyn s hu v cc trch nhim bo v d liu, bn quyn, tun th bn quyn phn mm v cc vn
tng t khc (xem 14.1.2 v 14.1.4);
j) cc tiu chun k thut cho ghi v c thng tin v phn mm;
k) cc bin php qun l c bit c th c yu cu nhm bo v cc danh mc thng tin nhy cm,
nh cc kha bo mt (xem 11.3).
Cc chnh sch, th tc, v tiu chun cn c thit lp v c qun l nhm bo v thng tin v
phng tin vt l trong qu trnh trao i (xem thm 9.8.3), v cn c tham chiu trong cc tha
thun trao i.
Ni dung v an ton ca cc tha thun cn th hin nhy cm ca thng tin nghip v lin quan.
Thng tin khc
Cc tha thun c th dng in t hoc vit tay, v hnh thc c th nh cc bn hp ng chnh
thc hoc cc iu kin tuyn dng. i vi thng tin nhy cm th cc c ch c bit s dng cho trao
i thng tin cn ph hp vi tt c cc t chc v cc loi tha thun.
9.8.4. Thng ip in t
Bin php qun l
Thng tin bao hm trong cc thng ip in t cn c bo v mt cch tha ng.
Hng dn trin khai
Cn quan tm n cc vn an ton sau i vi thng ip in t:
a) bo v thng ip khi s truy cp tri php, sa i hoc t chi dch v;
b) m bo nh ng a ch v gi ng a ch thng ip;
c) tin cy v sn sng chung ca dch v;
d) cc vn php l, v d cc yu cu v ch k in t;
e) c chp thun trc khi s dng cc dch v cng cng bn ngoi nh nhn tin nhanh hoc chia s
tp;
f) truy cp t cc mng cng cng d truy cp phi c qun l bng mc xc thc cao hn.
Thng tin khc
Thng ip in t nh th in t, trao i d liu in t (EDI), v nhn tin nhanh ng vai tr ngy
cng cao trong cc giao dch thng mi. Thng ip in t cha nhiu ri ro hn truyn thng bng
giy.