Scribd Logo
Upload

Welcome to Scribd!

  • ‎⁨اساسيات تكنولوجيا المعلومات للمدققين الداخليين⁩

    Uploaded by

    modi4uk
    27 views66 pages
    The document discusses the International Professional Practices Framework (IPPF) which provides guidance for internal auditors globally. It outlines the key elements of the IPPF including the Core Principles, a definition of internal auditing, a code of ethics, and international standards. Supplementary guidance is also provided to help auditors implement the mandatory elements, including practice advisories, guidance on specific industries, and the Global Technology Audit Guide.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses the International Professional Practices Framework (IPPF) which provides guidance for internal auditors globally. It outlines the key elements of the IPPF including the Core Principles, a definition of internal auditing, a code of ethics, and international standards. Supplementary guidance is also provided to help auditors implement the mandatory elements, including practice advisories, guidance on specific industries, and the Global Technology Audit Guide.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    27 views66 pages

    ‎⁨اساسيات تكنولوجيا المعلومات للمدققين الداخليين⁩

    Uploaded by

    modi4uk
    The document discusses the International Professional Practices Framework (IPPF) which provides guidance for internal auditors globally. It outlines the key elements of the IPPF including the Core Principles, a definition of internal auditing, a code of ethics, and international standards. Supplementary guidance is also provided to help auditors implement the mandatory elements, including practice advisories, guidance on specific industries, and the Global Technology Audit Guide.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 66

    ‫ﻣﺘﺮﺟﻢ ﻣﻦ ﺍﻹﻧﺠﻠﻴﺰﻳﺔ ﺇﻟﻰ ﺍﻟﻌﺮﺑﻴﺔ ‪www.onlinedoctranslator.

    com -‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬


    ‫ﺣﻮﻝ‪IPPF‬‬
    ‫ﺍﻹﻃﺎﺭﺍﻟﺪﻭﻟﻲ ﻟﻠﻤﻤﺎﺭﺳﺎﺕ ﺍﻟﻤﻬﻨﻴﺔ )‪ (®IPPF‬ﻫﻮ ﺍﻹﻃﺎﺭ‬
    ‫ﺍﻟﻤﻔﺎﻫﻴﻤﻲﺍﻟﺬﻱ ﻳﻨﻈﻢ ﺇﺭﺷﺎﺩﺍﺕ ﻣﻮﺛﻮﻗﺔ ﺻﺎﺩﺭﺓ ﻋﻦ ﻣﻌﻬﺪ‬
    ‫ﺍﻟﻤﺪﻗﻘﻴﻦﺍﻟﺪﺍﺧﻠﻴﻴﻦ )‪ (IIA‬ﻟﻤﻬﻨﻴﻲ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﻤﺘﺪﺭﺑﻴﻦ ﻓﻲ‬
    ‫ﺟﻤﻴﻊﺃﻧﺤﺎء ﺍﻟﻌﺎﻟﻢ‪.‬‬

    ‫ﺍﻟﺘﻮﺟﻴﻪﺍﻹﻟﺰﺍﻣﻲﺗﻢ ﺗﻄﻮﻳﺮﻩ ﺑﻌﺪ ﻋﻤﻠﻴﺔ ﺍﻟﻌﻨﺎﻳﺔ ﺍﻟﻮﺍﺟﺒﺔ‬


    ‫ﺍﻟﻤﻌﻤﻮﻝﺑﻬﺎ ‪ ،‬ﻭﺍﻟﺘﻲ ﺗﺸﻤﻞ ﻓﺘﺮﺓ ﺗﻌﺮﺽ ﺍﻟﺠﻤﻬﻮﺭ ﻟﻤﺪﺧﻼﺕ‬
    ‫ﺃﺻﺤﺎﺏﺍﻟﻤﺼﻠﺤﺔ‪ .‬ﺍﻟﻌﻨﺎﺻﺮ ﺍﻹﻟﺰﺍﻣﻴﺔ ﻟﻺﻃﺎﺭ ﺍﻟﺪﻭﻟﻲ ﻟﺘﻨﻈﻴﻢ‬
    ‫ﺍﻷﺳﺮﺓﻫﻲ‪:‬‬

    ‫ﺍﻟﻤﺒﺎﺩﺉﺍﻷﺳﺎﺳﻴﺔ ﻟﻠﻤﻤﺎﺭﺳﺔ ﺍﻟﻤﻬﻨﻴﺔ‬ ‫‪-‬‬


    ‫ﻟﻠﺘﺪﻗﻴﻖﺍﻟﺪﺍﺧﻠﻲ‪.‬‬
    ‫ﺗﻌﺮﻳﻒﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ‪ .‬ﻣﺪﻭﻧﺔ‬ ‫‪-‬‬
    ‫ﻟﻘﻮﺍﻋﺪﺍﻟﺴﻠﻮﻙ‪.‬‬ ‫‪-‬‬
    ‫ﺍﻟﻤﻌﺎﻳﻴﺮﺍﻟﺪﻭﻟﻴﺔ ﻟﻠﻤﻤﺎﺭﺳﺔ ﺍﻟﻤﻬﻨﻴﺔ ﻟﻠﺘﺪﻗﻴﻖ‬ ‫‪-‬‬
    ‫ﺍﻟﺪﺍﺧﻠﻲ‪.‬‬

    ‫ﺍﻟﺘﻮﺟﻴﻪﺍﻟﻤﻮﺻﻰ ﺑﻪﻳﺘﻀﻤﻦ ﺇﺭﺷﺎﺩﺍﺕ ﺗﻨﻔﻴﺬﻳﺔ ﺗﻜﻤﻴﻠﻴﺔ‪ .‬ﺗﻢ ﺗﺼﻤﻴﻢ‬


    ‫ﺇﺭﺷﺎﺩﺍﺕﺍﻟﺘﻨﻔﻴﺬ ﻟﻤﺴﺎﻋﺪﺓ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﻋﻠﻰ ﻓﻬﻢ ﻛﻴﻔﻴﺔ ﺗﻄﺒﻴﻖ‬
    ‫ﻣﺘﻄﻠﺒﺎﺕﺍﻟﺘﻮﺟﻴﻪ ﺍﻹﻟﺰﺍﻣﻲ ﻭﺍﻻﻣﺘﺜﺎﻝ ﻟﻬﺎ‪.‬‬

    ‫ﺣﻮﻝﺍﻟﺘﻮﺟﻴﻪ ﺍﻟﺘﻜﻤﻴﻠﻲ‬
    ‫ﺗﻮﻓﺮﺍﻹﺭﺷﺎﺩﺍﺕ ﺍﻟﺘﻜﻤﻴﻠﻴﺔ ﻣﻌﻠﻮﻣﺎﺕ ﺇﺿﺎﻓﻴﺔ ﻭﻧﺼﺎﺉﺢ ﻭﺃﻓﻀﻞ ﺍﻟﻤﻤﺎﺭﺳﺎﺕ ﻟﺘﻘﺪﻳﻢ ﺧﺪﻣﺎﺕ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ‪.‬‬
    ‫ﻭﻫﻮﻳﺪﻋﻢ ﻣﻠﻔﺎﺕﺍﻟﻤﻌﺎﻳﻴﺮﻣﻦ ﺧﻼﻝ ﻣﻌﺎﻟﺠﺔ ﺍﻟﻤﺠﺎﻻﺕ ﺍﻟﻤﻮﺿﻮﻋﻴﺔ ﻭﺍﻟﻘﻀﺎﻳﺎ ﺍﻟﺨﺎﺻﺔ ﺑﺎﻟﻘﻄﺎﻉ ﺑﻤﺰﻳﺪ ﻣﻦ‬
    ‫ﺍﻟﺘﻔﺼﻴﻞﻋﻦ ﺇﺭﺷﺎﺩﺍﺕ ﺍﻟﺘﻨﻔﻴﺬ ﻭﺍﻟﺘﻲ ﻳﺘﻢ ﺍﻋﺘﻤﺎﺩﻫﺎ ﻣﻦ ﻗﺒﻞ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﻣﻦ ﺧﻼﻝ ﻋﻤﻠﻴﺎﺕ‬
    ‫ﺍﻟﻤﺮﺍﺟﻌﺔﻭﺍﻟﻤﻮﺍﻓﻘﺔ ﺍﻟﺮﺳﻤﻴﺔ‪.‬‬

    ‫ﺃﺩﻟﺔﺍﻟﻤﻤﺎﺭﺳﺔ‬
    ‫ﺗﻮﻓﺮﺃﺩﻟﺔ ﺍﻟﻤﻤﺎﺭﺳﺔ ‪ ،‬ﻭﻫﻲ ﻧﻮﻉ ﻣﻦ ﺍﻹﺭﺷﺎﺩﺍﺕ ﺍﻟﺘﻜﻤﻴﻠﻴﺔ ‪ ،‬ﻣﻨﺎﻫﺞ ﻣﻔﺼﻠﺔ ﻭﻋﻤﻠﻴﺎﺕ ﺧﻄﻮﺓ ﺑﺨﻄﻮﺓ ﻭﺃﻣﺜﻠﺔ ﺗﻬﺪﻑ‬
    ‫ﺇﻟﻰﺩﻋﻢ ﺟﻤﻴﻊ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪ .‬ﺣﺪﺩ ﺃﺩﻟﺔ ﺍﻟﻤﻤﺎﺭﺳﺔ ﺍﻟﺘﻲ ﺗﺮﻛﺰ ﻋﻠﻰ‪:‬‬

    ‫ﺍﻟﺨﺪﻣﺎﺕﺍﻟﻤﺎﻟﻴﺔ‪.‬‬ ‫‪-‬‬
    ‫ﺍﻟﻘﻄﺎﻉﺍﻟﻌﺎﻡ‪.‬‬ ‫‪-‬‬
    ‫ﺗﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ )‪.(®GTAG‬‬ ‫‪-‬‬

    ‫ﻟﻠﺤﺼﻮﻝﻋﻠﻰ ﻧﻈﺮﺓ ﻋﺎﻣﺔ ﻋﻠﻰ ﺍﻟﻤﻮﺍﺩ ﺍﻹﺭﺷﺎﺩﻳﺔ ﺍﻟﻤﻮﺛﻮﻗﺔ ﺍﻟﻤﻘﺪﻣﺔ ﻣﻦ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪ ،‬ﻳﺮﺟﻰ ﺯﻳﺎﺭﺓ ‪-guidance‬‬
    ‫‪.www.globaliia.org/standards‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬ ‫‪www.theiia.org‬‬


    ‫ﺟﺪﻭﻝﺍﻟﻤﺤﺘﻮﻳﺎﺕ‬
    ‫ﻣﻠﺨﺺﺗﻨﻔﻴﺬﻱ‪3 ............................ .................................................. ................................................‬‬

    ‫ﻣﻘﺪﻣﺔ ‪3...................................... .................................................. .................................................‬‬


    ‫ﺍﻟﺘﻮﺍﻓﻖﻣﻊ ﻣﺪﻭﻧﺔ ﺍﻷﺧﻼﻕ ﻭﺍﻟﻤﻌﺎﻳﻴﺮ ﺍﻟﺼﺎﺩﺭﺓ ﻋﻦ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﺍﻟﺪﻭﻟﻲ ‪4 ............ .........................................‬‬

    ‫ﺍﻟﻌﻼﻗﺔﻣﻊ ﺍﻷﻋﻤﺎﻝ ﻭﺍﻟﺤﻮﻛﻤﺔ ﺍﻟﻌﺎﻣﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪5 ....................... ..........................................‬‬


    ‫ﺗﻤﻜﻴﻦﺍﻷﻋﻤﺎﻝ ‪ -‬ﺍﻟﻬﺪﻑ ﻣﻦ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪6 ........................................... ...........................................‬‬
    ‫ﺣﻮﻛﻤﺔﺗﻘﻨﻴﺔ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪6 ......................... .................................................. ................................................‬‬
    ‫ﺗﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻛﻌﻤﻞ ﺗﺠﺎﺭﻱ ‪7 ......................... .................................................. ...‬‬
    ‫ﺍﻹﺷﺮﺍﻑﻋﻠﻰ ﺍﻟﻌﻤﻠﻴﺎﺕ‪ :‬ﺗﻘﺪﻳﻢ ﺧﺪﻣﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺇﺩﺍﺭﺓ ﻣﺤﻔﻈﺔ ﺍﻟﻤﺸﺎﺭﻳﻊ ‪8 .............................‬‬
    ‫ﺍﻟﻤﺮﺍﻗﺒﺔﺍﻟﻤﺴﺘﻤﺮﺓ‪ :‬ﺍﺣﺘﻴﺎﺟﺎﺕ ‪ /‬ﺃﻧﺸﻄﺔ ﺍﻟﺠﻮﺩﺓ ﻭﺍﻻﻣﺘﺜﺎﻝ ‪8 .... .........................................‬‬
    ‫ﺍﻟﺘﺤﺪﻳﺎﺕﻭﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﺘﻲ ﺗﻮﺍﺟﻪ ﺣﻮﻛﻤﺔ ﺗﻘﻨﻴﺔ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﻋﻼﻗﺔ ﺍﻟﻌﻤﻞ ﻭﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪9 .......................‬‬

    ‫ﺍﻟﺒﻨﻴﺔﺍﻟﺘﺤﺘﻴﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪11 ............................... .................................................. ................................................‬‬

    ‫ﺍﻟﻤﻜﻮﻧﺎﺕﺍﻟﺮﺉﻴﺴﻴﺔ ‪11 ................ .................................................. ................................................‬‬


    ‫ﺗﺤﺪﻳﺎﺕﻭﻣﺨﺎﻃﺮ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ‪20 ......................................... ..............................................‬‬
    ‫ﺷﺒﻜﺔﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪21 ........................................ .................................................. ...‬‬
    ‫ﺗﻌﺮﻳﻒﺍﻟﺸﺒﻜﺔ ‪21 ................ .................................................. ...............................................‬‬
    ‫ﻣﻜﻮﻧﺎﺕﻭﻣﻔﺎﻫﻴﻢ ﺍﻟﺸﺒﻜﺔ ‪28 ........................................ ..............................................‬‬
    ‫ﺍﻟﻮﺻﻮﻝﺇﻟﻰ ﺍﻟﺸﺒﻜﺔ ﻋﻦ ﺑﻌﺪ ‪32 ........ .................................................. ...‬‬
    ‫ﺩﻓﺎﻉﺍﻟﺸﺒﻜﺔ ‪33 .................. .................................................. ................................................‬‬
    ‫ﺗﺤﺪﻳﺎﺕﺍﻟﺸﺒﻜﺔ ﻭﻣﺨﺎﻃﺮﻫﺎ ‪33 .................................................. ..............................................‬‬
    ‫ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ‪34..................................... .................................................. .................................................‬‬
    ‫ﻫﻨﺪﺳﺔﺍﻟﺘﻄﺒﻴﻖ ‪34 ....... .................................................. ................................................‬‬
    ‫ﺗﻄﻮﻳﺮﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﺻﻴﺎﻧﺘﻬﺎ ‪36 ............................ ..............................................‬‬
    ‫ﺍﻟﺘﻄﺒﻴﻘﺎﺕﺍﻟﺘﺤﺪﻳﺎﺕ ﻭﺍﻟﻤﺨﺎﻃﺮ ‪40 ............................................ ..............................................‬‬
    ‫ﻣﻮﺿﻮﻋﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻹﺿﺎﻓﻴﺔ ﻭﺍﻟﻨﺎﺷﺉﺔ ‪42 ...... .................................................. .............................................‬‬

    ‫ﺇﺩﺍﺭﺓﺍﻟﺒﻴﺎﻧﺎﺕ ‪42 ................ .................................................. ................................................‬‬


    ‫ﺗﺤﻠﻴﻼﺕﺍﻟﺒﻴﺎﻧﺎﺕ ‪43 ....................... .................................................. ................................................‬‬
    ‫ﻭﺳﺎﺉﻞﺍﻟﺘﻮﺍﺻﻞ ﺍﻻﺟﺘﻤﺎﻋﻲ ‪44 .......................... .................................................. ................................................‬‬
    ‫ﺃﺗﻤﺘﺔﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺮﻭﺑﻮﺗﻴﺔ ‪44. .................................................. ...............................................‬‬
    ‫ﺍﻟﺘﻌﻠﻢﺍﻵﻟﻲ ﻭﺍﻟﺬﻛﺎء ﺍﻻﺻﻄﻨﺎﻋﻲ ‪45 ............................. .............................................‬‬
    ‫ﺇﻧﺘﺮﻧﺖﺍﻷﺷﻴﺎء )‪46 ............. .................................................. ............................................ (IoT‬‬
    ‫ﺗﺤﺪﻳﺎﺕﻣﻮﺿﻮﻋﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻹﺿﺎﻓﻴﺔ ﻭﺍﻟﻨﺎﺷﺉﺔ ‪47 ...................... ...................................................‬‬
    ‫ﺧﺎﺗﻤﺔ ‪47........................... .................................................. .................................................‬‬
    ‫ﺍﻟﻤﻠﺤﻖﺃ‪ .‬ﻣﻌﺎﻳﻴﺮ ﻭﺇﺭﺷﺎﺩﺍﺕ ‪ IIA‬ﺫﺍﺕ ﺍﻟﺼﻠﺔ ‪49 .................................. ..........................................‬‬
    ‫ﺍﻟﻤﻠﺤﻖﺏ‪ .‬ﺍﻟﻤﺴﺮﺩ ‪50 .......................... .................................................. ..............................................‬‬

    ‫ﺍﻟﻤﻠﺤﻖﺝ‪ .‬ﺩﻟﻴﻞ ﺍﻻﺧﺘﺼﺎﺭﺍﺕ ‪52 ............... .................................................. .............................................‬‬

    ‫ﺍﻟﻤﻠﺤﻖ‪ D. OSI‬ﺷﺒﻜﺔ ﺳﺒﻊ ﻃﺒﻘﺎﺕ ‪55 ... .................................................. ..........................................‬‬

    ‫‪1‬‬ ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻤﻠﺤﻖ‪ .E‬ﻧﻤﻮﺫﺝ ﺍﻟﻄﺒﻘﺎﺕ ﺍﻟﺴﺒﻊ ﻗﻴﺪ ﺍﻟﺘﻨﻔﻴﺬ ‪58 ................................................... ........................................‬‬

    ‫ﺍﻟﻤﻠﺤﻖﻭ‪ .‬ﺃﻭﺻﺎﻑ ﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻌﺎﻣﺔ ‪59 ............................ ...........................................‬‬


    ‫ﺍﻟﻤﻠﺤﻖﺯ‪ .‬ﻣﻘﺎﺭﻧﺔ ﺑﻴﻦ ﻗﻮﺍﻋﺪ ﺑﻴﺎﻧﺎﺕ ‪ SQL‬ﻭ ‪NoSQL ... ........................... 60‬‬
    ‫ﺍﻟﻤﻠﺤﻖﺡ‪ .‬ﺍﻟﻤﺮﺍﺟﻊ ﻭﺍﻟﻤﻮﺍﺭﺩ ﺍﻹﺿﺎﻓﻴﺔ ‪62 ................................ ...‬‬
    ‫ﺷﻜﺮﻭﺗﻘﺪﻳﺮ ‪63......................... .................................................. ...‬‬

    ‫‪2‬‬ ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬ ‫‪www.theiia.org‬‬


    ‫ﻣﻠﺨﺺﺗﻨﻔﻴﺬﻱ‬
    ‫ﻓﻲﻋﺎﻟﻢ ﺍﻟﻴﻮﻡ ‪ ،‬ﺗﻌﺪ ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺟﺰءﺍً ﻻ ﻳﺘﺠﺰﺃ ﻣﻦ ﻛﻞ ﻣﺆﺳﺴﺔ ﻭﺗﺪﻋﻢ ﺗﻘﺮﻳﺒﺎً ﻛﻞ ﺟﺰء ﻣﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﻛﻞ ﻣﻌﺎﻣﻠﺔ‬
    ‫ﺃﻭﻋﻤﻠﻴﺔ ﺣﺴﺎﺑﻴﺔ ﻭﻛﻞ ﻋﻤﻠﻴﺔ ﺃﻭ ﻧﺸﺎﻁ ﺗﺠﺎﺭﻱ‪ .‬ﻳﺤﺘﺎﺝ ﺍﻟﻤﺪﻗﻘﻮﻥ ﺍﻟﺪﺍﺧﻠﻴﻮﻥ ﺇﻟﻰ ﻓﻬﻢ ﺃﺳﺎﺳﻲ ﻟﻤﻔﺎﻫﻴﻢ ﻭﻋﻤﻠﻴﺎﺕ‬
    ‫ﺗﻘﻨﻴﺔﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻷﺳﺎﺳﻴﺔ‪ .‬ﺑﺪﻭﻥ ﺫﻟﻚ ‪ ،‬ﻗﺪ ﻻ ﻳﻔﻬﻢ ﺍﻟﻤﺪﻗﻘﻮﻥ ﺍﻟﺪﺍﺧﻠﻴﻮﻥ ﺑﺸﻜﻞ ﻛﺎﻣﻞ ﺃﻫﺪﺍﻑ ﺗﻘﻨﻴﺔ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﻭﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﻤﺮﺗﺒﻄﺔ ﺑﻬﺎ ‪ ،‬ﻭﻗﺪ ﻳﻔﺘﻘﺮﻭﻥ ﺇﻟﻰ ﺍﻟﻘﺪﺭﺓ ﻋﻠﻰ ﺗﻘﻴﻴﻢ ﺃﻭ ﺗﺪﻗﻴﻖ ﺗﺼﻤﻴﻢ ﺃﻭ ﻓﻌﺎﻟﻴﺔ ﺍﻟﻀﻮﺍﺑﻂ‬
    ‫ﺍﻟﻤﺘﻌﻠﻘﺔﺑﺘﻠﻚ ﺍﻟﻤﺨﺎﻃﺮ‪.‬‬

    ‫ﻳﻘﺪﻡﻫﺬﺍ ﺍﻟﺪﻟﻴﻞ ﻛﻔﺎءﺍﺕ ﺗﻘﻨﻴﺔ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻷﺳﺎﺳﻴﺔ ﻭﺍﻟﻔﻬﻢ ﺍﻟﺬﻱ ﻳﺤﺘﺎﺟﻪ ﺃﻱ ﻣﺪﻗﻖ ﺩﺍﺧﻠﻲ ﻭﻳﻘﺪﻡ ﺑﺸﻜﻞ ﻛﺎﻣﻞ‬
    ‫ﻣﻨﺎﻗﺸﺎﺕﻭﻟﻤﺤﺎﺕ ﻋﺎﻣﺔ ﻋﻦ ﻋﻤﻠﻴﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺍﺳﺘﺮﺍﺗﻴﺠﻴﺎﺗﻬﺎ ﻭﺍﻟﺘﻘﻨﻴﺎﺕ ﺍﻷﺳﺎﺳﻴﺔ ﻧﻔﺴﻬﺎ‪ .‬ﻻ ﻳﺪﺧﻞ‬
    ‫ﻓﻲﺗﻔﺎﺻﻴﻞ ﺿﻮﺍﺑﻂ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺃﻭ ﻛﻴﻔﻴﺔ ﺗﺪﻗﻴﻖ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ؛ ﻳﺘﻢ ﺗﻨﺎﻭﻟﻬﺎ ﻓﻲ ﺇﺭﺷﺎﺩﺍﺕ ﻣﻌﻬﺪ‬
    ‫ﺍﻟﻤﺪﻗﻘﻴﻦﺍﻟﺪﺍﺧﻠﻴﻴﻦ )‪ (IIA‬ﺍﻷﺧﺮﻯ‪ .‬ﺑﺪﻻ ًﻣﻦ ﺫﻟﻚ ‪ ،‬ﻓﻬﻮ ﻳﻐﻄﻲ ﺍﻷﻧﺸﻄﺔ ﻭﺍﻟﻤﻔﺎﻫﻴﻢ ﺍﻷﺳﺎﺳﻴﺔ ﺍﻟﻤﺘﻌﻠﻘﺔ ﺑﺘﻜﻨﻮﻟﻮﺟﻴﺎ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﺍﻟﺘﻲ ﻳﺠﺐ ﺃﻥ ﻳﻌﺮﻓﻬﺎ ﺟﻤﻴﻊ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬

    ‫ﻳﺘﻢﺗﻘﺪﻳﻢ ﻟﻤﺤﺎﺕ ﻋﺎﻣﺔ ﻋﻦ ﺣﻮﻛﻤﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﻭﺍﻟﻌﻼﻗﺔ ﺑﻴﻦ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺍﻷﻋﻤﺎﻝ ‪،‬‬
    ‫ﻭﻛﻴﻒﺗﺨﻠﻖ ﺗﻘﻨﻴﺔ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻗﻴﻤﺔ ﻣﻦ ﺧﻼﻝ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺠﺎﺭﻳﺔ ‪ ،‬ﻭﺗﺴﻠﻴﻢ ﺍﻟﻤﺸﺮﻭﻉ ‪ ،‬ﻭﺗﻄﻮﻳﺮ ﺍﻟﻨﻈﺎﻡ ‪ ،‬ﻭﺍﻟﺪﻋﻢ ‪،‬‬
    ‫ﻭﻣﺮﺍﻗﺒﺔﺍﻟﺠﻮﺩﺓ ﻭﻣﺴﺘﻮﻳﺎﺕ ﺗﻘﺪﻳﻢ ﺍﻟﺨﺪﻣﺔ‪ .‬ﻳﻐﻄﻲ ﻫﺬﺍ ﺍﻟﺪﻟﻴﻞ ﺃﻳﻀﺎً ﺍﻟﻔﻬﻢ ﺍﻷﺳﺎﺳﻲ ﺍﻟﻤﻄﻠﻮﺏ ﻟﺜﻼﺛﺔ ﻣﺠﺎﻻﺕ‬
    ‫ﺗﻘﻨﻴﺔﺣﺎﺳﻤﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ -‬ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﻭﺍﻟﺸﺒﻜﺔ ﻭﺍﻟﺘﻄﺒﻴﻘﺎﺕ ‪ -‬ﺟﻨﺒﺎً ﺇﻟﻰ ﺟﻨﺐ ﻣﻊ ﻣﺮﺍﺟﻌﺔ ﻋﺎﻟﻴﺔ‬
    ‫ﺍﻟﻤﺴﺘﻮﻯﻟﻠﺘﺤﺪﻳﺎﺕ ﻭﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﻘﺎﺑﻠﺔ ﻟﻠﺘﻄﺒﻴﻖ ﻓﻲ ﺗﻠﻚ ﺍﻟﻤﺠﺎﻻﺕ‪.‬‬

    ‫ﺍﻟﻐﺮﺽﺍﻵﺧﺮ ﻣﻦ ﻫﺬﺍ ﺍﻟﺪﻟﻴﻞ ﻫﻮ ﺗﻘﺪﻳﻢ ﻣﺤﺘﻮﻯ ﻣﻦ ﺇﻃﺎﺭ ﻛﻔﺎءﺍﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﺘﺎﺑﻊ ﻟﻤﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ )ﺍﻟﺸﻜﻞ ‪ ، (1‬ﻭﺍﻟﻤﻮﺍءﻣﺔ‬
    ‫ﻣﻊﺟﻮﺍﻧﺐ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﺘﻲ ﻳﻐﻄﻴﻬﺎ ﺍﺧﺘﺒﺎﺭ ﺍﻟﻤﺪﻗﻖ ﺍﻟﺪﺍﺧﻠﻲ ﺍﻟﻤﻌﺘﻤﺪ )‪ (CIA‬ﻣﻦ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ )‪ ، (IIA‬ﻭﺍﻟﺬﻱ ﻳﺨﺘﺒﺮ‬
    ‫ﺍﻟﻤﺴﺘﻮﻯﺍﻷﺳﺎﺳﻲ ﻟﻔﻬﻢ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﺬﻱ ﻳﺤﺘﺎﺟﻪ ﺍﻟﻤﺪﻗﻘﻮﻥ ﺍﻟﺪﺍﺧﻠﻴﻮﻥ ‪.‬‬

    ‫ﻳﺴﺘﻜﺸﻒﺍﻟﺪﻟﻴﻞ ﺃﻳﻀﺎً ﺑﻌﺾ ﺍﺗﺠﺎﻫﺎﺕ ﻭﻣﻮﺿﻮﻋﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﻨﺎﺷﺉﺔ‪ .‬ﺗﻌﺪ ﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﺠﺪﻳﺪﺓ ﻭﺍﻟﺘﻐﻴﻴﺮﺍﺕ ﺍﻟﻤﺴﺘﻤﺮﺓ ﻓﻲ ﻣﺸﻬﺪ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﺟﺰءﺍً ﻣﻦ ﺍﻟﻄﺒﻴﻌﺔ ﺍﻟﻤﺘﻄﻮﺭﺓ ﻭﺍﻟﻤﺘﺄﺻﻠﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪ .‬ﻛﻤﺎ ﻟﻮﺣﻆ ‪ ،‬ﻓﺈﻥ ﺃﻧﺸﻄﺔ ﺗﺪﻗﻴﻖ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﻤﺤﺪﺩﺓ ‪ ،‬ﻭﺍﻟﻀﻮﺍﺑﻂ‬
    ‫ﺍﻟﻌﺎﻣﺔﻭﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﻤﺘﻌﻠﻘﺔ ﺑﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﻭﻣﻮﺿﻮﻋﺎﺕ ﺃﻛﺜﺮ ﺗﻘﺪﻣﺎً ﺣﻮﻝ ﻣﺨﺎﻃﺮ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﻭﺍﻟﻀﻮﺍﺑﻂ ‪ ،‬ﻭﺃﺳﺎﻟﻴﺐ ﺍﻟﺘﺪﻗﻴﻖ ﻣﻐﻄﺎﺓ‬
    ‫ﻓﻲﺇﺭﺷﺎﺩﺍﺕ ﺃﺧﺮﻯ ﻣﻦ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﺍﻟﺪﻭﻟﻲ )‪ ، (IIA‬ﻭﺍﻟﺘﻲ ﻳﻤﻜﻦ ﺃﻥ ﺗﻜﻤﻞ ﺃﻳﻀﺎً ﺩﺭﺍﺳﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻋﻨﺪ ﺍﻟﺘﺤﻀﻴﺮ ﻻﻣﺘﺤﺎﻥ ﺍﻟﻤﺪﻗﻖ‬
    ‫ﺍﻟﺪﺍﺧﻠﻲﺍﻟﻤﻌﺘﻤﺪ )® ‪ (CIA‬ﺃﻭ ﻟﻠﺤﺼﻮﻝ ﻋﻠﻰ ﻣﻌﻠﻮﻣﺎﺕ ﻋﺎﻣﺔ ﺃﺧﺮﻯ ﻋﻦ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪.‬‬

    ‫ﻣﻘﺪﻣﺔ‬
    ‫ﻳﺴﺎﻋﺪﻫﺬﺍ ﺍﻟﺘﻮﺟﻴﻪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﻋﻠﻰ ﻓﻬﻢ ﻛﻴﻔﻴﺔ‬
    ‫ﻣﻠﺤﻮﻇﺔ‪ :‬ﺗﻢ ﺗﻌﺮﻳﻒ ﺍﻟﻤﺼﻄﻠﺤﺎﺕ ﺍﻟﻤﻜﺘﻮﺑﺔ‬ ‫ﻋﻤﻞﺗﻘﻨﻴﺔ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻋﻠﻰ ﻧﻄﺎﻕ ﻭﺍﺳﻊ ﻋﺒﺮ ﺍﻟﻤﺆﺳﺴﺔ‬
    ‫ﺑﺎﻟﺨﻂﺍﻟﻌﺮﻳﺾ ﻓﻲ ﺍﻟﻤﺴﺮﺩ ﻓﻲ ﺍﻟﻤﻠﺤﻖ ﺏ‪.‬‬ ‫ﻭﺍﻟﻌﻼﻗﺔﺍﻟﻤﻬﻤﺔ ﺍﻟﺘﻲ ﺗﻠﻌﺒﻬﺎ ﺗﻘﻨﻴﺔ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻓﻲ ﻧﺠﺎﺡ‬
    ‫ﺍﻟﻤﺆﺳﺴﺔ‪.‬ﻳﻨﺎﻗﺶ ﺍﻟﻘﺴﻢ ﺍﻷﻭﻝ ﺃﻫﺪﺍﻑ ﺗﻘﻨﻴﺔ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﻭﻋﻼﻗﺘﻬﺎ ﺑـ‬
    ‫ﺍﻟﺘﻨﻈﻴﻢﻭﺍﻟﺸﺎﻣﻞﺇﺩﺍﺭﺓ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪ .‬ﺗﺘﻌﻤﻖ ﺍﻷﻗﺴﺎﻡ ﺍﻟﻼﺣﻘﺔ ﻓﻲ ﺗﻔﺎﺻﻴﻞ ﺍﻟﺘﻘﻨﻴﺎﺕ ﺍﻟﻤﺤﺪﺩﺓ‬
    ‫ﻭﻋﻤﻠﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﺘﻲ ﻳﺠﺐ ﺃﻥ ﻳﻔﻬﻤﻬﺎ ﺍﻟﻤﺪﻗﻘﻮﻥ ﺍﻟﺪﺍﺧﻠﻴﻮﻥ ﺑﺸﻜﻞ ﺃﺳﺎﺳﻲ ‪ ،‬ﺳﻮﺍء ﻛﺎﻧﻮﺍ‬
    ‫ﻣﺘﺨﺼﺼﻴﻦﻓﻲ ﺗﺪﻗﻴﻖ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺃﻡ ﻻ‪.‬‬

    ‫‪3‬‬ ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬ ‫‪www.theiia.org‬‬


    ‫ﻧﻈﺮﺍًﻷﻥ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻫﻲ ﺟﺰء ﺃﺳﺎﺳﻲ ﻣﻦ ﻛﻞ ﻣﺆﺳﺴﺔ ‪ ،‬ﻓﻬﻲ ﺿﺮﻭﺭﻳﺔ ﻟـﺍﻟﺮﺉﻴﺲ ﺍﻟﺘﻨﻔﻴﺬﻱ‬
    ‫ﻟﻠﺘﺪﻗﻴﻖ‪ )AI(.‬ﺃﻭ ﺍﻟﺬﻛﺎء ﺍﻻﺻﻄﻨﺎﻋﻲ ‪ )RPA( ،‬ﻭﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﻟﻠﺤﺼﻮﻝ ﻋﻠﻰ ﻓﻬﻢ ﺃﺳﺎﺳﻲ ﻭﻣﻌﺮﻓﺔ‬
    ‫ﺑﺘﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺇﺩﺍﺭﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻬﺎﻣﺔ ﺩﺍﺧﻞ ﻣﺆﺳﺴﺎﺗﻬﻢ‪ .‬ﺇﻥ ﺣﻤﺎﻳﺔ ﺑﻴﺎﻧﺎﺕ ﺍﻟﻤﺆﺳﺴﺔ ‪ ،‬ﻭﺩﻋﻢ ﻋﻤﻠﻴﺎﺕ‬
    ‫ﺗﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﻭﺣﻤﺎﻳﺔ ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﻟﻴﺴﺖ ﺳﻮﻯ ﻋﺪﺩ ﻗﻠﻴﻞ ﻣﻦ ﺍﻟﺘﺤﺪﻳﺎﺕ ﺍﻟﺘﻲ ﺗﻮﺍﺟﻬﻬﺎ ﺍﻟﻤﺆﺳﺴﺎﺕ‬
    ‫ﺍﻟﻴﻮﻡ‪.‬ﻋﻠﻰ ﺍﻟﺮﻏﻢ ﻣﻦ ﺃﻥ ﻫﺬﻩ ﺍﻟﺘﺤﺪﻳﺎﺕ ﻗﺪ ﺗﺒﺪﻭ ﺷﺎﻗﺔ ‪ ،‬ﺇﻻ ﺃﻥ ﺍﻟﻔﺮﺹ ﺍﻟﻤﺤﺘﻤﻠﺔ ﺍﻟﺘﻲ ﺗﺘﻴﺤﻬﺎ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﻷﻱ ﻛﻴﺎﻥ ‪ ،‬ﻣﺜﻞ ﺗﺤﺴﻴﻦ ﻋﻤﻠﻴﺎﺗﻬﺎ ‪ ،‬ﻭﺍﺑﺘﻜﺎﺭ ﺗﻄﻮﻳﺮ ﺍﻟﻤﻨﺘﺠﺎﺕ ‪ ،‬ﻭﺍﻻﺳﺘﻔﺎﺩﺓ ﻣﻦ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺑﻤﺎ ﻓﻲ‬
    ‫ﺫﻟﻚﺗﺤﻠﻴﻼﺕ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﻭﺍﻟﺘﻘﻨﻴﺎﺕ ﻣﺜﻞ ﺃﺗﻤﺘﺔ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻵﻟﻴﺔ (‪)CAE‬‬

    ‫ﺗﻌﺪﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺿﺮﻭﺭﻳﺔ ﻻﺳﺘﺮﺍﺗﻴﺠﻴﺔ ﺍﻟﻤﻨﻈﻤﺔ ‪ ،‬ﻭﻓﻬﻢ ﺍﻟﺘﺄﺛﻴﺮﺍﺕ ﺍﻟﺘﻲ ﻳﻤﻜﻦ ﺃﻥ ﺗﺤﺪﺛﻬﺎ ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ‬
    ‫ﻋﻠﻰﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺘﺠﺎﺭﻳﺔ ﻭﺇﺩﺍﺭﺓ ﺍﻟﻤﺨﺎﻃﺮﺳﻴﺴﺎﻋﺪ ﻓﻲ ﺍﻻﺭﺗﻘﺎء ﺑﺎﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﻛﻤﺴﺘﺸﺎﺭ ﻣﻮﺛﻮﻕ ﻭﻣﻨﺸﺊ‬
    ‫ﻟﻠﻘﻴﻤﺔ‪.‬‬

    ‫ﻳﻮﺿﺢﺍﻟﺸﻜﻞ ‪ 1‬ﻣﺠﺎﻻﺕ ﺗﻘﻨﻴﺔ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﻤﻬﻤﺔ ﺍﻟﺘﻲ ﻳﺠﺐ ﺃﻥ ﻳﻜﻮﻥ ﻟﺪﻯ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﻓﻬﻢ ﺃﺳﺎﺳﻲ‬
    ‫ﻟﻬﺎ‪.‬‬

    ‫ﺍﻟﺸﻜﻞ‪ :1‬ﻛﻔﺎءﺍﺕ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﻓﻲ ﻣﺠﺎﻝ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻓﻲ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬

    ‫ﺍﻟﻤﺼﺪﺭ‪:‬ﻣﻌﻬﺪ ﺍﻟﻤﺮﺍﺟﻌﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬

    ‫ﺍﻟﺘﻮﺍﻓﻖﻣﻊ ﻣﺪﻭﻧﺔ ﺍﻷﺧﻼﻕ ﻭﺍﻟﻤﻌﺎﻳﻴﺮ ﺍﻟﺼﺎﺩﺭﺓ ﻋﻦ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ )‪(IIA‬‬

    ‫ﻋﻠﻰﺍﻟﺮﻏﻢ ﻣﻦ ﺃﻥ ﻫﺬﺍ ﺍﻟﺪﻟﻴﻞ ﻻ ﻳﺪﺧﻞ ﻓﻲ ﺗﻔﺎﺻﻴﻞ ﻣﺤﺪﺩﺓ ﻹﺟﺮﺍء ﺗﺪﻗﻴﻖ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﺇﻻ ﺃﻥ‬
    ‫ﺍﻟﻤﺤﺘﻮﻯﺍﻟﻌﺎﻡ ﺳﻴﺴﺎﻋﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﻋﻠﻰ ﺍﻻﻟﺘﺰﺍﻡ ﺑﻤﺒﺪﺃ ﺍﻟﻜﻔﺎءﺓ ﺍﻟﻮﺍﺭﺩ ﻓﻲ ﻣﺪﻭﻧﺔ ﺍﻷﺧﻼﻗﻴﺎﺕ ﻭ‬

    ‫‪4‬‬ ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬ ‫‪www.theiia.org‬‬


    ‫ﻣﻌﺎﻳﻴﺮ‪ IIA‬ﺍﻟﻤﺘﻌﺪﺩﺓ ‪ ،‬ﻭﺗﺤﺪﻳﺪﺍ ًﺍﻟﻤﻌﻴﺎﺭ ‪ - 1200‬ﺍﻟﻜﻔﺎءﺓ‬
    ‫ﻭﺍﻟﻌﻨﺎﻳﺔﺍﻟﻤﻬﻨﻴﺔ ﺍﻟﻮﺍﺟﺒﺔ ‪ ،‬ﻭﺍﻟﺘﻲ ﺗﻨﺺ ﻋﻠﻰ "ﺍﻻﺭﺗﺒﺎﻃﺎﺕ‬
    ‫ﻣﺼﺎﺩﺭﺇﺿﺎﻓﻴﺔ‬
    ‫ﻳﺠﺐﺃﻥ ﻳﺘﻢ ﺇﺟﺮﺍﺅﻫﺎ ﺑﺎﻟﻜﻔﺎءﺓ ﻭﺍﻟﻌﻨﺎﻳﺔ ﺍﻟﻤﻬﻨﻴﺔ ﺍﻟﻮﺍﺟﺒﺔ "‪،‬‬
    ‫ﺳﻮﻑﻳﺸﻴﺮ ﻫﺬﺍ ﺍﻟﺪﻟﻴﻞ ﺇﻟﻰ ﻣﻌﺎﻳﻴﺮ ﻣﻦ‬ ‫ﻭﺍﻟﻤﻌﻴﺎﺭ‪ - 1210‬ﺍﻟﻜﻔﺎءﺓ ‪ ،‬ﻭﺍﻟﺬﻱ ﻳﻨﺺ ﻋﻠﻰ ﺃﻥ"‬
    ‫ﺍﻟﻬﻴﺉﺎﺕﺍﻹﺩﺍﺭﻳﺔ ﺍﻷﺧﺮﻯ‪ IIA .‬ﺍﻟﻤﻌﺎﻳﻴﺮ‬ ‫ﺍﻟﻤﺪﻗﻘﻴﻦﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﻳﺠﺐ ﺃﻥ ﻳﻤﺘﻠﻜﻮﺍ ﺍﻟﻤﻬﺎﺭﺍﺕ ﺍﻟﻤﻌﺮﻓﻴﺔ‬
    ‫ﺳﻴﺘﻢﺍﻹﺷﺎﺭﺓ ﺇﻟﻴﻪ ﻋﻠﻰ ﻫﺬﺍ ﺍﻟﻨﺤﻮ‬ ‫ﻭﺍﻟﻜﻔﺎءﺍﺕﺍﻷﺧﺮﻯ ﺍﻟﻼﺯﻣﺔ ﻷﺩﺍء ﻣﺴﺆﻭﻟﻴﺎﺗﻬﻢ ﺍﻟﻔﺮﺩﻳﺔ‪ .‬ﺍﻝ‬
    ‫ﻭﺳﻴﺘﻀﻤﻦﺍﻟﺮﻗﻢ ﺍﻟﻘﻴﺎﺳﻲ‪.‬‬ ‫ﻧﺸﺎﻁﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲﻳﺠﺐ ﺃﻥ ﺗﻤﺘﻠﻚ ﺑﺸﻜﻞ ﺟﻤﺎﻋﻲ‬
    ‫ﺃﻭﺗﺤﺼﻞ ﻭ‬

    ‫ﺗﻄﺒﻴﻖﺍﻟﻤﻌﺮﻓﺔ ﻭﺍﻟﻤﻬﺎﺭﺍﺕ ﻭﺍﻟﻜﻔﺎءﺍﺕ ﺍﻷﺧﺮﻯ ﺍﻟﻼﺯﻣﺔ ﻷﺩﺍء ﻣﺴﺆﻭﻟﻴﺎﺗﻪ "‪ .‬ﻳﺠﺐ ﺃﻥ ﻳﻜﻮﻥ ﻟﺪﻯ ﺍﻟﻤﺪﻗﻘﻴﻦ‬
    ‫ﺍﻟﺪﺍﺧﻠﻴﻴﻦﻣﻌﺮﻓﺔ ﻛﺎﻓﻴﺔ ﺑﺘﻘﻨﻴﺔ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﺮﺉﻴﺴﻴﺔﺍﻟﻤﺨﺎﻃﺮﻭﺍﻟﻀﻮﺍﺑﻂ ﻭﺃﺳﺎﻟﻴﺐ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﻘﺎﺉﻤﺔ ﻋﻠﻰ‬
    ‫ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﺘﺎﺣﺔ ﻷﺩﺍء ﺍﻟﻌﻤﻞ ﺍﻟﻤﻜﻠﻒ ﺑﻬﺎ‪.‬‬

    ‫ﻋﻨﺪﺗﻌﻴﻴﻦ ﻣﺪﻗﻘﻴﻦ ﻟﻤﻬﻤﺔ ﻗﺪ ﺗﺘﻄﻠﺐ ﻣﻬﺎﺭﺍﺕ ﻭﻗﺪﺭﺍﺕ ﻣﺤﺪﺩﺓ ‪ ،‬ﻣﺜﻞ ﺍﻟﺘﺪﻗﻴﻖ ﺑﺎﺳﺘﺨﺪﺍﻡ ﻣﻜﻮﻧﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪،‬ﻳﻨﺺ ﺍﻟﻤﻌﻴﺎﺭ ‪ - 2230‬ﺗﺨﺼﻴﺺ ﻣﻮﺍﺭﺩ ﺍﻟﻤﺸﺎﺭﻛﺔ ﻋﻠﻰ ﺃﻧﻪ "ﻳﺠﺐ ﻋﻠﻰ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﺗﺤﺪﻳﺪ‬
    ‫ﺍﻟﻤﻮﺍﺭﺩﺍﻟﻤﻨﺎﺳﺒﺔ ﻭﺍﻟﻜﺎﻓﻴﺔ ﻟﺘﺤﻘﻴﻖ ﺃﻫﺪﺍﻑ ﺍﻟﻤﻬﻤﺔ ﺑﻨﺎء ًﻋﻠﻰ ﺗﻘﻴﻴﻢ ﺍﻟﻄﺒﻴﻌﺔ ﻭﺗﻌﻘﻴﺪ ﻛﻞ ﻣﺸﺎﺭﻛﺔ ‪ ،‬ﻭﺍﻟﻘﻴﻮﺩ‬
    ‫ﺍﻟﺰﻣﻨﻴﺔ ‪،‬ﻭﺍﻟﻤﻮﺍﺭﺩ ﺍﻟﻤﺘﺎﺣﺔ "‪ .‬ﻳﻨﺺ ﺗﻔﺴﻴﺮ ﻫﺬﺍ ﺍﻟﻤﻌﻴﺎﺭ ﻋﻠﻰ ﺃﻥ "ﺍﻟﻤﻼﺉﻢ ﻳﺸﻴﺮ ﺇﻟﻰ ﻣﺰﻳﺞ ﻣﻦ ﺍﻟﻤﻌﺮﻓﺔ ﻭﺍﻟﻤﻬﺎﺭﺍﺕ‬
    ‫ﻭﺍﻟﻜﻔﺎءﺍﺕﺍﻷﺧﺮﻯ ﺍﻟﻼﺯﻣﺔ ﻷﺩﺍء ﺍﻟﻤﻬﻤﺔ"‪ .‬ﺇﻥ ﺗﻌﺰﻳﺰ ﺍﻟﻤﻌﺮﻓﺔ ﺍﻟﻌﺎﻣﺔ ﺑﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺳﻴﺴﺎﻋﺪ ﻗﺴﻢ‬
    ‫ﺍﻟﺘﺪﻗﻴﻖﺍﻟﺪﺍﺧﻠﻲ ﻭﺍﻟﻤﺪﻗﻖ ﺍﻟﺪﺍﺧﻠﻲ ﺍﻟﻔﺮﺩﻱ ﻓﻲ ﺍﻟﺤﺼﻮﻝ ﻋﻠﻰ ﺍﻟﻤﻬﺎﺭﺍﺕ ﺍﻟﻤﻄﻠﻮﺑﺔ ﻷﺩﺍء ﻋﻤﻠﻴﺎﺕ ﺍﻟﺘﺪﻗﻴﻖ‬
    ‫ﺍﻟﻤﺘﻌﻠﻘﺔﺑﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪.‬‬

    ‫ﺇﺫﺍﻛﺎﻥ ﻗﺴﻢ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﻳﻔﺘﻘﺮ ﺇﻟﻰ ﻣﻮﻇﻔﻴﻦ ﻟﺪﻳﻬﻢ ﺍﻟﻤﻬﺎﺭﺍﺕ ﺍﻟﻼﺯﻣﺔ ﻹﺟﺮﺍء ﺗﺪﻗﻴﻖ ﻳﺸﻤﻞ ﺟﻮﺍﻧﺐ ﻣﻦ‬
    ‫ﺑﻴﺉﺔﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﻓﻘﺪ ﻳﺨﺘﺎﺭ ﺍﻻﺳﺘﻌﺎﻧﺔ ﺑﻤﺼﺎﺩﺭ ﺧﺎﺭﺟﻴﺔ ﺃﻭ ﺍﻟﺘﻌﺎﻗﺪﺍﺕ‪ .‬ﻋﻨﺪ ﺍﻟﻘﻴﺎﻡ ﺑﺬﻟﻚ ‪ ،‬ﻳﺤﺘﻔﻆ‬
    ‫ﻧﺸﺎﻁﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﺑﻤﺴﺆﻭﻟﻴﺔ ﺍﻟﺘﺪﻗﻴﻖ ﻛﻜﻞ‪ .‬ﺍﻟﻤﻌﻴﺎﺭ ‪2340‬‬
    ‫‪-‬ﻳﻨﺺ "ﺍﻹﺷﺮﺍﻑ ﻋﻠﻰ ﺍﻟﻤﺸﺎﺭﻛﺔ" ﻋﻠﻰ ﺃﻧﻪ "ﻳﺠﺐ ﺍﻹﺷﺮﺍﻑ ﻋﻠﻰ ﺍﻻﺭﺗﺒﺎﻃﺎﺕ ﺑﺸﻜﻞ ﺻﺤﻴﺢ ﻟﻀﻤﺎﻥ ﺗﺤﻘﻴﻖ‬
    ‫ﺍﻷﻫﺪﺍﻑﻭﺿﻤﺎﻥ ﺍﻟﺠﻮﺩﺓ ﻭﺗﻄﻮﻳﺮ ﺍﻟﻤﻮﻇﻔﻴﻦ"‪.‬‬

    ‫ﺍﻟﻌﻼﻗﺔﻣﻊ ﺍﻷﻋﻤﺎﻝ ﻭﺍﻟﺤﻮﻛﻤﺔ ﺍﻟﺸﺎﻣﻠﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ‬


    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬
    ‫ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎﻣﻌﻘﺪﺓ ﻭﺳﺮﻳﻌﺔ ﺍﻟﺘﻐﻴﺮ ‪ ،‬ﻭﻣﻊ ﺫﻟﻚ ﺗﺘﻮﻗﻊ ﺍﻟﻤﺆﺳﺴﺎﺕ ﺃﻥ ﺗﻜﻮﻥ ﺧﺪﻣﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﺪﻳﻬﺎ ﺁﻣﻨﺔ‬
    ‫ﻭﻓﻌﺎﻟﺔﻭﻣﻮﺛﻮﻗﺔ ﻭﻣﺤﺪﺛﺔ ﻭﻓﻌﺎﻟﺔ ﻣﻦ ﺣﻴﺚ ﺍﻟﺘﻜﻠﻔﺔ‪.‬‬

    ‫ﺳﻴﻐﻄﻲﻫﺬﺍ ﺍﻟﻘﺴﻢ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻛﻮﺣﺪﺓ ﺃﻋﻤﺎﻝ ﻣﺘﻌﺪﺩﺓ ﺍﻟﻮﻇﺎﺉﻒ ﺗﻤﺜﻞ ﻣﺰﻭﺩ ﺧﺪﻣﺔ ﺃﺳﺎﺳﻴﺎً‬
    ‫ﻟﻠﻤﺆﺳﺴﺔ‪.‬ﻳﺠﺐ ﺃﻥ ﺗﻜﻮﻥ ﺍﻟﻌﻼﻗﺔ ﺑﻴﻦ ﺍﻟﻤﻨﻈﻤﺔ ﻭﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻣﻔﻬﻮﻣﺔ ﺑﺸﻜﻞ ﻭﺍﺿﺢ ‪ ،‬ﻭﻳﺠﺐ ﺇﻧﺸﺎء‬
    ‫ﺣﻮﻛﻤﺔﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﺘﻘﺪﻳﻢ ﻗﻴﻤﺔ ﻷﺻﺤﺎﺏ ﺍﻟﻤﺼﻠﺤﺔ‪ .‬ﺑﺎﻹﺿﺎﻓﺔ ﺇﻟﻰ ﺫﻟﻚ ‪ ،‬ﻳﺠﺐ ﺃﻥ ﺗﻀﻤﻦ ﺇﺩﺍﺭﺓ‬
    ‫ﺗﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻣﺮﺍﻗﺒﺔ ﺧﺪﻣﺎﺕ ﻭﻣﺸﺎﺭﻳﻊ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﻤﻘﺪﻣﺔ ﻣﻦ ﺃﺟﻞ ﺍﻟﺠﻮﺩﺓ ﻭﺍﻻﻣﺘﺜﺎﻝ‬
    ‫ﻟﻠﻘﻮﺍﻧﻴﻦﻭﺍﻟﻠﻮﺍﺉﺢ ﺍﻟﺘﻲ ﺗﺘﺒﺎﻳﻦ ﺑﺸﻜﻞ ﻣﺘﺰﺍﻳﺪ ﻭﺗﺘﻐﻴﺮ ﺑﺴﺮﻋﺔ‪.‬‬

    ‫ﻓﻲﺍﻷﻧﺸﻄﺔ ﺍﻟﺘﻨﻈﻴﻤﻴﺔ ﻭﺍﻟﺘﺠﺎﺭﻳﺔ ‪ ،‬ﺃﺻﺒﺤﺖ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺟﻮﻫﺮﻳﺔ ﻟﺨﻠﻖ ﺍﻟﻘﻴﻤﺔ ‪ ،‬ﻭﺗﻤﻜﻴﻦ ﺍﻟﺨﺪﻣﺎﺕ‬
    ‫ﺍﻟﺘﻨﺎﻓﺴﻴﺔ ‪،‬ﻭﺍﺑﺘﻜﺎﺭ ﻭﺩﻋﻢ ﺍﻻﺳﺘﺮﺍﺗﻴﺠﻴﺎﺕ ﺍﻟﻬﺎﻣﺔ ‪ ،‬ﻭﺩﻋﻢ ﺍﻷﺟﻬﺰﺓ ﺍﻟﺪﺍﺧﻠﻴﺔ‬

    ‫‪5‬‬ ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬ ‫‪www.theiia.org‬‬


    ‫ﻭﺍﻟﺘﻄﺒﻴﻘﺎﺕ‪.‬ﻟﻢ ﺗﻌﺪ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺻﻮﻣﻌﺔ ﻟﻠﻨﺸﺎﻁ ﺗﻌﻤﻞ ﺑﺎﺗﺼﺎﻝ ﻣﺤﺪﻭﺩ ﺑﻴﻦ ﺍﻟﻤﻮﻇﻔﻴﻦ ﻭﺍﻟﻌﻤﻼء ﻭﺍﻟﺸﺮﻛﺎء‪ .‬ﻳﺘﻢ‬
    ‫ﺗﻤﻜﻴﻦﻭﺍﺟﻬﺎﺕ ﻭﻣﻌﺎﻣﻼﺕ ﺍﻷﻋﻤﺎﻝ ‪ ،‬ﺳﻮﺍء ﻛﺎﻧﺖ ﻣﻦ ﺷﺮﻛﺔ ﺇﻟﻰ ﺷﺮﻛﺔ )‪ (B2B‬ﺃﻭ ﻣﻦ ﺷﺮﻛﺔ ﺇﻟﻰ ﻣﺴﺘﻬﻠﻚ )‪ ، (B2C‬ﺑﻮﺍﺳﻄﺔ‬
    ‫ﺍﻟﺘﻘﻨﻴﺎﺕﻭﻋﻤﻠﻴﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﻣﺜﻞ ﺗﻠﻚ ﺍﻷﺟﻬﺰﺓ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﺃﺟﻬﺰﺓ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﻭﺍﻟﻬﻮﺍﺗﻒ ﺍﻟﻤﺤﻤﻮﻟﺔ‬
    ‫ﻭﺃﺟﻬﺰﺓﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﺍﻟﻤﺤﻤﻮﻟﺔ ﻭﺍﻷﺟﻬﺰﺓ ﺍﻟﻠﻮﺣﻴﺔ(‪ .‬ﺍﻟﺤﻴﺎﺓ ﺍﻟﻴﻮﻣﻴﺔ ﻓﻲ ﺍﻟﻌﻤﻞ ﻭﺍﻟﻤﻨﺰﻝ‪.‬‬

    ‫ﺗﻤﻜﻴﻦﺍﻷﻋﻤﺎﻝ ‪ -‬ﺍﻟﻬﺪﻑ ﻣﻦ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬

    ‫ﺍﻟﻬﺪﻑﺍﻷﺳﻤﻰ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻫﻮ ﺗﻤﻜﻴﻦ ﺍﻷﻋﻤﺎﻝ ﺍﻟﺘﺠﺎﺭﻳﺔ ‪ ،‬ﺍﻷﻣﺮ ﺍﻟﺬﻱ ﻳﺘﻄﻠﺐ ﻋﻼﻗﺔ ﻗﻮﻳﺔ ﻭﻓﻬﻤﺎً‬
    ‫ﻟﻮﻇﻴﻔﺔﻋﻤﻞ ﺍﻟﻤﺆﺳﺴﺔ‪ .‬ﺗﻤُﻜﻦِّ ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺟﻤﻴﻊ ﻋﻤﻠﻴﺎﺕ ﺍﻷﻋﻤﺎﻝ ﺍﻷﺳﺎﺳﻴﺔ ﺗﻘﺮﻳﺒﺎً ﻭﻳﺠﺐ ﺃﻥ ﻳﺘﻮﺍﻓﻖ ﺍﺗﺠﺎﻩ‬
    ‫ﺗﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻣﻊ ﺍﺳﺘﺮﺍﺗﻴﺠﻴﺎﺕ ﺃﻋﻤﺎﻝ ﺍﻟﻤﺆﺳﺴﺔ‪ .‬ﻳﺠﺐ ﺃﻥ ﺗﻜﻮﻥ ﻫﻨﺎﻙ ﺷﻔﺎﻓﻴﺔ ﺑﻴﻦ ﺍﻟﻤﻨﻈﻤﺔ‬
    ‫ﻭﺗﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻓﻴﻤﺎ ﻳﺘﻌﻠﻖ ﺑﺎﻟﺘﻜﺎﻟﻴﻒ ﻭﻣﺴﺘﻮﻳﺎﺕ ﺍﻟﺨﺪﻣﺔ ﻭﺍﻟﺨﻴﺎﺭﺍﺕ ﻭﻣﺎ ﺍﻟﺬﻱ ﻳﺤﺴﻦ ﻭﻳﻮﻓﺮ ﺃﻛﺒﺮ ﻗﻴﻤﺔ‬
    ‫ﻟﻮﺣﺪﺍﺕﺍﻷﻋﻤﺎﻝ ﻭﺍﻟﻤﺆﺳﺴﺔ ﺑﺸﻜﻞ ﻋﺎﻡ‪.‬‬

    ‫ﻧﻈﺮﺍًﻟﻮﺟﻮﺩﻫﺎ ﺍﻟﺘﻨﻈﻴﻤﻲ ﺍﻷﺳﺎﺳﻲ ﻭﻷﻧﻬﺎ ﺗﻌﻤﻞ ﻛﻌﻤﻞ ﺗﺠﺎﺭﻱ ﺩﺍﺧﻞ ﺷﺮﻛﺔ ‪ ،‬ﻳﺠﺐ ﺃﻥ ﻳﻜﻮﻥ ﻟﻘﻴﺎﺩﺓ ﺗﻘﻨﻴﺔ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕ"ﻣﻘﻌﺪ ﻋﻠﻰ ﺍﻟﻄﺎﻭﻟﺔ" ﻟﻔﻬﻢ ﻣﺒﺎﺩﺭﺍﺕ ﺍﻷﻋﻤﺎﻝ ﻭﺍﻻﺳﺘﺮﺍﺗﻴﺠﻴﺎﺕ ﻭﺍﻷﻭﻟﻮﻳﺎﺕ ﻭﺍﻟﺘﻐﻴﻴﺮﺍﺕ ﺑﺸﻜﻞ ﺃﻓﻀﻞ‪.‬‬
    ‫ﻳﺠﺐﺃﻥ ﺗﺸﺎﺭﻙ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻓﻲ ﻣﺮﺣﻠﺔ ﺑﺪء ﺍﻟﻤﺸﺎﺭﻳﻊ ﻟﺘﻘﺪﻳﻢ ﻣﺪﺧﻼﺕ ﺫﺍﺕ ﻣﻐﺰﻯ ﻓﻴﻤﺎ ﻳﺘﻌﻠﻖ‬
    ‫ﺑﻘﺮﺍﺭﺍﺕﺍﻟﻌﻤﻞ ﺍﻟﺮﺉﻴﺴﻴﺔ ﺍﻟﺘﻲ ﺗﺘﻄﻠﺐ ﺩﻋﻢ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺑﺸﻜﻞ ﻣﺒﺎﺷﺮ ﺃﻭ ﻏﻴﺮ ﻣﺒﺎﺷﺮ‪.‬‬

    ‫ﻳﺠﺐﺃﻥ ﻳﻘﻮﻡ ﻛﺒﻴﺮ ﻣﺴﺆﻭﻟﻲ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ )‪ (CIO‬ﺑﺘﻤﻜﻴﻦ ﺍﻟﻤﻨﻈﻤﺔ ﻣﻊ ﺗﺤﻘﻴﻖ ﺍﻟﺘﻮﺍﺯﻥ ﺍﻟﺘﻜﺘﻴﻜﻲ ﻭﺗﺤﺴﻴﻦ ﺍﺗﺠﺎﻩ‬
    ‫ﺍﺳﺘﺮﺍﺗﻴﺠﻴﺎﺕﻭﻫﻴﺎﻛﻞ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪.‬‬

    ‫ﺣﻮﻛﻤﺔﺗﻘﻨﻴﺔ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬

    ‫ﻳﺠﺐﺇﺩﺍﺭﺓ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻋﻠﻰ ﻧﻄﺎﻕ ﻭﺍﺳﻊ‬


    ‫ﺍﻟﻤﻮﺍﺭﺩ‬ ‫ﺑﻄﺮﻳﻘﺔﺗﻀﻤﻦ ﺍﻟﺘﺴﻠﻴﻢ ﺍﻷﻣﺜﻞ ﻟﻠﺨﺪﻣﺎﺕ )ﻣﺜﻞ ﺍﻟﺸﺒﻜﺎﺕ‬
    ‫ﻭﺍﻟﺒﻨﻴﺔﺍﻟﺘﺤﺘﻴﺔ ﻭﺍﻟﺘﻄﺒﻴﻘﺎﺕ( ﻟﻠﻤﺆﺳﺴﺔ ﻭﺍﻟﻌﻤﻴﻞ‬
    ‫ﻟﻤﺰﻳﺪﻣﻦ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺣﻮﻝ ﻋﻤﻠﻴﺔ ﺣﻮﻛﻤﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬ ‫ﺍﻟﻨﻬﺎﺉﻲ‪.‬ﻳﺠﺐ ﺃﻥ ﺗﺨﻠﻖ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺃﻳﻀﺎً‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪،‬ﺭﺍﺟﻊ ‪ GTAG‬ﺍﻟﺘﺎﺑﻊ ﻟﻤﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬ ‫ﻗﻴﻤﺔﻭﺗﺪﻋﻢ ﺍﻟﻨﺠﺎﺡ ﺍﻟﺘﻨﻈﻴﻤﻲ‪ .‬ﺗﺴﺎﻋﺪ ﺍﻟﺤﻮﻛﻤﺔ ﺍﻟﺴﻠﻴﻤﺔ‬
    ‫ﺍﻟﻌﺎﻟﻤﻲ)‪" ، (IIA‬ﺗﺪﻗﻴﻖ ﺣﻮﻛﻤﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ"‪.‬‬ ‫ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻋﻠﻰ ﺗﺤﻘﻴﻖ ﻫﺬﻩ ﺍﻷﻫﺪﺍﻑ‪ .‬ﺗﺸﻤﻞ‬
    ‫ﺍﻟﻌﻨﺎﺻﺮﻭﺍﻟﻤﻜﻮﻧﺎﺕ ﺍﻟﺮﺉﻴﺴﻴﺔ ﻟﺤﻮﻛﻤﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﻣﺎ ﻳﻠﻲ‪:‬‬

    ‫ﺍﻟﺘﻮﺍﻓﻖﺍﻻﺳﺘﺮﺍﺗﻴﺠﻲ ‪-‬ﺗﻮﻓﻴﺮ ﺍﻟﺘﻮﺟﻴﻪ ﻭﺍﻟﺨﺪﻣﺎﺕ ﻭﺍﻟﻤﺸﺎﺭﻳﻊ ﻭﺍﻷﻫﺪﺍﻑ ﻟﺪﻋﻢ ﺃﻫﺪﺍﻑ ﺃﻋﻤﺎﻝ‬ ‫‪-‬‬
    ‫ﺍﻟﻤﻨﻈﻤﺔﻭﺗﻌﻈﻴﻢ ﻋﺎﺉﺪ ﺍﻻﺳﺘﺜﻤﺎﺭ )‪.(ROI‬‬
    ‫ﺇﺩﺍﺭﺓﺍﻟﻤﺨﺎﻃﺮ ‪-‬ﺗﺤﺪﻳﺪ ﺍﻟﻌﻤﻠﻴﺎﺕ ﻭﺍﻟﺴﻴﺎﺳﺎﺕ ﺍﻟﻤﻌﻤﻮﻝ ﺑﻬﺎ ﻟﻀﻤﺎﻥ ﻣﻌﺎﻟﺠﺔ ﺍﻟﻤﺨﺎﻃﺮ ﺑﺸﻜﻞ‬ ‫‪-‬‬
    ‫ﻣﻨﺎﺳﺐ‪.‬‬
    ‫ﻗﻴﻤﺔﺍﻟﺘﺴﻠﻴﻢ ‪-‬ﺿﻤﺎﻥ ﺗﻮﻓﻴﺮ ﺃﻗﺼﻰ ﻗﺪﺭ ﻣﻦ ﺧﺪﻣﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻓﻲ ﺟﻤﻴﻊ ﺃﻧﺤﺎء ﺍﻟﻤﻨﻈﻤﺔ‪.‬‬ ‫‪-‬‬
    ‫ﺇﺩﺍﺭﺓﺍﻟﻤﻮﺍﺭﺩ ‪-‬ﺗﻮﻓﻴﺮ ﺍﻟﺘﻮﺟﻴﻪ ﻋﺎﻟﻲ ﺍﻟﻤﺴﺘﻮﻯ ﻟﻠﺤﺼﻮﻝ ﻋﻠﻰ ﻣﻮﺍﺭﺩ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬ ‫‪-‬‬
    ‫ﻭﺍﺳﺘﺨﺪﺍﻣﻬﺎﻟﻀﻤﺎﻥ ﺍﻟﻘﺪﺭﺓ ﺍﻟﻜﺎﻓﻴﺔ ﻭﺍﻹﺷﺮﺍﻑ ﻋﻠﻰ ﻣﺴﺘﻮﻯ ﺍﻟﻤﺆﺳﺴﺔ ﻟﺘﻤﻮﻳﻞ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪.‬‬

    ‫‪6‬‬ ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻬﻴﻜﻞﺍﻟﺘﻨﻈﻴﻤﻲ ‪-‬ﻣﻌﺎﻟﺠﺔ ﺍﻷﺩﻭﺍﺭ ﻭﺍﻟﻮﻇﺎﺉﻒ ﻭﻋﻼﻗﺎﺕ ﺇﻋﺪﺍﺩ ﺍﻟﺘﻘﺎﺭﻳﺮ ﺍﻟﻼﺯﻣﺔ ﻣﻤﺎ ﻳﺴﻤﺢ‬ ‫‪-‬‬
    ‫ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺑﺘﻠﺒﻴﺔ ﺍﻻﺣﺘﻴﺎﺟﺎﺕ ﺍﻟﺘﻨﻈﻴﻤﻴﺔ ﻣﻊ ﺿﻤﺎﻥ ﻣﻌﺎﻟﺠﺔ ﺍﻟﻤﺘﻄﻠﺒﺎﺕ ﻣﻦ ﺧﻼﻝ‬
    ‫ﺍﻟﺘﻘﻴﻴﻢﺍﻟﺮﺳﻤﻲ ﻭﺗﺤﺪﻳﺪ ﺍﻷﻭﻟﻮﻳﺎﺕ‪.‬‬
    ‫ﺇﻋﺪﺍﺩﺍﻟﺴﻴﺎﺳﺔ ‪-‬ﺿﻤﺎﻥ ﺗﻨﻔﻴﺬ ﻣﻌﺎﻳﻴﺮ ﺍﻟﺼﻨﺎﻋﺔ ﻭﺍﻟﺴﻴﺎﺳﺎﺕ ﻭﺍﻷﻃﺮ ﻟﻠﺘﻌﺎﻣﻞ ﻣﻊ ﻣﺨﺎﻃﺮ ﺍﻟﻤﻨﻈﻤﺔ‬ ‫‪-‬‬
    ‫ﻭﺍﻻﻣﺘﺜﺎﻝﻭﺍﻟﻤﺘﻄﻠﺒﺎﺕ ﺍﻟﺘﻨﻈﻴﻤﻴﺔ‪.‬‬

    ‫ﺗﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻛﻌﻤﻞ ﺗﺠﺎﺭﻱ‬

    ‫ﺗﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻴﺴﺖ ﻣﺠﺮﺩ ﻣﺮﻛﺰ ﺗﻜﻠﻔﺔ ‪ ،‬ﺇﻧﻬﺎ ﻭﻇﻴﻔﺔ ﻋﻠﻰ ﻣﺴﺘﻮﻯ ﺍﻟﻤﺆﺳﺴﺔ ﺗﻌﻤﻞ ﻛﻌﻤﻞ ﺩﺍﺧﻠﻲ‪ .‬ﻓﻲ ﻣﻌﻈﻢ‬
    ‫ﺍﻟﻤﺆﺳﺴﺎﺕ ‪،‬ﻳﻜﻮﻥ ﻛﺒﻴﺮ ﻣﻮﻇﻔﻲ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭ ‪ /‬ﺃﻭ ﻛﺒﻴﺮ ﻣﺴﺆﻭﻟﻲ ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ )‪ (CTO‬ﻣﺴﺆﻭﻟﻴﻦ ﻋﻦ ﺇﺩﺍﺭﺓ ﻭﺿﻤﺎﻥ‬
    ‫ﺗﻘﺪﻳﻢﺧﺪﻣﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻋﺒﺮ ﺍﻟﻤﺆﺳﺴﺔ‪ .‬ﻗﺪ ﻳﻜﻮﻥ ﻟﺪﻯ ﺍﻟﻤﻨﻈﻤﺎﺕ ﺃﻳﻀﺎً ﻣﺴﺆﻭﻝ‬
    ‫ﺃﻣﻦﻣﻌﻠﻮﻣﺎﺕ ﺭﺉﻴﺴﻲ )‪ (CISO‬ﻟﻺﺷﺮﺍﻑ ﻋﻠﻰ ﺃﻣﻦ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﻭﻏﺎﻟﺒﺎً ﻣﺎ ﻳﻜﻮﻥ ﻣﺴﺆﻭﻝ ﺣﻤﺎﻳﺔ ﺑﻴﺎﻧﺎﺕ‬
    ‫ﻣﺨﺼﺼﺎً)‪ ، (DPO‬ﻭﻣﺴﺆﻭﻝ ﺑﻴﺎﻧﺎﺕ ﺭﺉﻴﺴﻲ )‪ ، (CDO‬ﻭ ‪ /‬ﺃﻭ ﻣﺴﺆﻭﻝ ﺧﺼﻮﺻﻴﺔ ﺭﺉﻴﺴﻲ )‪ (CPO‬ﻟﻺﺷﺮﺍﻑ ﻋﻠﻰ‬
    ‫ﺍﻟﺒﻴﺎﻧﺎﺕﻭ ﺟﻮﺍﻧﺐ ﺍﻻﻣﺘﺜﺎﻝ‪ .‬ﻭﺗﺠﺪﺭ ﺍﻹﺷﺎﺭﺓ ﺇﻟﻰ ﺃﻥ ﺍﻷﺩﻭﺍﺭ ﺍﻟﺜﻼﺛﺔ ﺍﻷﺧﻴﺮﺓ ﻏﺎﻟﺒﺎً ﻣﺎ ﺗﻜﻮﻥ ﺧﺎﺭﺝ ﻣﺆﺳﺴﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪.‬ﺗﻌﺘﺒﺮ ﻭﻇﻴﻔﺔ ﻫﺬﻩ ﺍﻷﺩﻭﺍﺭ ﺃﻛﺜﺮ ﺃﻫﻤﻴﺔ ﻣﻦ ﺍﻟﻌﻨﻮﺍﻥ ﺍﻟﻔﻌﻠﻲ ﺣﻴﺚ ﻗﺪ ﺗﺴﺘﺨﺪﻡ ﺍﻟﻤﻨﻈﻤﺎﺕ ﻋﻨﺎﻭﻳﻦ ﻣﺨﺘﻠﻔﺔ ﻭ ‪/‬‬
    ‫ﺃﻭ ﺗﺠﻤﻊ ﺑﻴﻦ ﺍﻷﺩﻭﺍﺭ‪.‬‬

    ‫ﻳﺠﺐﺃﻥ ﺗﻔﻬﻢ ﺇﺩﺍﺭﺓ ﺗﻘﻨﻴﺔ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﻤﻨﻈﻤﺔ ﺍﻟﺘﻲ ﺗﺪﻋﻤﻬﺎ ﻭﻋﻤﻠﻴﺎﺗﻬﺎ ﺍﻟﺤﺎﺳﻤﺔ ﻭﺃﻭﻟﻮﻳﺎﺗﻬﺎ ﻭﺃﻫﺪﺍﻓﻬﺎ‬
    ‫ﺍﻹﺳﺘﺮﺍﺗﻴﺠﻴﺔ‪.‬ﻳﺠﺐ ﺃﻥ ﻳﻨﻈﺮ ﻣﺪﺭﺍء ﺗﻘﻨﻴﺔ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺇﻟﻰ ﺃﻗﺮﺍﻧﻬﻢ ﺍﻟﺘﻨﻈﻴﻤﻴﻴﻦ ﻭﻭﺣﺪﺍﺕ ﺍﻷﻋﻤﺎﻝ ﺫﺍﺕ ﺍﻟﺼﻠﺔ‬
    ‫ﻛﻌﻤﻼءﺃﻭ ﻋﻤﻼء‪ .‬ﻓﻲ ﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺍﻟﻤﺆﺳﺴﺎﺕ ﺍﻟﻜﺒﻴﺮﺓ ‪ ،‬ﺗﺘﺒﻊ ﺗﻘﻨﻴﺔ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻧﻤﻮﺫﺝ "ﺷﺮﺍﻛﺔ" ﻳﺪﻳﺮ ﻓﻴﻪ ﺭﺉﻴﺲ‬
    ‫ﻗﺴﻢﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﻳﺸﺮﻑ ﻋﻠﻰ ﻣﺼﺎﺩﺭ ﻣﺘﻌﺪﺩﺓ ﻟﻤﻘﺪﻣﻲ ﺍﻟﺨﺪﻣﺎﺕ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﻭﺍﻟﺨﺎﺭﺟﻴﻴﻦ ﺍﻟﺬﻳﻦ ﻳﺘُﻮﻗﻊ ﻣﻨﻬﻢ‬
    ‫ﺗﻘﺪﻳﻢﺗﺠﺮﺑﺔ ﺳﻠﺴﺔ ﻟﻠﻤﺆﺳﺴﺔ‪.‬‬

    ‫ﻣﺜﻞﺃﻱ ﻋﻤﻞ ﺗﺠﺎﺭﻱ ‪ ،‬ﻳﺠﺐ ﺗﻘﺪﻳﻢ ﺧﺪﻣﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬


    ‫ﺍﻻﺳﺘﻌﺎﻧﺔﺑﻤﺼﺎﺩﺭ ﺧﺎﺭﺟﻴﺔ ﻟﻌﻨﺎﺻﺮ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻓﻲ‬ ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﻓﻲ ﺍﻟﻮﻗﺖ ﺍﻟﻤﻨﺎﺳﺐ ﻭﺑﺸﻜﻞ ﻣﻮﺛﻮﻕ ﻭﺁﻣﻦ‬
    ‫ﺍﻟﺴﺤﺎﺑﺔ‬ ‫ﻭﻭﻓﻘﺎًﻟﻠﻤﺘﻄﻠﺒﺎﺕ ﺍﻟﻘﺎﻧﻮﻧﻴﺔ ﻭﺍﻟﺘﻨﻈﻴﻤﻴﺔ‪ .‬ﻳﺠﺐ ﻋﻠﻰ‬
    ‫ﺗﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺃﻳﻀﺎً ﺣﻤﺎﻳﺔ ﺃﺻﻮﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ‬
    ‫ﺃﺻﺒﺢﺍﻻﺳﺘﻌﺎﻧﺔ ﺑﻤﺼﺎﺩﺭ ﺧﺎﺭﺟﻴﺔ ﻟﻌﻨﺎﺻﺮ‬ ‫ﻭﺍﻟﻤﻌﻠﻮﻣﺎﺕﻣﻦ ﺍﻧﺘﻬﺎﻛﺎﺕ ﺍﻟﺴﺮﻳﺔ ﻭﺍﻟﻨﺰﺍﻫﺔ ﻭﺍﻟﺘﻮﺍﻓﺮ‪.‬‬
    ‫ﺗﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺇﻟﻰ ﺃﻃﺮﺍﻑ ﺧﺎﺭﺟﻴﺔ ﻭ ‪/‬‬ ‫ﻳﻤﻜﻦﺃﻥ ﻳﻤﺜﻞ ﻫﺬﺍ ﺗﺤﺪﻳﺎً ﻷﻥ ﻣﻌﻈﻢ ﻓﺮﻕ ﺗﻘﻨﻴﺔ‬
    ‫ﺃﻭ ﺍﺳﺘﺨﺪﺍﻡ "ﺍﻟﺴﺤﺎﺑﺔ" ﺃﻣﺮﺍً ﺷﺎﺉﻌﺎً ﺍﻵﻥ ‪،‬‬ ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﺗﺪﻋﻢ ﺍﻷﺟﻬﺰﺓ ﻭﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﺪﺍﺧﻠﻴﺔ ﺑﺎﻹﺿﺎﻓﺔ‬
    ‫ﻣﻊﻭﺟﻮﺩ ﻧﻤﺎﺫﺝ ﻭﻣﺠﻤﻮﻋﺎﺕ ﻣﺨﺘﻠﻔﺔ‬ ‫ﺇﻟﻰﺍﻟﺘﻨﺴﻴﻖ ﻣﻊ ﻣﻮﻓﺮﻱ ﺍﻟﺨﺪﻣﺎﺕ ﺍﻟﺨﺎﺭﺟﻴﻴﻦ ﺃﻭ‬
    ‫ﻟﻼﺧﺘﻴﺎﺭﻣﻦ ﺑﻴﻨﻬﺎ‪ .‬ﺗﺸﻤﻞ ﺍﻟﺨﺪﻣﺎﺕ‬ ‫ﺍﻟﺨﺎﺭﺟﻴﻴﻦ)ﺑﻤﺎ ﻓﻲ ﺫﻟﻚ ﻣﻮﻓﺮﻭ "ﺍﻟﺴﺤﺎﺑﺔ"(‬
    ‫ﺍﻟﻨﻤﻮﺫﺟﻴﺔﺍﻟﺘﻲ ﻳﺘﻢ ﺍﻻﺳﺘﻌﺎﻧﺔ ﺑﻤﺼﺎﺩﺭ‬
    ‫ﻭﺍﻟﻤﺴﺘﺸﺎﺭﻭﻥ‪.‬‬
    ‫ﺧﺎﺭﺟﻴﺔﻟﻬﺎ ﻛﻠﻴﺎً ﺃﻭ ﺟﺰﺉﻴﺎً ﻣﺎ ﻳﻠﻲ‪) SaaS :‬‬
    ‫ﺑﺮﻧﺎﻣﺞﻛﺨﺪﻣﺔ( ‪ ،‬ﻭ ‪) PaaS‬ﺍﻟﻨﻈﺎﻡ ﺍﻷﺳﺎﺳﻲ‬
    ‫ﻗﺪﻳﻜﻮﻥ ﻗﺮﺍﺭ ﺃﺩﺍء ﻭﺍﺟﺒﺎﺕ ﺩﺍﺧﻠﻴﺔ ﺑﺪﻻ ًﻣﻦ ﺍﻻﺳﺘﻌﺎﻧﺔ‬
    ‫ﻛﺨﺪﻣﺔ( ‪ ،‬ﻭ ‪) IaaS‬ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﻛﺨﺪﻣﺔ(‪.‬‬
    ‫ﺑﻤﺼﺎﺩﺭﺧﺎﺭﺟﻴﺔ ﻣﺴﺄﻟﺔ ﺗﺘﻌﻠﻖ ﺑﺎﺳﺘﺮﺍﺗﻴﺠﻴﺔ ﺍﻟﻤﺆﺳﺴﺔ )‬
    ‫ﻳﺘﻮﻓﺮﻣﺰﻳﺪ ﻣﻦ ﺍﻟﺘﻔﺎﺻﻴﻞ ﺣﻮﻝ ﻭﻇﺎﺉﻒ‬
    ‫ﻋﻠﻰﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﺣﻤﺎﻳﺔ ﺍﻟﻤﻠﻜﻴﺔ ﺍﻟﻔﻜﺮﻳﺔ ‪ ،‬ﺃﻭ ﺍﻟﺤﻔﺎﻅ‬
    ‫ﻭﺧﺼﺎﺉﺺﻧﻤﺎﺫﺝ ﺍﻟﺨﺪﻣﺔ ﻫﺬﻩ ﻓﻲ ﻗﺴﻢ "‬
    ‫ﺷﺒﻜﺔﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ" ﻓﻲ ﻫﺬﺍ‬
    ‫ﻋﻠﻰﺍﻟﺴﻴﻄﺮﺓ ﻋﻠﻰ ﺍﻷﻧﺸﻄﺔ ﺍﻷﺳﺎﺳﻴﺔ ‪ ،‬ﺃﻭ ﻭﻓﻮﺭﺍﺕ‬
    ‫ﺍﻟﺪﻟﻴﻞ‪.‬‬ ‫ﺍﻟﺤﺠﻢ( ‪ ،‬ﻭﻣﺘﻄﻠﺒﺎﺕ ﺍﻟﻤﻴﺰﺍﻧﻴﺔ ﻭﺍﻟﻤﻮﻇﻔﻴﻦ ‪ ،‬ﺃﻭ‬
    ‫ﻣﺠﻤﻮﻋﺎﺕﻣﻨﻬﺎ‪.‬‬

    ‫‪7‬‬ ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬ ‫‪www.theiia.org‬‬


    ‫ﻭﻫﺬﺍﻳﻌﺰﺯ ﺍﻟﺤﺎﺟﺔ ﺇﻟﻰ ﺭﺉﻴﺲ ﻗﺴﻢ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻹﺩﺍﺭﺓ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻛﻌﻤﻞ ﺗﺠﺎﺭﻱ ﻭﺍﻟﺘﻨﺎﻓﺲ ﻣﻊ‬
    ‫ﺍﻟﻤﺼﺎﺩﺭﺍﻟﺨﺎﺭﺟﻴﺔ ﺍﻟﻤﺤﺘﻤﻠﺔ ﺍﻷﺧﺮﻯ ﻟﺨﻴﺎﺭﺍﺕ ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ‪.‬‬

    ‫ﻛﺠﺰءﻣﻦ ﺇﺩﺍﺭﺓ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻛﻌﻤﻞ ﺗﺠﺎﺭﻱ ‪ ،‬ﻳﺠﺐ ﻋﻠﻰ ﻣﺆﺳﺴﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺇﺩﺍﺭﺓ ﺍﺗﻔﺎﻗﻴﺎﺕ‬
    ‫ﻣﺴﺘﻮﻯﺍﻟﺨﺪﻣﺔ )‪ (SLAs‬ﻭﺍﻟﺤﻔﺎﻅ ﻋﻠﻴﻬﺎ ‪ ،‬ﻭﺗﻮﻓﻴﺮ ﻭﻣﺮﺍﻗﺒﺔ ﻣﺆﺷﺮﺍﺕ ﺍﻷﺩﺍء ﺍﻟﺮﺉﻴﺴﻴﺔ )‪ (KPIs‬ﻭﻣﺆﺷﺮﺍﺕ ﺍﻟﻤﺨﺎﻃﺮ‬
    ‫ﺍﻟﺮﺉﻴﺴﻴﺔ)‪ ، (KRIs‬ﻭﺍﻻﺣﺘﻔﺎﻅ ﺑﻤﺪﻳﺮﻱ ﺍﻟﻌﻼﻗﺎﺕ ﻹﺩﺍﺭﺓ ﺍﻟﺨﺪﻣﺎﺕ ﺍﻟﻤﻘﺪﻣﺔ ﺩﺍﺧﻠﻴﺎً ‪ ،‬ﺧﺎﺭﺟﻴﺎً ‪ ،‬ﻭﻟﻠﻤﺆﺳﺴﺔ ﻛﻌﻤﻴﻞ‪.‬‬

    ‫ﻣﻦﻣﻨﻈﻮﺭ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ‪ ،‬ﻛﻴﻒ ﻳﺘﻢ ﺗﻘﺪﻳﻢ ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﻓﻲ ﺍﻟﻤﻨﻈﻤﺔ ‪ ،‬ﻭﻣﻦ ﻗﺒﻞ ﻣﻦ ‪ ،‬ﻭﻟﻤﻦ ﻳﺠﺐ ﻓﻬﻤﻪ‬
    ‫ﻟﺘﻘﻴﻴﻢﻣﻌﻈﻢ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺃﻭ ﺍﻟﻮﻇﺎﺉﻒ ﺃﻭ ﺍﻷﻧﻈﻤﺔ ﺃﻭ ﺍﻟﻤﺸﺎﺭﻳﻊ‪ .‬ﺣﺘﻰ ﺍﻟﺘﻘﻴﻴﻤﺎﺕ ﺍﻻﺳﺘﺮﺍﺗﻴﺠﻴﺔ ﺳﺘﺘﻄﻠﺐ ﻓﻬﻤﺎ ً‬
    ‫ﺟﻴﺪﺍ ًﻟﻠﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﺘﻲ ﺗﺪﻋﻢ ﺍﺗﺠﺎﻩ ﺃﻋﻤﺎﻝ ﺍﻟﻤﻨﻈﻤﺔ‪.‬‬

    ‫ﺍﻹﺷﺮﺍﻑﻋﻠﻰ ﺍﻟﻌﻤﻠﻴﺎﺕ‪ :‬ﺗﻘﺪﻳﻢ ﺧﺪﻣﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺇﺩﺍﺭﺓ ﻣﺤﻔﻈﺔ ﺍﻟﻤﺸﺎﺭﻳﻊ‬

    ‫ﺗﻘﺪﻡﻭﻇﻴﻔﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﻌﻤﻠﻴﺎﺕ ﻭﺍﻟﺨﺪﻣﺎﺕ ﻟﻠﻤﺆﺳﺴﺔ ﻣﻦ ﺧﻼﻝ ﻋﻤﻠﻴﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ )‬
    ‫ﺩﻋﻢﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺘﺠﺎﺭﻳﺔ( ‪ ،‬ﻭﺗﻄﻮﻳﺮ ﺍﻟﻨﻈﺎﻡ ‪ ،‬ﻭﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﻭﺃﻣﻦ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ )‪ .(IS‬ﻳﻌﺪ‬
    ‫ﺍﻹﺷﺮﺍﻑﻋﻠﻰ ﺗﻘﺪﻳﻢ ﻫﺬﻩ ﺍﻟﻌﻤﻠﻴﺎﺕ ﻭﺍﻟﺨﺪﻣﺎﺕ ﺑﺎﻟﺘﻌﺎﻭﻥ ﻣﻊ ﺇﺩﺍﺭﺓ ﻏﻴﺮ ﻣﺘﻌﻠﻘﺔ ﺑﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺃﻣﺮﺍً‬
    ‫ﺿﺮﻭﺭﻳﺎً‪.‬ﺗﻮﻓﺮ ﺣﻮﻛﻤﺔ ﺗﻘﻨﻴﺔ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻻﺳﺘﺮﺍﺗﻴﺠﻴﺎﺕ ﻭﺍﻵﻟﻴﺎﺕ ﻭﺍﻟﻘﻴﺎﺳﺎﺕ ﻟﺘﻘﺪﻳﻢ ﻗﻴﻤﺔ ﺍﻷﻋﻤﺎﻝ ‪ ،‬ﻭﺗﻌﺰﺯ‬
    ‫ﺍﻟﺸﺮﺍﻛﺔﻣﻊ ﺍﻟﻤﺆﺳﺴﺔ ‪ ،‬ﻭﺗﺴﺎﻋﺪ ﻋﻠﻰ ﺿﻤﺎﻥ ﺇﻧﺸﺎء ﻭﻣﺮﺍﻗﺒﺔ ﺍﻷﻫﺪﺍﻑ ﺍﻟﻤﺸﺘﺮﻛﺔ‪.‬‬

    ‫ﺑﺎﻹﺿﺎﻓﺔﺇﻟﻰ ﺗﻘﺪﻳﻢ ﻋﻤﻠﻴﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻷﺳﺎﺳﻴﺔ ﻭﺍﻟﺨﺪﻣﺎﺕ ﻭﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﻓﺈﻥ‬
    ‫ﺗﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺗﺪﻳﺮ ﻭﺗﻘﺪﻡ ﻣﺠﻤﻮﻋﺔ ﻣﻦ ﺍﻟﻤﺸﺎﺭﻳﻊ ﻟﺪﻋﻢ ﺍﻟﻤﻨﻈﻤﺔ )ﺃﻱ ﺗﻄﻮﻳﺮ ﺍﻟﺒﺮﻣﺠﻴﺎﺕ ﺃﻭ ﺍﻻﺳﺘﺤﻮﺍﺫ ﻋﻠﻴﻬﺎ( ﺃﻭ‬
    ‫ﻟﺪﻋﻢﺍﻻﺗﺠﺎﻩ ﺍﻟﻌﺎﻡ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ )ﺃﻱ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﺃﻭ ﺍﻟﺘﺼﻤﻴﻢ ﺍﻟﻤﻌﻤﺎﺭﻱ( ﺍﻟﻤﺸﺎﺭﻳﻊ(‪ .‬ﻳﻤﺜﻞ ﺗﺴﻠﻴﻢ‬
    ‫ﺍﻟﻤﺸﺎﺭﻳﻊﻓﻲ ﺍﻟﻮﻗﺖ ﺍﻟﻤﺤﺪﺩ ﻭﺿﻤﻦ ﺍﻟﻨﻄﺎﻕ ﻭﺍﻟﻤﻴﺰﺍﻧﻴﺔ ﺗﺤﺪﻳﺎً ﻛﺒﻴﺮﺍً ﻟﻜﻞ ﻣﻦ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﻭﻇﻴﻔﺔ ﺍﻟﻌﻤﻞ‪.‬‬

    ‫ﻳﺤﺪﺩﺍﻹﺷﺮﺍﻑ ﻋﻠﻰ ﺍﻟﻌﻤﻠﻴﺔ ﺍﻟﻤﺴﺎءﻟﺔ ﻭﻳﺴﺎﻋﺪ ﻋﻠﻰ ﺿﻤﺎﻥ ﺗﻠﺒﻴﺔ ﺍﻟﻨﻮﺍﺗﺞ ﻻﺣﺘﻴﺎﺟﺎﺕ ﻛﻞ ﻣﻦ ﺍﻟﻤﺆﺳﺴﺔ ﻭﺍﻟﻌﻤﻴﻞ‪.‬‬

    ‫ﺍﻟﻤﺮﺍﻗﺒﺔﺍﻟﻤﺴﺘﻤﺮﺓ‪ :‬ﺍﺣﺘﻴﺎﺟﺎﺕ ‪ /‬ﺃﻧﺸﻄﺔ ﺍﻟﺠﻮﺩﺓ ﻭﺍﻻﻣﺘﺜﺎﻝ‬


    ‫ﻳﺠﺐﺃﻥ ﺗﺮﺍﻗﺐ ﺇﺩﺍﺭﺓ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺗﻀﻤﻦ ﺗﻘﺪﻳﻢ ﺍﻟﻤﺴﺘﻮﻯ ﺍﻟﻤﻨﺎﺳﺐ ﻣﻦ ﺍﻟﺠﻮﺩﺓ ﻟﻌﻤﻼﺉﻬﺎ‬
    ‫ﻭﻟﻠﻤﻨﻈﻤﺔ‪.‬ﻭﻫﺬﺍ ﻻ ﻳﺸﻤﻞ ﻓﻘﻂ ﺗﺼﻤﻴﻢ ﻭﺗﺴﻠﻴﻢ ﻭﺗﻨﻔﻴﺬ ﺍﻟﺨﺪﻣﺎﺕ ﺍﻟﺘﻲ ﺗﻔﻲ ﺑﺎﻻﻣﺘﺜﺎﻝ ﺍﻟﺘﻨﻈﻴﻤﻲ ﻭﺍﻟﻘﺎﻧﻮﻧﻲ ‪،‬‬
    ‫ﻭﻟﻜﻦﺃﻳﻀﺎً ﺿﻤﺎﻥ ﺍﻟﻤﺘﻄﻠﺒﺎﺕ ﺍﻟﺘﺸﻐﻴﻠﻴﺔ ﺍﻟﻤﺴﺘﻤﺮﺓ‪.‬‬

    ‫ﻳﺠﺐﺃﻥ ﺗﺮﺍﻗﺐ ﺇﺩﺍﺭﺓ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺗﻘﺪﻳﻢ ﺍﺣﺘﻴﺎﺟﺎﺕ ﺍﻟﺠﻮﺩﺓ ﻭﺍﻻﻣﺘﺜﺎﻝ ﻋﻠﻰ ﺃﺳﺎﺱ ﺷﺎﻣﻞ ﻭﺗﻀﻤﻦ‬
    ‫ﺍﻟﺘﺤﺴﻴﻦﺍﻟﻤﺴﺘﻤﺮ ﻭﺍﻟﻤﺮﻭﻧﺔ ﻣﻊ ﺗﻐﻴﺮ ﻣﺘﻄﻠﺒﺎﺕ ﺍﻟﻌﻤﻞ‪ .‬ﻓﻲ ﺣﻴﻦ ﻳﺠﺐ ﺩﻣﺞ ﺍﻟﺠﻮﺩﺓ ﻭﺍﻻﻣﺘﺜﺎﻝ ﻓﻲ ﺟﻤﻴﻊ ﻋﻤﻠﻴﺎﺕ‬
    ‫ﻭﻣﺸﺎﺭﻳﻊﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﻳﺠﺐ ﻣﺮﺍﻗﺒﺔ ﻛﻠﻴﻬﻤﺎ ﻋﺒﺮ ﻣﺆﺳﺴﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺑﺎﻟﺸﺮﺍﻛﺔ ﻣﻊ‬
    ‫ﺗﻮﻗﻌﺎﺕﻣﺴﺘﻮﻯ ﺧﺪﻣﺔ ﺍﻷﻋﻤﺎﻝ‪.‬‬

    ‫‪8‬‬ ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬ ‫‪www.theiia.org‬‬


    ‫ﻳﻌﺪﺭﺻﺪ ﺟﻮﺩﺓ ﻭﻣﻮﺛﻮﻗﻴﺔ ﺍﻟﺨﺪﻣﺎﺕ ﺃﻣﺮﺍً ﺿﺮﻭﺭﻳﺎً ﺣﺘﻰ ﺗﻀﻤﻦ ﺍﻹﺩﺍﺭﺓ ﺃﻥ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺗﺪﺍﺭ ﻭﻓﻘﺎً ﻟﺘﻮﻗﻌﺎﺕﺳﺒﻮﺭﺓ‬
    ‫ﻭﺍﻟﻘﻴﺎﺩﺓﺍﻟﻌﻠﻴﺎ‪ .‬ﻻ ﻳﻤﻜﻦ ﺗﻘﺪﻳﻢ ﻫﺬﺍ ﺍﻟﺘﺄﻛﻴﺪ ﺩﻭﻥ ﺍﻟﻤﺮﺍﻗﺒﺔ ﺍﻟﻤﺴﺘﻤﺮﺓ ﻭﺍﻟﺤﻞ ﻓﻲ ﺍﻟﻮﻗﺖ ﺍﻟﻤﻨﺎﺳﺐ ﻟﻠﺜﻐﺮﺍﺕ‬
    ‫ﺍﻟﺘﺸﻐﻴﻠﻴﺔﻭﺍﻟﺮﻗﺎﺑﻴﺔ‪.‬‬

    ‫ﺍﻟﺘﺤﺪﻳﺎﺕﻭﺍﻟﻤﺨﺎﻃﺮ ﻟﺤﻮﻛﻤﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﻋﻼﻗﺔ ﺍﻷﻋﻤﺎﻝ ﻭﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬


    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬

    ‫ﺗﺘﻄﻠﺐﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻋﻠﻰ ﻧﻄﺎﻕ ﻭﺍﺳﻊﺍﻟﺤﻜﻢ‪ ،‬ﻭﺍﻟﻤﻮﺍءﻣﺔ ﻣﻊ ﺍﻟﻤﻨﻈﻤﺔ ‪ ،‬ﻭﺍﻟﺤﺎﺟﺔ ﺇﻟﻰ ﺃﻥ ﺗﻜﻮﻥ ﻓﻌﺎﻟﺔ‬
    ‫ﻭﻣﻮﺛﻮﻗﺔﻭﻓﻲ ﺍﻟﻮﻗﺖ ﺍﻟﻤﻨﺎﺳﺐ ﻓﻲ ﺗﻘﺪﻳﻢ ﺧﺪﻣﺎﺕ ﻓﻌﺎﻟﺔ ﻟﻌﻤﻼﺉﻬﺎ‪ .‬ﻳﺠﺐ ﺃﻥ ﻳﻔﻬﻢ ﺍﻟﻤﺪﻗﻘﻮﻥ ﺍﻟﺪﺍﺧﻠﻴﻮﻥ ﺃﻥ‬
    ‫ﺍﻟﻌﺪﻳﺪﻣﻦ ﺗﺤﺪﻳﺎﺕ ﻭﻣﺨﺎﻃﺮ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺗﺒﺪﺃ ﻋﻠﻰ ﻣﺴﺘﻮﻯ ﺍﻟﺤﻮﻛﻤﺔ ﻭﺍﻻﺳﺘﺮﺍﺗﻴﺠﻴﺔ ‪ ،‬ﻳﻠﻴﻬﺎ ﺗﻘﺪﻳﻢ‬
    ‫ﻭﻣﺮﺍﻗﺒﺔﻓﻌﺎﻟﺔ ﻭﺗﻨﺎﻓﺴﻴﺔ ﻟﻠﺨﺪﻣﺔ ﻭﻣﺴﺘﻮﻳﺎﺕ ﺍﻟﺠﻮﺩﺓ‪ .‬ﻳﺠﺐ ﺃﻥ ﻳﻜﻮﻥ ﻟﺪﻯ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﺃﻳﻀﺎً ﻓﻬﻢ‬
    ‫ﺃﺳﺎﺳﻲﻟﻠﺘﺤﺪﻳﺎﺕ ﻭﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﺸﺎﺉﻌﺔ ﻓﻲ ﻣﺠﺎﻝ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻋﻨﺪ ﺗﻘﻴﻴﻢ ﺃﻭ ﺗﻘﻴﻴﻢ ﺃﻭ ﻣﺮﺍﺟﻌﺔ ﺣﻮﻛﻤﺔ‬
    ‫ﺗﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺍﻟﻌﻼﻗﺎﺕ ﺍﻟﺘﺠﺎﺭﻳﺔ ‪ ،‬ﻭﺍﻟﺘﻲ ﻳﻤﻜﻦ ﺃﻥ ﺗﺸﻤﻞ ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ﻻ ﺍﻟﺤﺼﺮ‪:‬‬

    ‫ﺍﺳﺘﺮﺍﺗﻴﺠﻴﺔﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺍﺗﺠﺎﻫﻬﺎ ﻏﻴﺮ ﻣﺘﻮﺍﻓﻘﻴﻦ ﻣﻊ ﺍﺳﺘﺮﺍﺗﻴﺠﻴﺔ ﺍﻟﻌﻤﻞ ﺃﻭ ﺍﻟﻤﻨﻈﻤﺔ‪ .‬ﻓﻲ‬ ‫‪-‬‬
    ‫ﻛﺜﻴﺮﻣﻦ ﺍﻷﺣﻴﺎﻥ ‪ ،‬ﻳﺘﻢ ﺗﺼﻤﻴﻢ ﺧﺎﺭﻃﺔ ﻃﺮﻳﻖ ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﻟﺘﺤﺴﻴﻦ ﻧﻤﻮﺫﺝ ﺍﻷﻋﻤﺎﻝ ﻭﺍﻟﻌﻤﻠﻴﺎﺕ‬
    ‫ﺍﻟﺤﺎﻟﻴﺔﺃﻭ ﺗﺮﻛﺰ ﻋﻠﻰ ﻣﺒﺎﺩﺭﺍﺕ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﻭﻟﻜﻦ ﻟﻴﺲ ﻟﺘﻤﻜﻴﻦ ﺃﻭ‬
    ‫ﺍﺳﺘﻴﻌﺎﺏﺃﻫﺪﺍﻑ ﺃﻭ ﻧﻤﺎﺫﺝ ﺍﻷﻋﻤﺎﻝ ﺍﻟﻤﺴﺘﻘﺒﻠﻴﺔ ﺍﻟﻤﺤﺘﻤﻠﺔ‪ .‬ﺇﺫﺍ ﺗﻢ ﺗﺠﺎﻫﻞ ﺍﻟﻘﺪﺭﺓ ﻋﻠﻰ ﺍﻟﺘﻜﻴﻒ‬
    ‫ﻭﺍﻟﻤﺮﻭﻧﺔ ‪،‬ﻓﻘﺪ ﻳﺘﻢ ﺇﻋﺎﻗﺔ ﺍﻟﻘﺪﺭﺓ ﺍﻟﺘﻨﺎﻓﺴﻴﺔ ﻭﺍﻻﺑﺘﻜﺎﺭ‪.‬‬
    ‫ﻻﺗﺘﻤﺘﻊ ﻗﻴﺎﺩﺓ ﺗﻘﻨﻴﺔ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ "ﺑﻤﻘﻌﺪ ﻋﻠﻰ ﺍﻟﻄﺎﻭﻟﺔ" ﻋﻨﺪ ﺗﻄﻮﻳﺮ ﺇﺳﺘﺮﺍﺗﻴﺠﻴﺔ ﺍﻟﻌﻤﻞ ‪ ،‬ﺃﻭ ﺃﻧﻬﺎ ﻟﻴﺴﺖ‬ ‫‪-‬‬
    ‫ﺟﺰءﺍًﻣﻦ ﻋﻤﻠﻴﺔ ﺻﻨﻊ ﺍﻟﻘﺮﺍﺭ ﺑﺸﺄﻥ ﺍﺗﺠﺎﻩ ﺍﻷﻋﻤﺎﻝ ﻭﺍﻟﺨﻴﺎﺭﺍﺕ ﻗﻴﺪ ﺍﻟﺪﺭﺍﺳﺔ‪.‬ﻗﺪ ﻳﺘﻢ ﺍﺳﺘﺒﻌﺎﺩ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﻓﻲ ﺗﻄﻮﻳﺮ ﺍﺳﺘﺮﺍﺗﻴﺠﻴﺔ ﺍﻷﻋﻤﺎﻝ‪ .‬ﻗﺪ ﻳﺆﺩﻱ ﺍﻟﻔﺸﻞ ﻓﻲ ﺇﺷﺮﺍﻙ ﺃﻣﻦ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﻓﻲ ﻭﻗﺖ ﻣﺒﻜﺮ ﻓﻲ ﻣﺮﺍﺣﻞ ﺍﻟﺘﺨﻄﻴﻂ ﺇﻟﻰ ﺯﻳﺎﺩﺓ ﻣﺨﺎﻃﺮ ﺍﻟﻌﻮﺍﻗﺐ ﺍﻟﺴﻠﺒﻴﺔ ‪ ،‬ﻣﺜﻞ ﺍﻟﺘﻜﺎﻟﻴﻒ‬
    ‫ﺍﻹﺿﺎﻓﻴﺔ ‪،‬ﻭﺍﻷﺩﺍء ﺍﻟﻤﻨﺨﻔﺾ ‪ ،‬ﻭﺍﻟﻐﺮﺍﻣﺎﺕ ﻭﺍﻟﻌﻘﻮﺑﺎﺕ ﺍﻟﺘﻨﻈﻴﻤﻴﺔ ‪ ،‬ﻭﺣﺘﻰ ﺍﻟﺘﻬﺪﻳﺪ ﺍﻟﻤﺘﺰﺍﻳﺪ ﺑﺎﻟﺘﻌﺮﺽ‬
    ‫ﻟﻠﺒﻴﺎﻧﺎﺕ ‪ /‬ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻏﻴﺮ ﺍﻟﻤﻨﺎﺳﺒﺔ‪.‬‬

    ‫ﺍﺳﺘﺨﺪﺍﻡ"ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﻤﺎﺭﻗﺔ"‪.‬ﻳﺤﺪﺙ ﻣﻔﻬﻮﻡ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﻤﺎﺭﻗﺔ ‪ ،‬ﻭﺍﻟﻤﻌﺮﻭﻑ ﺃﻳﻀﺎً ﺑﺎﺳﻢ‬ ‫‪-‬‬
    ‫"‪ ، "shadow IT‬ﻋﻨﺪﻣﺎ ﻳﺴﺘﺨﺪﻡ ﺃﻱ ﺷﺨﺺ ﻓﻲ ﺍﻟﻤﺆﺳﺴﺔ ﺗﻘﻨﻴﺔ ﻏﻴﺮ ﻣﻌﺎﻗﺒﺔ ﺃﻭ ﺣﺘﻰ ﻣﻌﺮﻭﻓﺔ ﻟﺘﻘﻨﻴﺔ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪.‬ﻳﻌﺪ ﻫﺬﺍ ﻣﺨﺎﻃﺮﺓ ﻛﺒﻴﺮﺓ ﻋﻨﺪﻣﺎ ﻳﻜﻮﻥ ﻟﺪﻯ ﺍﻟﻤﺆﺳﺴﺔ ﻋﺪﺓ ﻭﺣﺪﺍﺕ ﻋﻤﻞ ﺃﻭ ﻣﻮﺍﻗﻊ ﺃﻭ ﻓﺮﻭﻉ ﺟﺎﻣﻌﻴﺔ ﺃﻭ‬
    ‫ﺷﺮﻛﺎﺕﻓﺮﻋﻴﺔ‪.‬‬

    ‫ﻗﺪﺗﺘﻀﻤﻦ ﺍﻷﻣﺜﻠﺔ ﺍﻟﺸﺎﺉﻌﺔ ﺷﺮﺍء ﻭﺣﺪﺓ ﺍﻷﻋﻤﺎﻝ ﻭ ‪ /‬ﺃﻭ ﺍﺳﺘﺨﺪﺍﻡ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺃﻭ ﺍﻟﺒﺮﺍﻣﺞ )ﻋﻠﻰ ﺳﺒﻴﻞ‬
    ‫ﺍﻟﻤﺜﺎﻝ ‪،‬ﻣﺎﻛﺮﻭ ‪ (Excel‬ﺃﻭ ﺍﻷﻧﻈﻤﺔ ﺍﻷﺳﺎﺳﻴﺔ ﺃﻭ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﻛﺨﺪﻣﺔ ﻟﺘﻠﺒﻴﺔ ﺍﺣﺘﻴﺎﺟﺎﺗﻬﻢ ﺍﻟﻤﺘﺼﻮﺭﺓ‬
    ‫ﺑﺸﻜﻞﺃﻓﻀﻞ ﻭﻟﻜﻦ ﻓﺸﻠﻮﺍ ﻓﻲ ﺍﺳﺘﺸﺎﺭﺓ ﻗﻴﺎﺩﺓ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭ ‪ /‬ﺃﻭ ﺍﺗﺒﺎﻉ ﺑﺮﻭﺗﻮﻛﻮﻻﺕ‬
    ‫ﺍﻟﺤﻮﻛﻤﺔﺍﻟﻤﻨﺎﺳﺒﺔ ﻣﺴﺒﻘﺎً ﻟﻠﺸﺮﻭﻉ ﻓﻲ ﺍﻟﺘﻨﻔﻴﺬ‪ .‬ﺳﻮﺍء ﺗﻢ ﺗﺠﻨﺐ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻝ ﺍﻟﻤﻨﺎﺳﺐ ﻋﻤﺪﺍً ﺃﻡ ﻻ ‪،‬‬
    ‫ﻓﻬﺬﺍﻳﺸﻴﺮ ﺇﻟﻰ ﺳﻮء ﺇﺩﺍﺭﺓ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﻋﻼﻗﺔ ﺃﻗﻞ ﻣﻦ ﺍﻷﻣﺜﻞ ﺑﻴﻦ ﻭﻇﻴﻔﺔ ﺍﻟﻌﻤﻞ ﻭﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪.‬ﻳﺠﺐ ﺃﻥ ﺗﻌﻤﻞ ﻭﺣﺪﺍﺕ ﺍﻟﻌﻤﻞ ﺩﺍﺧﻞ ﺍﻟﻤﺆﺳﺴﺔ ﺟﻨﺒﺎً ﺇﻟﻰ ﺟﻨﺐ ﻣﻊ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬
    ‫ﻟﻀﻤﺎﻥﺍﺗﺒﺎﻉ ﺍﻟﻤﻨﻈﻤﺔ ﺑﺄﻛﻤﻠﻬﺎ ﻋﻤﻠﻴﺔ ﺛﺎﺑﺘﺔ ﻟﺘﻘﻴﻴﻢ ﺍﻷﺟﻬﺰﺓ ﻭﺍﻟﺒﺮﺍﻣﺞ ﻭﺇﺩﺧﺎﻟﻬﺎ ﻭﺇﺩﺍﺭﺗﻬﺎ‪.‬‬

    ‫‪9‬‬ ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬ ‫‪www.theiia.org‬‬


    ‫ﺗﺮﻯﺍﻟﻤﻨﻈﻤﺔ ﺃﻥ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺗﺸﻜﻞ ﻋﺎﺉﻘﺎً ﺃﻣﺎﻡ ﺍﺧﺘﻴﺎﺭ ﺃﻓﻀﻞ ﺍﻟﺤﻠﻮﻝ ﺃﻭ ﺗﺤﺴﻴﻦ ﻣﺼﺎﺩﺭ‬ ‫‪-‬‬
    ‫ﺧﺪﻣﺔﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪.‬ﻳﻤﻜﻦ ﺃﻥ ﻳﻤﺜﻞ ﺍﻟﺘﻮﺗﺮ ﺍﻟﻤﺤﺘﻤﻞ ﺑﻴﻦ ﻭﻇﻴﻔﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬
    ‫ﻭﻭﻇﻴﻔﺔﺍﻷﻋﻤﺎﻝ ﻓﻴﻤﺎ ﻳﺘﻌﻠﻖ ﺑﺄﻓﻀﻞ ﻣﺎ ﻳﺘﻢ ﺗﻘﺪﻳﻤﻪ ﺩﺍﺧﻠﻴﺎً ﻣﻘﺎﺑﻞ ﺍﻟﺨﺎﺭﺝ ﺗﺤﺪﻳﺎً ﻛﺒﻴﺮﺍً‪ .‬ﺗﺘﻤﺜﻞ ﺇﺣﺪﻯ‬
    ‫ﻃﺮﻕﺍﻟﺘﻐﻠﺐ ﻋﻠﻰ ﻫﺬﺍ ﺍﻟﺘﺤﺪﻱ ﻓﻲ ﺃﻥ ﺗﺸﻴﺮ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺇﻟﻰ ﺍﻟﺘﻜﻠﻔﺔ ﺃﻭ ﺗﻌﻴﻴﻦ ﺍﻟﺮﺳﻮﻡ ﻭ‬
    ‫‪) ROI‬ﺇﻣﻜﺎﻧﻴﺔ ﺗﻮﻓﻴﺮ ﺍﻟﺘﻜﺎﻟﻴﻒ( ﻟﺨﺪﻣﺎﺗﻬﻢ ﻭﺍﺳﺘﺸﺎﺭﺍﺗﻬﻢ‪ .‬ﺇﻥ ﻣﻨﺢ ﻣﺆﺳﺴﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬
    ‫ﺍﻟﺪﺍﺧﻠﻴﺔﺍﻟﻘﺪﺭﺓ ﻋﻠﻰ ﺇﻛﻤﺎﻝ ﻃﻠﺐ ﻋﺮﺽ )‪ ، (RFP‬ﺗﻤﺎﻣﺎً ﻛﻤﻮﺭﺩ ﺧﺎﺭﺟﻲ ‪ ،‬ﻳﺴﻤﺢ ﻟﻠﻤﺆﺳﺴﺔ ﺑﺈﺟﺮﺍء‬
    ‫ﻣﻘﺎﺭﻧﺔﺟﻨﺒﺎً ﺇﻟﻰ ﺟﻨﺐ ﻻﺧﺘﻴﺎﺭﻫﺎ ﻟﻠﻌﻤﻞ ﻣﻊ ﺣﻞ ﺃﻭ ﺧﺪﻣﺔ ﻣﻮﻓﺮ ﺧﺎﺭﺟﻲ ﻣﻘﺎﺑﻞ ﺍﺧﺘﻴﺎﺭ ﺣﻞ ﺃﻭ ﺧﺪﻣﺔ‬
    ‫ﺩﺍﺧﻠﻴﺔ‪.‬‬

    ‫ﺍﻟﺤﻠﻮﻝﺍﻟﺘﻘﻨﻴﺔ ﺍﻟﻤﺴﺘﺨﺪﻣﺔ ﻣﺘﻘﺎﺩﻣﺔ ﺃﻭ ﺳﻴﺉﺔ ﺍﻟﺼﻴﺎﻧﺔ‪.‬ﻳﻌﺪ ﺿﻤﺎﻥ ﺗﺤﺪﻳﺚ ﺍﻟﺒﺮﺍﻣﺞ ﻭﻣﻜﻮﻧﺎﺕ ﺍﻟﺒﻨﻴﺔ‬ ‫‪-‬‬
    ‫ﺍﻟﺘﺤﺘﻴﺔﻭﺩﻋﻤﻬﺎ ﺃﻣﺮﺍً ﺿﺮﻭﺭﻳﺎً ﻟﻌﻤﻠﻴﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﻤﻮﺛﻮﻗﺔ‪ .‬ﻳﺠﺐ ﺃﻥ ﺗﺘﻌﺎﻭﻥ ﻭﻇﺎﺉﻒ‬
    ‫ﺍﻷﻋﻤﺎﻝﻭﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻹﻧﺸﺎء ﻧﻮﺍﻓﺬ ﺻﻴﺎﻧﺔ ﻛﺎﻓﻴﺔ ﻟﻀﻤﺎﻥ ﺗﻤﻮﻳﻞ ﺍﻟﺘﺤﺪﻳﺜﺎﺕ ﻭﺍﻟﺘﺼﺤﻴﺢ‬
    ‫ﻭﺃﻧﺸﻄﺔﺍﻟﺘﺤﺪﻳﺚ ﺍﻟﻬﺎﻣﺔ ﺍﻷﺧﺮﻯ ﻭﺗﻨﻔﻴﺬﻫﺎ ﻓﻲ ﺍﻟﻮﻗﺖ ﺍﻟﻤﻨﺎﺳﺐ‪ .‬ﻳﻤﻜﻦ ﺃﻥ ﻳﺆﺩﻱ ﺍﻟﻔﺸﻞ ﻓﻲ ﺗﺤﺪﻳﺚ‬
    ‫ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎﺇﻟﻰ "ﺩﻳﻮﻥ ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ"‪ :‬ﻧﻘﺺ ﺍﻻﺳﺘﺜﻤﺎﺭ ﻓﻲ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﺳﻮﺍء ﻣﺎﻟﻴﺎً ﺃﻭ ﻓﻲ‬
    ‫ﺗﺮﻗﻴﺎﺕ ‪،‬ﻣﻤﺎ ﻳﺴﺎﻫﻢ ﻓﻲ ﻋﺪﻡ ﺍﻟﻜﻔﺎءﺓ ﺃﻭ ﺍﻟﻤﺨﺎﻃﺮ )ﺧﺎﺻﺔ ﻓﻴﻤﺎ ﻳﺘﻌﻠﻖ ﺑﺄﻣﻦ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ( ﺃﻭ ﺍﻟﻔﺮﺹ‬
    ‫ﺍﻟﻀﺎﺉﻌﺔﺍﻟﺘﻲ ﻳﻤﻜﻦ ﺃﻥ ﺗﺘﺮﺍﻛﻢ ﺑﻤﺮﻭﺭ ﺍﻟﻮﻗﺖ‪ .‬ﻳﻤﻜﻦ ﺃﻥ ﺗﺆﺩﻱ ﺍﻟﻤﺴﺘﻮﻳﺎﺕ ﻏﻴﺮ ﺍﻟﻤﻌﺘﺮﻑ ﺑﻬﺎ ﻟﻠﺪﻳﻮﻥ‬
    ‫ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺔﺇﻟﻰ ﻗﺮﺍﺭﺍﺕ ﻏﻴﺮ ﻣﺪﺭﻭﺳﺔ ‪ ،‬ﻭﻏﺎﻟﺒﺎً ﻣﺎ ﺗﻜﻮﻥ ﺍﻟﺴﺒﺐ ﺍﻟﺠﺬﺭﻱ ﻟﻠﻘﻀﺎﻳﺎ ﺍﻟﺘﺸﻐﻴﻠﻴﺔ ﺃﻭ‬
    ‫ﺍﻻﺳﺘﺮﺍﺗﻴﺠﻴﺔ‪.‬ﻭﻣﻦ ﺍﻟﻤﻤﻜﻦ ﻗﺒﻮﻝ ﺍﻟﺪﻳﻦ ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻲ ﺃﻭ ﺍﻟﺘﺨﻄﻴﻂ ﻟﻪ ﺃﻭ ﺣﺘﻰ ﺑﻨﺎﺅﻩ ‪ ،‬ﻭﻟﻜﻦ ﻋﻨﺪ ﺍﻟﻘﻴﺎﻡ‬
    ‫ﺑﺬﻟﻚ ‪،‬‬

    ‫ﻋﺪﻡﻭﺿﻮﺡ ﻭ ‪ /‬ﺃﻭ ﻣﻠﻜﻴﺔ ﻣﺨﺎﻃﺮ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﺮﺳﻤﻴﺔ‪.‬ﻗﺪ ﺗﻨﻈﺮ ﺍﻟﻤﻨﻈﻤﺎﺕ ﺇﻟﻰ ﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﻤﺘﻌﻠﻘﺔ ﺑﺘﻜﻨﻮﻟﻮﺟﻴﺎ‬ ‫‪-‬‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﺑﺎﻋﺘﺒﺎﺭﻫﺎ ﻣﺴﺆﻭﻟﻴﺔ ﺭﺉﻴﺲ ﻗﺴﻢ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺃﻭ ﻭﻇﻴﻔﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪ .‬ﻭﻣﻊ ﺫﻟﻚ ‪ ،‬ﻓﺈﻥ ﻣﻌﻈﻢ‬
    ‫ﺍﻟﻤﺨﺎﻃﺮﺍﻟﻤﺘﻌﻠﻘﺔ ﺑﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻣﻤﻠﻮﻛﺔ ﻓﻲ ﺍﻟﻨﻬﺎﻳﺔ ﻭﻳﺠﺐ ﻗﺒﻮﻟﻬﺎ ﻣﻦ ﻗﺒﻞ ﻭﻇﻴﻔﺔ ﺍﻟﻌﻤﻞ ﺍﻟﻤﻨﺎﺳﺒﺔ‪ .‬ﻣﻦ ﺧﻼﻝ‬
    ‫ﺍﻟﻔﻬﻢﺍﻟﺼﺤﻴﺢ ﻟﻤﻦ ﻳﻤﺘﻠﻚ ﻭﻳﺘﺤﻤﻞ ﺍﻟﻤﺴﺆﻭﻟﻴﺔ ﻋﻦ ﺍﻟﻤﺨﺎﻃﺮ ‪ ،‬ﺗﻜﻮﻥ ﻭﻇﻴﻔﺔ ﺍﻟﻌﻤﻞ ﺃﻛﺜﺮ ﻣﻼءﻣﺔ ﻟﺘﻤﻮﻳﻞ ﺟﻬﻮﺩ ﺍﻟﺘﺨﻔﻴﻒ‬
    ‫ﻣﻦﻣﺨﺎﻃﺮ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺍﻟﺸﺮﺍﻛﺔ ﻣﻊ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻓﻲ ﺧﻠﻖ ﺍﻟﻘﻴﻤﺔ ﻭﺗﺤﺴﻴﻦ ﺍﻟﻘﺮﺍﺭﺍﺕ‪.‬‬

    ‫ﺇﺩﺍﺭﺓﺃﻭ ﺇﺩﺍﺭﺓ ﺍﻟﻤﺸﺮﻭﻉ ﻏﻴﺮ ﺍﻟﻔﻌﺎﻟﺔ ﺃﻭ ﻏﻴﺮ ﺍﻟﻔﻌﺎﻟﺔ‪.‬ﻳﺠﺐ ﺇﻛﻤﺎﻝ ﻣﺸﺎﺭﻳﻊ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﻤﻬﻤﺔ‬ ‫‪-‬‬
    ‫ﻟﻸﻋﻤﺎﻝﻓﻲ ﺍﻟﻮﻗﺖ ﺍﻟﻤﺤﺪﺩ ﻭﻓﻲ ﺍﻟﻨﻄﺎﻕ ﻭﻓﻲ ﺣﺪﻭﺩ ﺍﻟﻤﻴﺰﺍﻧﻴﺔ‪ .‬ﺗﻌﺪ ﺇﺩﺍﺭﺓ ﺍﻟﻤﺸﺮﻭﻉ ﺃﻣﺮﺍً ﺑﺎﻟﻎ ﺍﻷﻫﻤﻴﺔ‬
    ‫ﻟﻀﻤﺎﻥﺇﻋﻄﺎء ﺍﻷﻭﻟﻮﻳﺔ ﻟﺠﻤﻴﻊ ﺍﻟﻤﺸﺎﺭﻳﻊ ﺑﺸﻜﻞ ﻣﻨﺎﺳﺐ ﻭﺗﻮﻓﻴﺮ ﺍﻟﻤﻮﺍﺭﺩ ﻟﻬﺎ ‪ ،‬ﻭﺗﺴﻠﻴﻤﻬﺎ ﻓﻲ ﺍﻟﻮﻗﺖ‬
    ‫ﺍﻟﻤﻨﺎﺳﺐﻭﺑﻔﻌﺎﻟﻴﺔ‪ .‬ﺗﺴﺎﻋﺪ ﺇﺩﺍﺭﺓ ﺍﻟﻤﺸﺮﻭﻉ ﻓﻲ ﺿﻤﺎﻥ ﺷﻔﺎﻓﻴﺔ ﺟﻮﺍﻧﺐ ﺍﻟﻤﺸﺮﻭﻉ ﺍﻟﻬﺎﻣﺔ ﻟﺠﻤﻴﻊ‬
    ‫ﺃﺻﺤﺎﺏﺍﻟﻤﺼﻠﺤﺔ ‪ ،‬ﻣﻤﺎ ﻳﻤﻨﺢ ﺍﻟﻤﺴﺆﻭﻟﻴﻦ ﻓﻬﻤﺎ ًﻭﺍﺿﺤﺎ ًﻭﺩﻗﻴﻘﺎ ًﻟﺤﺎﻟﺔ ﺍﻟﻤﺸﺮﻭﻉ ‪ ،‬ﻭﺍﻟﻘﻀﺎﻳﺎ ‪،‬‬
    ‫ﻭﺍﻟﻤﺨﺎﻃﺮ ‪،‬ﻭﺍﻟﺘﺴﻠﻴﻤﺎﺕ‪ .‬ﻭﻫﺬﺍ ﻳﻌﻨﻲ ﺃﻳﻀﺎً ﺃﻥ "ﺯﺣﻒ ﺍﻟﻨﻄﺎﻕ" ‪ ،‬ﺃﻭ ﺍﻟﻤﻴﻞ ﺇﻟﻰ ﺯﻳﺎﺩﺓ ﻣﺘﻄﻠﺒﺎﺕ‬
    ‫ﺍﻟﻤﺸﺮﻭﻉﺑﻤﺮﻭﺭ ﺍﻟﻮﻗﺖ ‪ ،‬ﺗﺘﻢ ﺇﺩﺍﺭﺗﻪ ﺑﺸﻜﻞ ﻓﻌﺎﻝ‪.‬‬

    ‫ﻣﻦﻣﻨﻈﻮﺭ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ‪ ،‬ﻳﻤﻜﻦ ﺃﻥ ﺗﻜﻮﻥ ﺍﻟﻤﺸﺎﺭﻛﺔ ﻓﻲ ﺍﻟﻤﺸﺎﺭﻳﻊ ﺍﻟﺮﺉﻴﺴﻴﺔ ﺑﺄﻛﻤﻠﻬﺎ ‪ -‬ﻣﻦ ﺗﻄﻮﻳﺮ ﺩﺭﺍﺳﺔ‬
    ‫ﺍﻟﺠﺪﻭﻯﺇﻟﻰ ﻣﺮﺍﻗﺒﺔ ﺍﻟﻤﺸﺮﻭﻉ ﻭﺍﻟﺘﺴﻠﻴﻢ ﺍﻟﻨﻬﺎﺉﻲ ‪ -‬ﻋﺎﻣﻼ ًﻫﺎﻣﺎً ﻣﻦ ﻋﻮﺍﻣﻞ ﺍﻟﻨﺠﺎﺡ ﻭﺇﺿﺎﻓﺔ ﻗﻴﻤﺔ‪ .‬ﻭﻣﻊ ﺫﻟﻚ ‪ ،‬ﻋﻨﺪ‬
    ‫ﺍﻟﻤﺸﺎﺭﻛﺔﻓﻲ ﻣﺸﺮﻭﻉ ﻣﻦ ﺍﻟﺒﺪﺍﻳﺔ ﺇﻟﻰ ﺍﻟﻨﻬﺎﻳﺔ ‪ ،‬ﻳﺠﺐ ﺃﻥ ﺗﺤﺎﻓﻆ ﻭﻇﻴﻔﺔ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﻋﻠﻰ ﺗﻮﺍﻓﻘﻬﺎ ﻣﻊ ﺍﻟﻤﻌﻴﺎﺭ‬
    ‫‪ -1100‬ﺍﻻﺳﺘﻘﻼﻝ ﻭﺍﻟﻤﻮﺿﻮﻋﻴﺔ ‪ ،‬ﻣﻊ ﻓﻬﻢ ﺃﻥ ﺍﻹﺩﺍﺭﺓ ﻫﻲ ﺍﻟﻤﺴﺆﻭﻟﺔ ﻓﻲ ﺍﻟﻨﻬﺎﻳﺔ ﻋﻦ ﺍﺗﺨﺎﺫ ﺍﻟﻘﺮﺍﺭ ﻭﺍﻟﺘﺴﻠﻴﻢ‪ .‬ﻳﻨﺺ‬
    ‫ﻫﺬﺍﺍﻟﻤﻌﻴﺎﺭ ﻋﻠﻰ ﺃﻥ "ﻧﺸﺎﻁ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﻳﺠﺐ ﺃﻥ ﻳﻜﻮﻥ ﻣﺴﺘﻘﻼ ً‪ ،‬ﻭﻳﺠﺐ ﺃﻥ ﻳﻜﻮﻥ ﺍﻟﻤﺪﻗﻘﻮﻥ ﺍﻟﺪﺍﺧﻠﻴﻮﻥ‬
    ‫ﻣﻮﺿﻮﻋﻴﻴﻦﻓﻲ ﺃﺩﺍء ﻋﻤﻠﻬﻢ"‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪10‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﺒﻨﻴﺔﺍﻟﺘﺤﺘﻴﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬

    ‫ﺗﺸﻴﺮﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺇﻟﻰ ﺍﻷﺟﻬﺰﺓ ﻭﺍﻟﺒﺮﺍﻣﺞ ﺍﻟﺘﻲ ﺗﺪﻋﻢ ﺇﺩﺍﺭﺓ ﻣﻌﻠﻮﻣﺎﺕ ﻭﺑﻴﺎﻧﺎﺕ ﺍﻟﻤﺆﺳﺴﺔ‪.‬‬
    ‫ﺗﺸﻤﻞﺍﻟﻤﻜﻮﻧﺎﺕ ﺍﻟﺮﺉﻴﺴﻴﺔ ﻟﻠﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻷﺟﻬﺰﺓ ﻭﺍﻟﺒﺮﺍﻣﺞ ﻭﺍﻟﺘﺨﺰﻳﻦ ‪ /‬ﻗﻮﺍﻋﺪ ﺍﻟﺒﻴﺎﻧﺎﺕ‬
    ‫)‪ (DBs‬ﻭﺍﻟﺸﺒﻜﺔ‪ .‬ﻣﻦ ﻭﺟﻬﺔ ﻧﻈﺮ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺆﺳﺴﺔ ‪ ،‬ﻣﻦ ﺍﻟﻤﻬﻢ ﺍﻟﻨﻈﺮ ﺇﻟﻰ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﻛﻜﻞ‬
    ‫ﺑﺎﻹﺿﺎﻓﺔﺇﻟﻰ ﻛﻞ ﻋﻨﺼﺮ ﻛﻤﻜﻮﻥ‪ .‬ﻳﻐﻄﻲ ﻫﺬﺍ ﺍﻟﻘﺴﻢ ﺑﻌﺾ ﻣﻮﺿﻮﻋﺎﺕ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﺍﻟﻤﺘﻌﻤﻘﺔ ﻭﻳﻘﺪﻡ ﻧﻈﺮﺓ ﻋﺎﻣﺔ‬
    ‫ﻋﺎﻟﻴﺔﺍﻟﻤﺴﺘﻮﻯ ﻋﻠﻰ ﺍﻟﻤﻜﻮﻧﺎﺕ ﺍﻟﺮﺉﻴﺴﻴﺔ‪.‬‬

    ‫ﺍﻟﻤﻜﻮﻧﺎﺕﺍﻟﺮﺉﻴﺴﻴﺔ‬

    ‫ﺃﺟﻬﺰﺓﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬

    ‫ﺗﺘﻜﻮﻥﺍﻷﺟﻬﺰﺓ ﻣﻦ ﺍﻟﺨﻮﺍﺩﻡ ﺍﻟﻤﺎﺩﻳﺔ ﻭﺃﺟﻬﺰﺓ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﺍﻟﻤﺮﻛﺰﻳﺔ ﻭﺍﻷﺟﻬﺰﺓ ﺍﻟﻄﺮﻓﻴﺔ ‪ ،‬ﻭﺍﻟﺘﻲ ﺗﻮﺟﺪ ﻋﺎﺩﺓ ًﻓﻲ ﻏﺮﻑ ﺧﻮﺍﺩﻡ‬
    ‫ﺍﻟﻤﺆﺳﺴﺔﺃﻭ ﻣﺮﺍﻛﺰ ﺍﻟﺒﻴﺎﻧﺎﺕ‪ .‬ﻗﺪ ﺗﻜﻮﻥ ﻣﻮﺟﻮﺩﺓ ﻓﻲ ﻣﻜﺎﻥ ﻣﺎ ‪ ،‬ﺃﻭ ﺧﺎﺭﺝ ﺍﻟﻤﻨﺸﺄﺓ ‪ ،‬ﺃﻭ ﺗﻢ ﺍﻻﺳﺘﻌﺎﻧﺔ ﺑﻤﺼﺎﺩﺭ ﺧﺎﺭﺟﻴﺔ ﻟﻄﺮﻑ‬
    ‫ﺛﺎﻟﺚ ‪،‬ﺃﻭ ﻓﻲ ﺍﻟﺴﺤﺎﺑﺔ ‪ ،‬ﺃﻭ ﻣﺰﻳﺞ ﻣﻦ ﻫﺬﻩ‪ .‬ﺗﺸﺘﻤﻞ ﺃﺟﻬﺰﺓ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺃﻳﻀﺎً ﻋﻠﻰ ﺃﺟﻬﺰﺓ ﺍﻟﻤﺴﺘﺨﺪﻡ ﺍﻟﻨﻬﺎﺉﻲ )ﻋﻠﻰ‬
    ‫ﺳﺒﻴﻞﺍﻟﻤﺜﺎﻝ ‪ ،‬ﺃﺟﻬﺰﺓ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﺍﻟﻤﺤﻤﻮﻟﺔ ﻭﺃﺟﻬﺰﺓ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﺍﻟﻤﻜﺘﺒﻴﺔ( ﺍﻟﻤﺴﺘﺨﺪﻣﺔ ﻟﻠﻮﺻﻮﻝ ﺇﻟﻰ ﻣﻌﻠﻮﻣﺎﺕ ﻭﺑﻴﺎﻧﺎﺕ‬
    ‫ﺍﻟﻤﺆﺳﺴﺔﻭﺍﻟﻄﺎﺑﻌﺎﺕ ﻭﻣﻜﻮﻧﺎﺕ ﺍﻟﺸﺒﻜﺔ ﻭﺃﺟﻬﺰﺓ ﺍﻟﺘﺨﺰﻳﻦ ‪ ،‬ﻣﻦ ﺑﻴﻦ ﺃﺷﻴﺎء ﺃﺧﺮﻯ‪ .‬ﻋﺎﺩﺓ ﻣﺎ ﺗﻜﻮﻥ ﺃﺟﻬﺰﺓ ﺍﻟﻤﺆﺳﺴﺔ ﻣﺘﺼﻠﺔ‬
    ‫ﺑﺸﺒﻜﺔﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪.‬‬

    ‫ﺃﻧﻈﻤﺔﺍﻟﺘﺸﻐﻴﻞ )‪(OS‬‬
    ‫ﻧﻈﺎﻡﺍﻟﺘﺸﻐﻴﻞ )‪ (OS‬ﻋﺒﺎﺭﺓ ﻋﻦ ﻣﺠﻤﻮﻋﺔ ﻣﻦ ﺍﻟﺒﺮﺍﻣﺞ )ﻛﻮﺩ ﺍﻟﻤﺼﺪﺭ( ﺍﻟﺘﻲ ﺗﺪﻳﺮ ﻣﻜﻮﻧﺎﺕ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﻭﻋﻤﻠﻴﺎﺕ‬
    ‫ﺍﻟﺤﻮﺳﺒﺔﻟﺘﻘﺪﻳﻢ ﻧﺘﻴﺠﺔ ﻟﻠﻤﺴﺘﺨﺪﻡ‪ .‬ﻳﻮﻓﺮ ﺑﺮﻧﺎﻣﺞ ﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ ﻭﺳﻴﻠﺔ ﻹﺩﺍﺭﺓ ﻣﻮﺍﺭﺩ ﺃﺟﻬﺰﺓ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬
    ‫ﻭﺍﻟﻮﺻﻮﻝﺇﻟﻴﻬﺎ ﻭﻳﻌﻤﻞ ﻛﻮﺍﺟﻬﺔ ﺃﻭ ﻧﻈﺎﻡ ﺃﺳﺎﺳﻲ ﺑﻴﻦ ﺍﻟﻤﺴﺘﺨﺪﻡ ﺍﻟﻨﻬﺎﺉﻲ ﻭﺃﺟﻬﺰﺓ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻋﻠﻰ‬
    ‫ﺍﻟﺸﺒﻜﺔ‪.‬ﺗﺸﻤﻞ ﺑﻌﺾ ﺍﻷﻧﻮﺍﻉ‪:‬‬

    ‫ﺃﻧﻈﻤﺔﺗﺸﻐﻴﻞ ﺍﻟﺨﺎﺩﻡ ‪ ،‬ﺍﻟﻤﺼﻤﻤﺔ ﻟﻤﻌﺎﻟﺠﺔ ﻃﻠﺒﺎﺕ ﺃﺟﻬﺰﺓ ﻛﻤﺒﻴﻮﺗﺮ ﺍﻟﻤﺴﺘﺨﺪﻡ ﺍﻟﻨﻬﺎﺉﻲ ﺍﻟﻤﺘﻌﺪﺩﺓ ﻋﻠﻰ‬ ‫‪-‬‬
    ‫ﺷﺒﻜﺔﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﺨﺎﺻﺔ ﺑﺎﻟﻤﺆﺳﺴﺔ‪ .‬ﺗﺘﻀﻤﻦ ﺍﻷﻣﺜﻠﺔ ‪ IBM AS / 400‬ﺃﻭ ‪Windows Server‬‬
    ‫ﺃﻭ‪.Red Hat Linux‬‬
    ‫ﺃﻧﻈﻤﺔﺗﺸﻐﻴﻞ ﺍﻟﻌﻤﻴﻞ ‪ ،‬ﻭﺍﻟﺘﻲ ﺗﺪﻋﻢ ﺑﺸﻜﻞ ﻋﺎﻡ ﻣﺴﺘﺨﺪﻣﺎً ﻭﺍﺣﺪﺍً ﻭﻣﺼﻤﻤﺔ ﻷﺟﻬﺰﺓ ﺍﻟﻤﺴﺘﺨﺪﻡ ﺍﻟﻨﻬﺎﺉﻲ‪.‬‬ ‫‪-‬‬
    ‫ﺗﺘﻀﻤﻦﺍﻷﻣﺜﻠﺔ ﻧﻈﺎﻣﻲ ﺍﻟﺘﺸﻐﻴﻞ ‪ Windows‬ﻭ ‪ ، Mac OS‬ﻭﻟﻜﻨﻬﺎ ﺗﺸﻤﻞ ﺃﻳﻀﺎً ﺃﻧﻈﻤﺔ ﺍﻟﺘﺸﻐﻴﻞ ﺍﻟﻤﺤﻤﻮﻟﺔ‬
    ‫ﺃﻭﺍﻟﻤﺤﻤﻮﻟﺔ‪.‬‬
    ‫ﺗﺤﺘﻮﻱﺍﻟﺒﺮﺍﻣﺞ ﺍﻟﺜﺎﺑﺘﺔ ‪ ،‬ﻋﻠﻰ ﻋﻜﺲ ﺃﻧﻈﻤﺔ ﺍﻟﺘﺸﻐﻴﻞ ﺍﻟﻘﻴﺎﺳﻴﺔ ‪ ،‬ﻋﻠﻰ ﺭﻣﺰ ﻣﻀﻤﻦ ﻓﻲ ﺍﻟﺠﻬﺎﺯ‪ .‬ﻣﻦ‬ ‫‪-‬‬
    ‫ﺍﻟﺸﺎﺉﻊﺭﺅﻳﺔ ﺍﻟﺒﺮﺍﻣﺞ ﺍﻟﺜﺎﺑﺘﺔ ﻓﻲ ﺍﻷﺟﻬﺰﺓ ﻣﺜﻞ ﺍﻷﺟﻬﺰﺓ ﺍﻟﻤﻨﺰﻟﻴﺔ ﺃﻭ ﺍﻷﺟﻬﺰﺓ ﺍﻟﻄﺒﻴﺔ ﺃﻭ ﺃﺟﻬﺰﺓ ﺍﻟﺘﻮﺟﻴﻪ‬
    ‫ﻣﻔﺘﻮﺣﺔﺍﻟﻤﺼﺪﺭ ﻭﺟﺪﺭﺍﻥ ﺍﻟﺤﻤﺎﻳﺔ‪.‬‬

    ‫ﺑﺮﺍﻣﺞﺍﻟﻤﺆﺳﺴﺎﺕ ﻭﺍﻟﺘﻄﺒﻴﻘﺎﺕ‬
    ‫ﻳﺴﻤﺢﺑﺮﻧﺎﻣﺞ ﺍﻟﻤﺆﺳﺴﺔ ‪ ،‬ﺍﻟﺬﻱ ﻳﻄُﻠﻖ ﻋﻠﻴﻪ ﺃﺣﻴﺎﻧﺎً ﺑﺮﻧﺎﻣﺞ ﺗﺨﻄﻴﻂ ﻣﻮﺍﺭﺩ ﺍﻟﻤﺆﺳﺴﺎﺕ )‪ ، (ERP‬ﻟﻠﻤﺆﺳﺴﺔ ﺑﺎﻟﺘﻘﺎﻁ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﻭﺍﻟﻤﺤﺘﻮﻯ ﺍﻟﺨﺎﺹ ﺑﻌﻤﻠﻴﺎﺕ ﺍﻷﻋﻤﺎﻝ ﺍﻟﻤﺨﺘﻠﻔﺔ ﻭﺗﻮﺻﻴﻠﻬﺎ ﻭﺗﻌﺰﻳﺰ ﻗﺮﺍﺭﺍﺕ ﺍﻹﺩﺍﺭﺓ ﺍﻟﻔﻌﺎﻟﺔ ﻣﻦ ﻗﺒﻞ‬
    ‫ﺍﻟﻤﻨﻈﻤﺔ‪.‬ﺗﺘﻀﻤﻦ ﺍﻟﺒﺮﺍﻣﺞ ﻋﻠﻰ ﻣﺴﺘﻮﻯ ﺍﻟﻤﺆﺳﺴﺔ ‪ SAP‬ﻭ ‪ Oracle ERP‬ﻭ ‪ Microsoft Dynamics‬ﻭ ‪ERP‬‬
    ‫‪ JD Edwards‬ﻭﻏﻴﺮﻫﺎ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪11‬‬ ‫‪www.theiia.org‬‬


    ‫ﺑﺮﻧﺎﻣﺞﺍﻟﺘﻄﺒﻴﻖ ﻫﻮ ﺑﺮﻧﺎﻣﺞ ﺧﺎﺹ ﺑﺤﺎﻟﺔ ﺍﻻﺳﺘﺨﺪﺍﻡ ﻭﻋﺎﺩﺓ ﻣﺎ ﻳﺆﺩﻱ ﻭﻇﻴﻔﺔ ﻭﺍﺣﺪﺓ ﻭﻳﺘﻀﻤﻦ ﺑﺮﺍﻣﺞ ﻣﻌﺎﻟﺠﺔ‬
    ‫ﺍﻟﻜﻠﻤﺎﺕﻭﺟﺪﺍﻭﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﺑﺮﺍﻣﺞ ﻣﻌﺎﻟﺠﺔ ﺍﻟﺮﺳﻮﻣﺎﺕ‪.‬‬

    ‫ﺍﻟﺘﺨﺰﻳﻦﻭﻗﻮﺍﻋﺪ ﺍﻟﺒﻴﺎﻧﺎﺕ‬
    ‫ﺗﺴﻤﺢﻣﺴﺘﻮﺩﻋﺎﺕ ﻣﻌﻠﻮﻣﺎﺕ ﺍﻷﻋﻤﺎﻝ ﺍﻟﺨﺎﺻﺔ ﺑﺎﻟﻤﺆﺳﺴﺔ ﻭﺍﻟﺘﻲ ﺗﺘﻢ ﺇﺩﺍﺭﺗﻬﺎ ﺑﺸﻜﻞ ﻣﺘﻜﺮﺭ ﺑﻮﺍﺳﻄﺔ ﺑﺮﺍﻣﺞ‬
    ‫ﻣﺘﺨﺼﺼﺔﻟﻠﻤﺴﺘﺨﺪﻣﻴﻦ ﻋﻠﻰ ﺍﻟﺸﺒﻜﺔ ﺑﺎﻟﻮﺻﻮﻝ ﺇﻟﻰ ﻣﻌﻠﻮﻣﺎﺕ ﺍﻟﻤﺆﺳﺴﺔ ﻭﺗﻌﺪﻳﻠﻬﺎ ﻭﺇﻟﺤﺎﻗﻬﺎ ﻋﻨﺪ ﺍﻟﻀﺮﻭﺭﺓ‪.‬‬

    ‫ﺷﺒﻜﺔ‬
    ‫ﺍﻟﺸﺒﻜﺔﻋﺒﺎﺭﺓ ﻋﻦ ﻣﻜﻮﻧﻴﻦ ﺃﻭ ﺃﻛﺜﺮ ﻣﻦ ﻣﻜﻮﻧﺎﺕ ﺃﺟﻬﺰﺓ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﻤﺘﺼﻠﺔ ﻷﻏﺮﺍﺽ ﻣﺸﺎﺭﻛﺔ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪.‬‬

    ‫ﺍﻟﺨﻮﺍﺩﻡ‬
    ‫ﺍﻟﺨﺎﺩﻡﻫﻮ ﺑﺮﻧﺎﻣﺞ ﺃﻭ ﺟﻬﺎﺯ ﻛﻤﺒﻴﻮﺗﺮ ﻳﻮﻓﺮ ﻭﻇﺎﺉﻒ ﻟﺒﺮﺍﻣﺞ ﺃﻭ ﺃﺟﻬﺰﺓ ﺃﺧﺮﻯ ﺗﺴﻤﻰ ﺍﻟﻌﻤﻼء‪ .‬ﺗﺸﻤﻞ ﺍﻷﻧﻮﺍﻉ ﺍﻟﻤﺨﺘﻠﻔﺔ‬
    ‫ﻣﻦﺍﻟﺨﻮﺍﺩﻡ ﺧﻮﺍﺩﻡ ﺍﻟﻮﻳﺐ ﻭﺧﻮﺍﺩﻡ ﻗﻮﺍﻋﺪ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﺧﻮﺍﺩﻡ ﺍﻟﻤﻠﻔﺎﺕ ﻭﺧﻮﺍﺩﻡ ﺍﻟﻄﺒﺎﻋﺔ ﻭﺧﻮﺍﺩﻡ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﻏﻴﺮﻫﺎ‪.‬‬
    ‫ﻳﺸﺎﺭﺇﻟﻴﻬﺎ ﺃﻳﻀﺎً ﺑﺎﺳﻢ ﺍﻟﺨﺎﺩﻡ ‪ ،‬ﻭﻫﻲ ﺍﻷﺟﻬﺰﺓ ﺍﻟﻔﻌﻠﻴﺔ )ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﺍﻟﻤﺎﺩﻱ( ‪ ،‬ﻭﺍﻟﺘﻲ ﺗﻌﺪ ﺑﺸﻜﻞ ﻋﺎﻡ ﺟﻬﺎﺯ ﻛﻤﺒﻴﻮﺗﺮ‬
    ‫ﻗﻮﻳﺎًﻣﻊ ﺇﻣﻜﺎﻧﺎﺕ ﻣﻌﺎﻟﺠﺔ ﻛﻤﻴﺎﺕ ﻛﺒﻴﺮﺓ ﻣﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﻏﺎﻟﺒﺎً ﻣﺎ ﺗﻜﻮﻥ ﻣﺨﺼﺼﺔ ﻟﻮﻇﻴﻔﺔ ﻋﻤﻞ ﻣﻌﻴﻨﺔ ‪ ،‬ﻣﺜﻞ ﺍﻟﺒﺮﻳﺪ‬
    ‫ﺍﻹﻟﻜﺘﺮﻭﻧﻲﻟﻠﻤﺆﺳﺴﺔ ﻭﺍﻟﻤﻠﻔﺎﺕ ﻭﺍﻟﺘﻄﺒﻴﻘﺎﺕ ‪ ،‬ﻭ ‪ /‬ﺃﻭ ﻣﻮﻗﻊ ﺍﻟﻮﻳﺐ‪ .‬ﻓﻲ ﺳﻴﺎﻕ ﺍﻷﻋﻤﺎﻝ ﺍﻟﻌﺎﻡ ‪ ،‬ﻗﺪ ﻳﺼﻒ ﺍﻟﺨﺎﺩﻡ‬
    ‫ﺍﻟﺒﺮﻧﺎﻣﺞﺃﻭ ﺍﻟﺠﻬﺎﺯ ‪ ،‬ﻟﻜﻨﻪ ﻋﻠﻰ ﺍﻷﺭﺟﺢ ﻳﺼﻒ ﻣﺰﻳﺠﺎً ﻣﻦ ﺍﻻﺛﻨﻴﻦ ﺣﻴﺚ ﺃﻥ ﻛﻼﻫﻤﺎ ﺿﺮﻭﺭﻱ ﻟﺘﻮﻓﻴﺮ ﺍﻟﻮﻇﺎﺉﻒ‪.‬‬

    ‫ﺃﻧﻈﻤﺔﺗﺸﻐﻴﻞ ﺍﻟﺨﺎﺩﻡ‬
    ‫ﺗﻌﻤﻞﺍﻟﺨﻮﺍﺩﻡ ﺍﻷﻛﺜﺮ ﺷﻴﻮﻋﺎً ﺍﻟﻴﻮﻡ ﺇﻣﺎ ﻋﻠﻰ ﺗﺸﻐﻴﻞ ﻧﻈﺎﻡ ﺗﺸﻐﻴﻞ ‪ Windows‬ﺍﻟﺨﺎﺹ ﺑﺸﺮﻛﺔ ‪ ، Microsoft‬ﺃﻭ ‪/ 400‬‬
    ‫‪ ، IBM AS‬ﺃﻭ ‪ ، Linux‬ﻭﻫﻮ ﻧﻈﺎﻡ ﺗﺸﻐﻴﻞ ﻣﻔﺘﻮﺡ ﺍﻟﻤﺼﺪﺭ ﻗﺎﺑﻞ ﻟﻠﺘﻌﺪﻳﻞ‪.‬‬

    ‫ﻳﺼﻒﺍﻟﺸﻜﻞ ‪ 2‬ﺍﻟﺨﺼﺎﺉﺺ ﺍﻟﻤﺨﺘﻠﻔﺔ ﻟﻨﻈﺎﻣﻲ ﺍﻟﺘﺸﻐﻴﻞ‪.‬‬

    ‫ﺍﻟﺸﻜﻞ‪ :2‬ﻣﻘﺎﺭﻧﺔ ﺑﻴﻦ ﺃﻧﻈﻤﺔ ﺗﺸﻐﻴﻞ ‪ Windows‬ﻭ ‪Linux‬‬


    ‫ﻧﻈﺎﻡﺗﺸﻐﻴﻞ ‪Linux‬‬ ‫ﻧﻈﺎﻡﺍﻟﺘﺸﻐﻴﻞ ‪Windows‬‬

    ‫ﻗﺪﻳﻜﻮﻥ ﻟﺒﻌﺾ ﺃﻧﻈﻤﺔ ﺍﻟﺘﺸﻐﻴﻞ‬ ‫‪-‬‬ ‫ﻳﺠﺐﺗﺮﺧﻴﺺ ﺟﻤﻴﻊ ﻣﺜﻴﻼﺕ ﺃﻧﻈﻤﺔ ﺗﺸﻐﻴﻞ‬ ‫‪-‬‬ ‫ﺍﻟﺘﺮﺧﻴﺺ‬
    ‫ﺍﻟﻤﺴﺘﻨﺪﺓﺇﻟﻰ ‪ Linux‬ﺍﻟﺘﻲ ﻳﺒﻴﻌﻬﺎ‬ ‫‪ Windows‬ﺍﻟﺨﺎﺻﺔ‪.‬‬
    ‫ﺍﻟﺒﺎﺉﻌﻮﻥﺭﺳﻮﻡ ﺗﺮﺧﻴﺺ ﻣﺮﺗﺒﻄﺔ‪.‬‬

    ‫ﻭﺍﺟﻬﺎﺕﺍﻟﻤﺴﺘﺨﺪﻡ ﺍﻟﻨﺼﻴﺔ )‪(TUI‬‬ ‫‪-‬‬ ‫ﻭﺍﺟﻬﺎﺕﺍﻟﻤﺴﺘﺨﺪﻡ ﺍﻟﻨﺼﻴﺔ )‪ (TUI‬ﻭﻭﺍﺟﻬﺎﺕ ﺍﻟﻤﺴﺘﺨﺪﻡ‬ ‫‪-‬‬ ‫ﺗﺠﺮﺑﺔﺍﻟﻤﺴﺘﺨﺪﻡ‬
    ‫ﻭﻭﺍﺟﻬﺎﺕﺍﻟﻤﺴﺘﺨﺪﻡ ﺍﻟﺮﺳﻮﻣﻴﺔ )‪.(GUI‬‬ ‫ﺍﻟﺮﺳﻮﻣﻴﺔ)‪.(GUI‬‬

    ‫ﺗﻢﺇﻧﺸﺎء ﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ ‪Linux‬‬ ‫‪-‬‬ ‫‪.‬ﻣﻴﺰﺓﺗﻨﺎﻓﺴﻴﺔ ﻓﻲ ﺍﻟﺴﻮﻕ ‪ Microsoft‬ﻫﻮ ﻧﻈﺎﻡ‬ ‫‪-‬‬ ‫ﻣﺼﺪﺭﺍﻟﺮﻣﺰ‬
    ‫ﺑﺎﺳﺘﺨﺪﺍﻡﻣﺼﺪﺭ ﻣﻔﺘﻮﺡ‬ ‫ﺗﺸﻐﻴﻞﺧﺎﺹ‪ .‬ﻳﻤﻨﺢ ﻫﺬﺍ ﺍﻟﺘﺮﺗﻴﺐ ‪Windows‬‬ ‫ﻭﺻﻮﻝ‬
    ‫ﺍﻟﺘﻘﻨﻴﺎﺕ‪.‬ﻫﺬﺍ ﻳﻌﻨﻲ ﺃﻥ ﺍﻟﻜﻮﺩ‬ ‫‪Microsoft‬‬
    ‫ﺍﻟﻤﺼﺪﺭﻱﻳﻤﻜﻦ ﻓﺤﺼﻪ ﻭﺩﺭﺍﺳﺘﻪ‬ ‫ﻻﻳﺴﺘﻄﻴﻊ ﻋﺎﻣﺔ ﺍﻟﻨﺎﺱ ﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ ﺍﻟﻜﻮﺩ ﺍﻟﻤﺼﺪﺭﻱ‬ ‫‪-‬‬
    ‫ﻭﺗﻌﺪﻳﻠﻪﻭﺗﺤﺴﻴﻨﻪ ﻭﺗﻮﺯﻳﻌﻪ ﺑﻮﺍﺳﻄﺔ‬ ‫ﻟﻨﻈﺎﻡﺍﻟﺘﺸﻐﻴﻞ ‪.Microsoft‬‬
    ‫ﺃﻱﺷﺨﺺ‪.‬‬

    ‫‪12‬‬ ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬ ‫‪www.theiia.org‬‬


    ‫ﻧﻈﺮﺍًﻟﻄﺒﻴﻌﺔ ﺍﻟﻤﺼﺪﺭ ﺍﻟﻤﻔﺘﻮﺡ ‪ ،‬ﻳﻤﻜﻦ‬ ‫‪-‬‬ ‫ﻳﺮﻛﺰﺃﻣﺎﻥ ﻧﻈﺎﻡ ﺗﺸﻐﻴﻞ ‪ Windows‬ﻋﻠﻰ ﺛﻼﺛﺔ‬ ‫‪-‬‬ ‫ﺣﻤﺎﻳﺔ‬
    ‫ﻟﻠﻤﺴﺘﺨﺪﻣﻴﻦﻣﺮﺍﺟﻌﺔ ﺍﻟﺘﻌﻠﻴﻤﺎﺕ‬ ‫ﻣﺠﺎﻻﺕ‪:‬‬
    ‫ﺍﻟﺒﺮﻣﺠﻴﺔﺍﻟﻤﺼﺪﺭ ﻭﺗﺤﺪﻳﺪ ﺃﻱ ﻧﻘﺎﻁ‬ ‫ﺇﺩﺍﺭﺓﺍﻟﻬﻮﻳﺔ ﻭﺍﻟﻮﺻﻮﻝ‪ :‬ﺍﻷﺫﻭﻧﺎﺕ ﻭﻣﻠﻜﻴﺔ‬ ‫ﺍ‬
    ‫ﺿﻌﻒﺃﻣﻨﻴﺔ‪.‬‬ ‫ﺍﻟﻜﺎﺉﻨﺎﺕﻭﻭﺭﺍﺛﺔ ﺍﻷﺫﻭﻧﺎﺕ ﻭﺣﻘﻮﻕ‬
    ‫ﺑﺎﻟﻤﻘﺎﺭﻧﺔﻣﻊ ﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ ‪، Windows OS‬‬ ‫‪-‬‬ ‫ﺍﻟﻤﺴﺘﺨﺪﻡﻭﺗﺪﻗﻴﻖ ﺍﻟﻜﺎﺉﻨﺎﺕ‪.‬‬
    ‫ﻋﺎﺩﺓ ًﻣﺎ ﻳﻜﻮﻥ ﻟﺪﻯ ﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ ‪Linux‬‬
    ‫ﺛﻐﺮﺍﺕﺃﻣﻨﻴﺔ ﺃﻗﻞ ﻭﻟﺪﻳﻬﺎ ﻋﺪﺩ ﺃﻗﻞ‬ ‫ﺍﻟﺤﻤﺎﻳﺔﻣﻦ ﺍﻟﺘﻬﺪﻳﺪﺍﺕ‪ :‬ﺗﺤﻤﻲ ﻧﻘﺎﻁ ﺍﻟﻨﻬﺎﻳﺔ ﻣﻦ‬ ‫ﺍ‬
    ‫ﺍﻟﻬﻴﺎﻛﻞﻏﻴﺮ ﺍﻟﻤﺤﻤﻴﺔ‪.‬‬ ‫ﺍﻟﺘﻬﺪﻳﺪﺍﺕﺍﻹﻟﻜﺘﺮﻭﻧﻴﺔ ‪ ،‬ﻭﺗﻜﺘﺸﻒ ﺍﻟﻬﺠﻤﺎﺕ‬
    ‫ﺍﻟﻤﺘﻘﺪﻣﺔﻭﺧﺮﻭﻗﺎﺕ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﻭﺗﻌﻤﻞ ﻋﻠﻰ ﺃﺗﻤﺘﺔ‬
    ‫ﺍﻟﺤﻮﺍﺩﺙﺍﻷﻣﻨﻴﺔ ‪ ،‬ﻭﺗﺤﺴﻦ ﺍﻟﻮﺿﻊ ﺍﻷﻣﻨﻲ‪.‬‬

    ‫ﺣﻤﺎﻳﺔﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪ :‬ﺗﺘﻨﺎﻭﻝ ﺗﻬﺪﻳﺪﺍﺕ ﺳﺮﻗﺔ‬ ‫ﺍ‬


    ‫ﺍﻟﺒﻴﺎﻧﺎﺕﺃﻭ ﺍﻟﺘﻌﺮﺽ ﻟﻠﻀﻴﺎﻉ ﺃﻭ ﺍﻟﺴﺮﻗﺔ ﺃﻭ‬
    ‫ﺑﺸﻜﻞﻏﻴﺮ ﻻﺉﻖ‬
    ‫ﺃﺟﻬﺰﺓﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﺧﺎﺭﺝ ﺍﻟﺨﺪﻣﺔ‪.‬‬

    ‫ﺣﻮﺍﺳﻴﺐ‬
    ‫ﺍﻟﺤﺎﺳﻮﺏﺍﻟﺮﺉﻴﺴﻲ ﻫﻮ ﺟﻬﺎﺯ ﻛﻤﺒﻴﻮﺗﺮ )ﺟﻬﺎﺯ( ﻣﺼﻤﻢ ﻻﺳﺘﻀﺎﻓﺔ ﻗﻮﺍﻋﺪ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﺘﺠﺎﺭﻳﺔ ﻭﺧﻮﺍﺩﻡ ﺍﻟﻤﻌﺎﻣﻼﺕ‬
    ‫ﻭﺍﻟﺘﻄﺒﻴﻘﺎﺕﺍﻟﺘﻲ ﺗﺘﻄﻠﺐ ﺩﺭﺟﺔ ﺃﻛﺒﺮ ﻣﻦ ﺍﻷﻣﺎﻥ ﻭﺍﻟﺘﻮﺍﻓﺮ ﻣﻤﺎ ﻫﻮ ﻣﻮﺟﻮﺩ ﻋﺎﺩﺓ ﻓﻲ ﺍﻷﺟﻬﺰﺓ ﺍﻟﺼﻐﻴﺮﺓ ﺍﻟﺤﺠﻢ‪ .‬ﺗﻈﻞ‬
    ‫ﻫﺬﻩﺍﻵﻻﺕ ﺷﺎﺉﻌﺔ ﺍﻻﺳﺘﺨﺪﺍﻡ ﻣﻦ ﻗﺒﻞ ﺍﻟﻤﺆﺳﺴﺎﺕ ﺍﻟﻜﺒﻴﺮﺓ ﻧﻈﺮﺍً ﻟﻤﻮﺛﻮﻗﻴﺘﻬﺎ ﻭﺍﺳﺘﻘﺮﺍﺭﻫﺎ‪.‬‬

    ‫ﺗﻌﺎﻟﺞﺍﻟﺤﺎﺳﺒﺎﺕ ﺍﻟﻤﺮﻛﺰﻳﺔ ﻛﻤﻴﺎﺕ ﻛﺒﻴﺮﺓ ﻣﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﻣﺜﻞ ﺇﺣﺼﺎءﺍﺕ ﺍﻟﺪﻭﻟﺔ ﻭﺍﻟﺼﻨﺎﻋﺔ ‪ ،‬ﻭﺍﻟﻤﻬﺎﻡ ﺍﻟﻤﺸﺎﺑﻬﺔ‬
    ‫ﻟﻤﻌﺎﻟﺠﺔﺍﻟﻤﻌﺎﻣﻼﺕ ﺍﻟﻤﺠﻤﻌﺔ ﻭﺍﻟﻜﺒﻴﺮﺓ ﺍﻟﺤﺠﻢ‪ .‬ﺗﻌﺘﻤﺪ ﺻﻨﺎﻋﺎﺕ ﻣﺜﻞ ﺍﻟﺨﺪﻣﺎﺕ ﺍﻟﻤﺼﺮﻓﻴﺔ ﻭﺍﻟﺘﺄﻣﻴﻦ ﻋﻠﻰ‬
    ‫ﺍﻟﺤﻮﺍﺳﻴﺐﺍﻟﻤﺮﻛﺰﻳﺔ ﻟﻤﻌﺎﻟﺠﺔ ﺣﺠﻢ ﺍﻟﻤﻌﺎﻣﻼﺕ ﺍﻟﻬﺎﺉﻞ ﺍﻟﻨﺎﺗﺞ ﻋﻦ ﺍﻟﺼﻨﺎﻋﺔ ﺍﻟﻤﺎﻟﻴﺔ‪ .‬ﻓﻲ ﻗﻄﺎﻋﺎﺕ ﻣﺜﻞ ﺍﻟﺮﻋﺎﻳﺔ‬
    ‫ﺍﻟﺼﺤﻴﺔﻭﺍﻟﻨﻘﻞ ﻭﺍﻟﺨﺪﻣﺎﺕ ﺍﻟﻌﺎﻣﺔ ‪ ،‬ﺗﺴﺎﻋﺪ ﺍﻟﺤﻮﺍﺳﻴﺐ ﺍﻟﻤﺮﻛﺰﻳﺔ ﻓﻲ ﻣﻌﺎﻟﺠﺔ ﻛﻤﻴﺎﺕ ﻛﺒﻴﺮﺓ ﻣﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﺗﻮﻓﺮ‬
    ‫ﺍﻟﺪﻋﻢﻟﻤﺘﻄﻠﺒﺎﺕ ﺍﻻﻣﺘﺜﺎﻝ ﺍﻟﺼﺎﺭﻣﺔ‪.‬‬

    ‫ﻋﺎﺩﺓ ًﻣﺎ ﺗﻜﻮﻥ ﺍﻟﺤﻮﺍﺳﻴﺐ ﺍﻟﻤﺮﻛﺰﻳﺔ ﻫﻲ ﻧﻮﻉ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﺍﻟﻤﻔﻀﻞ ﻋﻨﺪﻣﺎ ﻳﻜﻮﻥ ﻫﻨﺎﻙ ﻣﺘﻄﻠﺒﺎﺕ ﻷﺣﺠﺎﻡ ﻛﺒﻴﺮﺓ‬
    ‫ﻣﻦﺍﻟﻤﺴﺘﺨﺪﻣﻴﻦ ﺍﻟﻤﺘﺰﺍﻣﻨﻴﻦ‪ .‬ﺗﻌﺪ ﺻﻨﺎﻋﺔ ﺍﻟﻄﻴﺮﺍﻥ ﻭﺍﻟﺴﻔﺮ ﺍﻟﺠﻮﻱ ﻣﺜﺎﻻ ًﺟﻴﺪﺍً ﻷﻥ ﺣﺠﻮﺯﺍﺕ ﻭﻛﻼء ﺍﻟﺴﻔﺮ ﻋﺒﺮ‬
    ‫ﺍﻹﻧﺘﺮﻧﺖﻭﻣﺤﺎﻛﺎﺓ ﺍﻟﻄﻴﺮﺍﻥ ﻭﺃﻧﻈﻤﺔ ﺍﻟﻤﻼﺣﺔ ﺗﺘﻄﻠﺐ ﺗﻄﺒﻴﻘﺎﺕ ﺫﺍﺕ ﻧﻄﺎﻕ ﺗﺮﺩﺩﻱ ﻋﺎﻝ ٍﻭﺗﻌﺘﻤﺪ ﺑﺸﻜﻞ ﻛﺒﻴﺮ ﻋﻠﻰ‬
    ‫ﻗﺪﺭﺍﺕﺍﻟﺤﻮﺍﺳﻴﺐ ﺍﻟﻤﺮﻛﺰﻳﺔ‪.‬‬

    ‫ﻳﻮﺟﺪﻣﻔﻬﻮﻣﺎﻥ ﺭﺉﻴﺴﻴﺎﻥ ﻟﻤﻌﺎﻟﺠﺔ ﺍﻟﻤﻌﺎﻣﻼﺕ ﻟﻠﺤﻮﺍﺳﻴﺐ ﺍﻟﻤﺮﻛﺰﻳﺔ‪ :‬ﻣﻌﺎﻟﺠﺔ ﺍﻟﻤﻬﺎﻡ ﺍﻟﻤﺠﻤﻌﺔ ﻭﻣﻌﺎﻟﺠﺔ‬
    ‫ﺍﻟﻤﻌﺎﻣﻼﺕﻋﺒﺮ ﺍﻹﻧﺘﺮﻧﺖ‪:‬‬

    ‫ﺗﺘﻢﻣﻌﺎﻟﺠﺔ ﺍﻟﻮﻇﺎﺉﻒ ﺍﻟﻤﺠﻤﻌﺔ ﺩﻭﻥ ﺗﺪﺧﻞ ﺍﻟﻤﺴﺘﺨﺪﻡ ‪ ،‬ﺣﻴﺚ ﺗﺘﻢ ﻣﻌﺎﻟﺠﺔ ﻛﻤﻴﺎﺕ ﻛﺒﻴﺮﺓ ﻣﻦ‬ ‫‪-‬‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﺑﺸﻜﻞ ﻣﺠﻤﻊّ ﺑﺪﻻ ًﻣﻦ ﻛﻮﻧﻬﺎ ﻣﺪﺧﻼﺕ ﻓﺮﺩﻳﺔ‪ .‬ﺍﻟﺪﻓﻌﺎﺕ ‪ ،‬ﺍﻟﺘﻲ ﻳﻤﻜﻦ ﺃﻥ ﺗﺘﻀﻤﻦ ﺃﺣﻴﺎﻧﺎً‬
    ‫ﻣﺉﺎﺕﺃﻭ ﺁﻻﻑ ﺍﻟﻤﻌﺎﻣﻼﺕ ‪ ،‬ﻳﺘﻢ ﺇﺟﺮﺍﺅﻫﺎ ﻣﺴﺒﻘﺎً ﻓﻲ ﻧﺎﻓﺬﺓ ﺯﻣﻨﻴﺔ ﻣﺤﺪﺩﺓ ﺧﻼﻝ ﻓﺘﺮﺍﺕ ﺧﺎﺭﺝ ﺍﻟﺬﺭﻭﺓ‪.‬‬
    ‫ﻋﺎﺩﺓ ًﻣﺎ ﺗﻜﻮﻥ ﺍﻟﻤﺨﺮﺟﺎﺕ ﻣﻦ ﺍﻟﻮﻇﺎﺉﻒ ﺍﻟﻤﺠُﻬﺰﺓ ﻋﻠﻰ ﺩﻓﻌﺎﺕ ﻋﺒﺎﺭﺓ ﻋﻦ ﻣﻠﺨﺼﺎﺕ ﻟﻠﻤﻌﻠﻮﻣﺎﺕ ﻣﺜﻞ‬
    ‫ﺍﻟﻤﺒﻴﻌﺎﺕﺍﻟﻴﻮﻣﻴﺔ ﻭﻣﻌﺎﻟﺠﺔ ﺍﻟﻄﻠﺒﺎﺕ ﻭﺗﺤﺪﻳﺜﺎﺕ ﺍﻟﻤﺨﺰﻭﻥ‪.‬‬

    ‫ﺗﻌﺎﻟﺞﻣﻌﺎﻟﺠﺔ ﺍﻟﻤﻌﺎﻣﻼﺕ ﻋﺒﺮ ﺍﻹﻧﺘﺮﻧﺖ )‪ (OLTP‬ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﺘﻲ ﺗﺘﻄﻠﺐ ﻋﺎﺩﺓ ًﺍﺳﺘﺠﺎﺑﺔ ﻓﻮﺭﻳﺔ ﻭﻓﻲ‬ ‫‪-‬‬
    ‫ﺍﻟﻮﻗﺖﺍﻟﻔﻌﻠﻲ ‪ ،‬ﻭﻋﺎﺩﺓ ﻣﺎ ﻳﻜﻮﻥ ﺗﻔﺎﻋﻞ ﺍﻟﻤﺴﺘﺨﺪﻡ ﻣﻊ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﺍﻟﻤﺮﻛﺰﻱ ﻗﺼﻴﺮﺍً ﺟﺪﺍً ﻭﻣﺘﺰﺍﻣﻨﺎً ﻣﻊ‬
    ‫ﺍﻟﻤﻌﺎﻟﺠﺔ‪ OLTP.‬ﻣﻔﻴﺪ ﻟﻠﺨﺪﻣﺎﺕ ﺍﻟﺘﻲ ﻳﺠﺐ ﺃﻥ ﺗﻜﻮﻥ ﻣﺴﺘﻤﺮﺓ‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪13‬‬ ‫‪www.theiia.org‬‬


    ‫ﻣﺘﻮﻓﺮﺓﻭﺣﻴﺚ ﺗﻜﻮﻥ ﺳﻼﻣﺔ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺫﺍﺕ ﺃﻫﻤﻴﺔ ﻛﺒﻴﺮﺓ‪ .‬ﻳﻨﻄﺒﻖ ﻫﺬﺍ ﺍﻟﻤﻔﻬﻮﻡ ﻋﻠﻰ ﻣﻌﺎﻣﻼﺕ‬
    ‫ﺃﺟﻬﺰﺓﺍﻟﺼﺮﺍﻑ ﺍﻵﻟﻲ ﻭﻋﻤﻠﻴﺎﺕ ﺍﻟﺸﺮﺍء ﺑﺒﻄﺎﻗﺎﺕ ﺍﻻﺉﺘﻤﺎﻥ ﺃﻭ ﺍﻟﺨﺼﻢ‪.‬‬

    ‫ﺑﻌﺾﺍﻟﺸﺮﻛﺎﺕ ﺍﻟﻤﺼﻨﻌﺔ ﺍﻟﺮﺉﻴﺴﻴﺔ ﻟﻠﺤﻮﺍﺳﻴﺐ ﺍﻟﻤﺮﻛﺰﻳﺔ ﻫﻲ ‪ IBM‬ﻭ ‪.Fujitsu‬‬

    ‫ﺃﻧﻈﻤﺔﺗﺸﻐﻴﻞ ﺍﻟﺤﺎﺳﺒﺎﺕ ﺍﻟﻤﺮﻛﺰﻳﺔ‬


    ‫ﻧﻈﺮﺍًﻟﻠﻜﻤﻴﺎﺕ ﺍﻟﻜﺒﻴﺮﺓ ﻣﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﺘﻲ ﻳﻌﺎﻟﺠﻬﺎ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﺍﻟﺮﺉﻴﺴﻲ ‪ ،‬ﻳﺠﺐ ﺃﻥ ﺗﻜﻮﻥ ﻣﻜﻮﻧﺎﺗﻪ ﺍﻟﺪﺍﺧﻠﻴﺔ ‪ ،‬ﺑﻤﺎ‬
    ‫ﻓﻲﺫﻟﻚ ﺍﻟﺬﺍﻛﺮﺓ ﺍﻟﺪﺍﺧﻠﻴﺔ ‪ ،‬ﻭﻗﺪﺭﺓ ﺍﻟﻤﻌﺎﻟﺠﺔ ‪ ،‬ﻭﺍﻷﺟﻬﺰﺓ ﺍﻟﻄﺮﻓﻴﺔ ﺍﻟﺪﺍﺧﻠﻴﺔ ﻭﺍﻟﺨﺎﺭﺟﻴﺔ ‪ ،‬ﻭﺍﻟﺘﺨﺰﻳﻦ ‪ ،‬ﻭﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ‬
    ‫ﻓﻌﺎﻟﺔﻭﻣﻌﻘﺪﺓ ﺑﻤﺎ ﻳﻜﻔﻲ ﻟﺘﻘﺪﻳﻢ ﻣﻌﻴﺎﺭ ﺍﻷﺩﺍء ﺍﻟﻤﻌﺘﻤﺪ‪.‬‬

    ‫ﻛﻞﻣﺼﻨﻊ ﻟﺪﻳﻪ ﺇﺻﺪﺍﺭﻩ ﻣﻦ ﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ ‪ ،‬ﻭﺍﻟﺬﻱ ﺗﻢ ﺗﻜﻮﻳﻨﻪ ﻭﺗﺨﺼﻴﺼﻪ ﻟﻴﻨﺎﺳﺐ ﺃﺟﻬﺰﺓ ﻭﻭﺍﺟﻬﺎﺕ ﺍﻟﺸﺮﻛﺔ‬
    ‫ﺍﻟﻤﺼﻨﻌﺔ)ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ z / OS ،‬ﻫﻮ ﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ ﻷﺟﻬﺰﺓ ‪ IBM‬ﺍﻟﻤﺮﻛﺰﻳﺔ(‪.‬‬

    ‫ﺍﻻﻓﺘﺮﺍﺿﻴﺔ‬
    ‫ﺍﻟﻤﺤﺎﻛﺎﺓﺍﻻﻓﺘﺮﺍﺿﻴﺔ ﻫﻲ ﻋﻤﻠﻴﺔ ﺗﻜﻮﻳﻦ ﻧﻈﺎﻡ ﻛﻤﺒﻴﻮﺗﺮ ﻓﻲ ﺑﻴﺉﺔ ﻣﻨﻔﺼﻠﺔ ﻋﻦ ﺍﻷﺟﻬﺰﺓ ﺍﻟﻔﻌﻠﻴﺔ‪ .‬ﻗﺒﻞ ﻣﻔﻬﻮﻡ‬
    ‫ﺍﻟﻤﺤﺎﻛﺎﺓﺍﻻﻓﺘﺮﺍﺿﻴﺔ ‪ ،‬ﺗﻢ ﺗﺜﺒﻴﺖ ﺟﻤﻴﻊ ﺃﻧﻈﻤﺔ ﺍﻟﺘﺸﻐﻴﻞ ﻋﻠﻰ ﺃﺟﻬﺰﺓ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﺍﻟﻔﻌﻠﻴﺔ ‪ ،‬ﻭﻳﻤﻜﻦ ﻟﻬﺬﺍ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ‬
    ‫ﺗﺸﻐﻴﻞﻧﻈﺎﻡ ﺗﺸﻐﻴﻞ ﻭﺍﺣﺪ ﻓﻘﻂ‪ .‬ﻣﻊ ﻣﻔﻬﻮﻡ ﺍﻟﻤﺤﺎﻛﺎﺓ ﺍﻻﻓﺘﺮﺍﺿﻴﺔ ‪ ،‬ﻳﻌﻤﻞ ﻧﻈﺎﻡ ﺗﺸﻐﻴﻞ ﺍﻟﺠﻬﺎﺯ ﺍﻟﻈﺎﻫﺮﻱ )‪(VM‬‬
    ‫ﻋﻠﻰﺃﺟﻬﺰﺓ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ‪ ،‬ﻭﻳﻤﻜﻦ ﺃﻥ ﺗﻌﻤﻞ ﺃﻧﻈﻤﺔ ﺗﺸﻐﻴﻞ ﺍﻓﺘﺮﺍﺿﻴﺔ ﻣﺘﻌﺪﺩﺓ ﺗﺤﺖ ﺳﻴﻄﺮﺓ ﻫﺬﺍ ﺍﻟﺠﻬﺎﺯ ﺍﻟﻈﺎﻫﺮﻱ‪.‬‬
    ‫ﻳﻤﻜﻦﺗﺤﻮﻳﻞ ﻣﻮﺍﺭﺩ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﺍﻟﺸﺎﺉﻌﺔ ﻣﺜﻞ ﺍﻟﺨﻮﺍﺩﻡ ﺃﻭ ﺃﺟﻬﺰﺓ ﺳﻄﺢ ﺍﻟﻤﻜﺘﺐ ﺃﻭ ﺃﻧﻈﻤﺔ ﺍﻟﺘﺸﻐﻴﻞ ﺃﻭ ﺍﻟﻤﻠﻔﺎﺕ ﺃﻭ‬
    ‫ﺍﻟﺘﺨﺰﻳﻦﺃﻭ ﺍﻟﺸﺒﻜﺎﺕ ﺇﻟﻰ ﺍﻓﺘﺮﺍﺿﻴﺔ‪ .‬ﻳﻤﻜﻦ ﺍﺳﺘﺨﺪﺍﻡ ﺍﻷﺟﻬﺰﺓ ﺍﻟﻈﺎﻫﺮﻳﺔ ﻟﻸﻏﺮﺍﺽ ﺍﻟﻤﺴﺘﻬﺪﻓﺔ ﻭﻳﺘﻢ ﺍﻟﺘﺨﻠﺺ ﻣﻨﻬﺎ‬
    ‫ﺑﻤﺠﺮﺩﺗﺤﻘﻴﻖ ﻫﺬﺍ ﺍﻻﺳﺘﺨﺪﺍﻡ‪.‬‬

    ‫ﻋﺎﺩﺓ ًﻣﺎ ﻳﺘﻢ ﺇﻧﺠﺎﺯ ﻫﺬﻩ ﺍﻟﺒﻴﺉﺔ ﺍﻻﻓﺘﺮﺍﺿﻴﺔ ﻋﻦ ﻃﺮﻳﻖ ﺗﺜﺒﻴﺖ ﻭﺍﺳﺘﺨﺪﺍﻡ ﺑﺮﻧﺎﻣﺞ ﻣﺘﺨﺼﺺ )ﻳﺴﻤﻰ ﺑﺮﻧﺎﻣﺞ‬
    ‫‪ (Hypervisor‬ﻋﻠﻰ ﺍﻟﺠﻬﺎﺯ ﺍﻟﻤﻀﻴﻒ ﺍﻟﺬﻱ ﻳﺤﺎﻛﻲ ﺑﻴﺉﺔ ﺍﻓﺘﺮﺍﺿﻴﺔ‪ .‬ﺑﺮﻧﺎﻣﺞ ‪ Hypervisor‬ﻋﺒﺎﺭﺓ ﻋﻦ ﻣﺠﻤﻮﻋﺔ‬
    ‫ﺑﺮﺍﻣﺞﻣﺤﺪﺩﺓ ﺗﻘﻮﻡ ﺑﺈﻧﺸﺎء ﻭﺗﺸﻐﻴﻞ ﺃﺟﻬﺰﺓ ‪ VM‬ﻭﻳﻌُﺮﻑ ﺃﻳﻀﺎً ﺑﺎﺳﻢ ﻣﺮﺍﻗﺐ ‪ /‬ﻣﺪﻳﺮ ﺍﻟﺠﻬﺎﺯ ﺍﻟﻈﺎﻫﺮﻱ ﺃﻭ ‪.VMM‬‬
    ‫ﻳﻮﺟﺪﻧﻮﻋﺎﻥ ﻣﻦ ﺑﺮﺍﻣﺞ ‪ :Hypervisor‬ﺍﻟﻨﻮﻉ ‪ ، 1‬ﻭﺍﻟﺬﻱ ﻳﻌﻤﻞ ﻣﺒﺎﺷﺮﺓ ﻛﻨﻈﺎﻡ ﺗﺸﻐﻴﻞ ﻋﻠﻰ ﺃﺟﻬﺰﺓ ﺍﻟﺠﻬﺎﺯ‬
    ‫ﺍﻟﻤﻀﻴﻒ ‪،‬ﻭﺍﻟﻤﻌﺮﻭﻑ ﺃﻳﻀﺎً ﺑﺎﺳﻢ ﺍﻟﻨﻮﻉ "‪ ، "bare metal‬ﻭﺍﻟﻨﻮﻉ ‪ ، 2‬ﻭﺍﻟﺬﻱ ﻳﻌﻤﻞ ﻓﻲ ﺑﻴﺉﺔ ﻧﻈﺎﻡ ﺗﺸﻐﻴﻞ‬
    ‫ﻗﺎﺉﻤﺔﺑﺎﻟﻔﻌﻞ ‪ ،‬ﻭﺍﻟﻤﻌﺮﻭﻓﺔ ﺑﺎﺳﻢ ﻧﻮﻉ "ﻣﺴﺘﻀﺎﻑ"‪.‬‬

    ‫ﺧﺪﻣﺎﺕﺍﻟﺪﻟﻴﻞ‬
    ‫ﺗﺤﺘﻮﻱﺟﻤﻴﻊ ﺷﺒﻜﺎﺕ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﻋﻠﻰ ﻣﻮﺍﺭﺩ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﻤﺮﺗﺒﻄﺔ ﺑﻬﺎ ‪ ،‬ﻣﺜﻞ ﺍﻟﻤﺴﺘﺨﺪﻣﻴﻦ ﻭﺍﻟﻄﺎﺑﻌﺎﺕ‬
    ‫ﻭﺃﺟﻬﺰﺓﺍﻟﺘﺨﺰﻳﻦ ﻭﺍﻟﻤﻠﻔﺎﺕ ﻭﺍﻟﻤﺠﻠﺪﺍﺕ ﻭﺃﺟﻬﺰﺓ ﺍﻟﻔﺎﻛﺲ ﻭﺍﻟﻤﺰﻳﺪ‪ .‬ﻟﺬﻟﻚ ‪ ،‬ﻣﻦ ﺍﻟﻤﻨﻄﻘﻲ ﺃﻥ ﻳﺮﺗﺒﻂ ﻛﻞ ﻣﻦ ﻫﺬﻩ‬
    ‫ﺍﻟﻤﻮﺍﺭﺩﺑﻌﻨﻮﺍﻥ ﺷﺒﻜﺔ ﻓﺮﻳﺪ‪.‬‬

    ‫ﺧﺪﻣﺔﺍﻟﺪﻟﻴﻞ ﻫﻲ ﺧﺪﻣﺔ ﻧﻈﺎﻡ ﺗﺸﻐﻴﻞ ﺗﻮﻓﺮ ﻗﺎﺉﻤﺔ ﺑﺄﺳﻤﺎء ﻣﻮﺍﺭﺩ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﻤﺮﺗﺒﻄﺔ ﺑﺎﻟﺸﺒﻜﺔ )ﻣﺜﻞ‬
    ‫ﺍﻟﻤﺴﺘﺨﺪﻣﻴﻦﻭﺍﻟﻄﺎﺑﻌﺎﺕ ﻭﺃﺟﻬﺰﺓ ﺍﻟﺘﺨﺰﻳﻦ ﻭﺍﻟﻤﻠﻔﺎﺕ ﻭﺍﻟﻤﺠﻠﺪﺍﺕ( ﻭﻋﻨﻮﺍﻥ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻔﺮﻳﺪ ﻟﻜﻞ ﻣﻨﻬﺎ‪ .‬ﻳﻌﺪ ﺍﻟﺤﻔﺎﻅ‬
    ‫ﻋﻠﻰﻫﺬﻩ ﺍﻟﺪﻻﺉﻞ ﺃﻣﺮﺍً ﻣﻬﻤﺎً ﻣﻦ ﻭﺟﻬﺔ ﻧﻈﺮ ﺍﻟﻮﺻﻮﻝ ﻭﺍﻷﻣﺎﻥ‪.‬‬

    ‫ﺗﻢﺗﻄﻮﻳﺮ ﻣﻌﻴﺎﺭ )ﺃﻭ ﺑﺮﻭﺗﻮﻛﻮﻝ( ﻟﺨﺪﻣﺎﺕ ﺍﻟﺪﻟﻴﻞ ﻓﻲ ﺍﻟﺒﺪﺍﻳﺔ ﻹﺩﺍﺭﺓ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻋﻠﻰ ﺷﺒﻜﺔ ﻋﺎﻟﻤﻴﺔ ﻣﻦ ﺍﻟﻤﻮﺍﺭﺩ‪ .‬ﻛﺎﻥ‬
    ‫ﻫﺬﺍﺍﻟﺒﺮﻭﺗﻮﻛﻮﻝ ﻳﺴﻤﻰ ﺑﺮﻭﺗﻮﻛﻮﻝ ‪ .X.500‬ﺑﻨﺎء ًﻋﻠﻰ ﻣﻌﻴﺎﺭ ‪، X.500‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪14‬‬ ‫‪www.theiia.org‬‬


    ‫ﻃﻮﺭﺑﺎﺉﻌﻮ ﺍﻟﺒﺮﺍﻣﺞ ﺣﻠﻮﻻً ﺧﺎﺻﺔ ﻹﺩﺍﺭﺓ ﺃﺟﻬﺰﺓ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻤﺘﻌﻠﻘﺔ ﺑﺄﻧﻈﻤﺔ ﺍﻟﺘﺸﻐﻴﻞ ﺍﻟﻤﻘﺎﺑﻠﺔ ﺍﻟﺨﺎﺻﺔ ﺑﻬﻢ‪ .‬ﺣﻞ‬
    ‫ﺧﺪﻣﺔﺍﻟﺪﻟﻴﻞ ﺍﻟﺸﺎﺉﻊ ﻫﻮ (‪ ، Microsoft's Active Directory )AD‬ﻟﻼﺳﺘﺨﺪﺍﻡ ﻣﻊ ﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ ‪.Windows‬‬
    ‫ﻳﺤﺘﻮﻱ‪ AD‬ﻋﻠﻰ ﻭﻇﺎﺉﻒ ﺇﺿﺎﻓﻴﺔ ﻣﺠﻤﻌﺔ ﻣﻊ ﻣﻌﻴﺎﺭ ‪ ، X.500‬ﻭﻳﻤﻜﻦ ﻟﻠﻤﺴﺆﻭﻟﻴﻦ ﺇﺿﺎﻓﺔ ﻣﺴﺘﺨﺪﻣﻴﻦ ﺟﺪﺩ ﺃﻭ‬
    ‫ﺇﺯﺍﻟﺔﺃﻭ ﺗﻌﺪﻳﻞ ﻋﻨﺎﺻﺮ ﺍﻟﺸﺒﻜﺔ ﻭﺗﺤﺪﻳﺪ ﺍﻣﺘﻴﺎﺯﺍﺕ ﺍﻻﺳﺘﺨﺪﺍﻡ ﻭﺍﻷﻣﺎﻥ ﻭﺇﺩﺍﺭﺓ ﺳﻴﺎﺳﺎﺕ ﻛﻠﻤﺎﺕ ﺍﻟﻤﺮﻭﺭ ﻭﺍﻟﻤﻬﺎﻡ‬
    ‫ﺍﻷﺧﺮﻯ‪.‬‬

    ‫ﻣﺜﺎﻝﻋﻠﻰ ﺑﺮﻭﺗﻮﻛﻮﻝ ﺩﻟﻴﻞ ﻣﻔﺘﻮﺡ ﺍﻟﻤﺼﺪﺭ ﻫﻮ ﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻟﻮﺻﻮﻝ ﺍﻟﺨﻔﻴﻒ ﺇﻟﻰ ﺍﻟﺪﻟﻴﻞ )‪ ، (LDAP‬ﺍﻟﻤﺸﺘﻖ ﻣﻦ‬
    ‫ﻣﻌﻴﺎﺭ‪ .X.500‬ﻳﺴُﺘﺨﺪﻡ ‪ LDAP‬ﻟﻠﻮﺻﻮﻝ ﺇﻟﻰ ﻣﻌﻠﻮﻣﺎﺕ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻤﺨﺰﻧﺔ ﻣﺮﻛﺰﻳﺎً ‪ ،‬ﻭﻟﻜﻨﻪ ﺃﺑﺴﻂ ﻭﺃﻗﻞ ﻛﺜﺎﻓﺔ ﻓﻲ‬
    ‫ﺍﺳﺘﺨﺪﺍﻡﺍﻟﻤﻮﺍﺭﺩ‪ .‬ﻋﻨﺪ ﺍﺳﺘﺨﺪﺍﻡ ‪ ، LDAP‬ﻳﻤﻜﻦ ﺗﺨﺰﻳﻦ ﻣﻌﻠﻮﻣﺎﺕ ﻣﻮﺍﺭﺩ ﺍﻟﺸﺒﻜﺔ ﻟﻤﺆﺳﺴﺔ ﻣﺎ ﻭﺇﺩﺍﺭﺗﻬﺎ ﻓﻲ ﻣﻮﻗﻊ‬
    ‫ﻣﺮﻛﺰﻱ‪.‬‬

    ‫ﻓﻲﺑﻴﺉﺔ ‪ Linux‬ﺍﻟﺘﻲ ﺗﺘﻄﻠﺐ ﺍﻟﻤﺮﻭﻧﺔ ﻭﺍﻟﺘﺨﺼﻴﺺ ‪ ،‬ﻳﺘﻢ ﺍﺳﺘﺨﺪﺍﻡ ﺣﻠﻮﻝ ‪ LDAP‬ﻣﻔﺘﻮﺣﺔ ﺍﻟﻤﺼﺪﺭ ﻣﺜﻞ‬
    ‫‪ OpenLDAP‬ﺑﺸﻜﻞ ﻣﺘﻜﺮﺭ‪ .‬ﻭﻣﻊ ﺫﻟﻚ ‪ ،‬ﻫﻨﺎﻙ ﺑﻌﺾ ﺍﻟﻌﻴﻮﺏ ﻓﻲ ﺍﺳﺘﺨﺪﺍﻡ ﺣﻠﻮﻝ ﻣﻔﺘﻮﺣﺔ ﺍﻟﻤﺼﺪﺭ ﻓﻲ ﺑﻴﺉﺔ‬
    ‫‪ ، Linux‬ﺑﻤﺎ ﻓﻲ ﺫﻟﻚ ﺍﻟﺤﺎﺟﺔ ﺇﻟﻰ ﻣﻮﻇﻔﻴﻦ ﻣﻬﺮﺓ ﻋﻠﻰ ﻭﺟﻪ ﺍﻟﺘﺤﺪﻳﺪ ؛ ﺗﺒﺎﻃﺆ ﺍﻟﻤﺼﺎﺩﻗﺔ ﻋﻨﺪ ﺍﺳﺘﺨﺪﺍﻡ‬
    ‫ﻣﺴﺘﻮﺩﻋﺎﺕ‪ LDAP‬ﺍﻟﻜﺒﻴﺮﺓ ؛ ﻭﻋﺪﻡ ﺗﻮﺍﻓﻖ ﺍﻟﻨﻈﺎﻡ ﺍﻟﻤﺤﺘﻤﻞ ﻣﻊ ﺑﻌﺾ ﺍﻷﺟﻬﺰﺓ ﻭﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﻮﻳﺐ‪.‬‬

    ‫ﻣﺨﺰﻥﺍﻟﺒﻴﺎﻧﺎﺕ‬
    ‫ﺗﺴُﺘﺨﺪﻡﺛﻼﺛﺔ ﺃﺷﻜﺎﻝ ﺃﺳﺎﺳﻴﺔ ﻟﺘﺨﺰﻳﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺑﺸﻜﻞ ﺷﺎﺉﻊ ‪ ،‬ﻭﻗﻮﺍﻋﺪ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﻭﻣﺨﺎﺯﻥ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﻭﺑﺤﻴﺮﺍﺕ‬
    ‫ﺍﻟﺒﻴﺎﻧﺎﺕ‪.‬ﻗﻮﺍﻋﺪ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻫﻲ ﺍﻷﻛﺜﺮ ﺷﻴﻮﻋﺎً ﻭﺳﻴﺘﻢ ﻣﻨﺎﻗﺸﺘﻬﺎ ﺑﺎﻟﺘﻔﺼﻴﻞ ﺃﺩﻧﺎﻩ‪ .‬ﻳﻤﻜﻦ ﻭﺻﻒ ﺍﻟﻔﺮﻕ ﺑﻴﻦ ﺃﻧﻮﺍﻉ‬
    ‫ﺍﻟﺘﺨﺰﻳﻦﺍﻟﺜﻼﺛﺔ ﺣﺴﺐ ﺍﻟﻤﺼﺪﺭ ﻭﻧﻮﻉ ﺍﻟﺒﻴﺎﻧﺎﺕ‪:‬‬

    ‫ﻗﺎﻋﺪﺓﺍﻟﺒﻴﺎﻧﺎﺕ‪-‬ﻣﺴﺘﻮﺩﻉ ﻣﺼﺪﺭ ﻭﺍﺣﺪ ؛ ﻳﻤﻜﻦ ﺃﻥ ﺗﻜﻮﻥ ﺑﻴﺎﻧﺎﺕ ﻣﻨﻈﻤﺔ ﺃﻭ ﻏﻴﺮ ﻣﻨﻈﻤﺔ‪.‬‬ ‫‪-‬‬
    ‫ﻣﺴﺘﻮﺩﻉﺍﻟﺒﻴﺎﻧﺎﺕ‪-‬ﻣﺼﺎﺩﺭ ﻣﺘﻌﺪﺩﺓ ﻟﻠﺒﻴﺎﻧﺎﺕ ﺍﻟﻤﺨﺰﻧﺔ ﻓﻲ ﻣﺴﺘﻮﺩﻉ ﻭﺍﺣﺪ‪ .‬ﻋﺎﺩﺓ ًﻣﺎ ﺗﻜﻮﻥ‬ ‫‪-‬‬
    ‫ﺍﻟﺒﻴﺎﻧﺎﺕﺍﻟﻤﻨﻈﻤﺔ ﺍﻟﺘﻲ ﻳﻤﻜﻦ ﺍﺳﺘﺮﺟﺎﻋﻬﺎ ﺑﺴﻬﻮﻟﺔ ﻟﻐﺮﺽ ﻣﺤﺪﺩ‪.‬‬
    ‫ﺑﺤﻴﺮﺓﺍﻟﺒﻴﺎﻧﺎﺕ‪-‬ﻣﺼﺎﺩﺭ ﻣﺘﻌﺪﺩﺓ ﻟﻠﺒﻴﺎﻧﺎﺕ ﺍﻟﻤﺨﺰﻧﺔ ﻓﻲ ﻣﺴﺘﻮﺩﻉ ﻭﺍﺣﺪ‪ .‬ﺍﻟﺒﻴﺎﻧﺎﺕ ﻏﻴﺮ ﻣﻨﻈﻤﺔ ﻭﻻ‬ ‫‪-‬‬
    ‫ﻳﻤﻜﻦﺍﺳﺘﺮﺟﺎﻋﻬﺎ ﺑﺴﻬﻮﻟﺔ‪.‬‬

    ‫ﻗﻮﺍﻋﺪﺑﻴﺎﻧﺎﺕ‬

    ‫ﻗﺎﻋﺪﺓﺍﻟﺒﻴﺎﻧﺎﺕ ﻫﻲ ﺗﻨﻈﻴﻢ ﻟﻠﺒﻴﺎﻧﺎﺕ ﺑﻄﺮﻳﻘﺔ ﺗﺘﻴﺢ ﺳﻬﻮﻟﺔ ﺍﻻﺳﺘﺮﺟﺎﻉ ﻭﺍﻟﺘﺤﺪﻳﺚ‪ .‬ﻫﻨﺎﻙ ﻧﻮﻋﺎﻥ ﺭﺉﻴﺴﻴﺎﻥ ﻣﻦ‬
    ‫ﻗﻮﺍﻋﺪﺍﻟﺒﻴﺎﻧﺎﺕ‪ :‬ﻗﻮﺍﻋﺪ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻌﻼﺉﻘﻴﺔ ﻭﻏﻴﺮ ﺍﻟﻌﻼﺉﻘﻴﺔ‪.‬‬

    ‫ﻗﻮﺍﻋﺪﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻌﻼﺉﻘﻴﺔ ﻟﻬﺎ ﻫﺬﻩ ﺍﻟﺨﺼﺎﺉﺺ‪:‬‬

    ‫ﻣﺠﻤﻮﻋﺎﺕﺑﻴﺎﻧﺎﺕ ﻣﺘﻌﺪﺩﺓ ﻣﺮﺗﺒﺔ ﻓﻲ ﻣﺨﻄﻂ ﻣﻦ ﺍﻟﺼﻔﻮﻑ ﻭﺍﻷﻋﻤﺪﺓ ﻗﺎﺉﻢ ﻋﻠﻰ‬ ‫‪-‬‬


    ‫ﺍﻟﺠﺪﻭﻝ‪.‬ﻋﻼﻗﺎﺕ ﻣﺤﺪﺩﺓ ﺑﻮﺿﻮﺡ ﺑﻴﻦ ﺍﻟﺠﺪﺍﻭﻝ‪.‬‬ ‫‪-‬‬
    ‫ﻣﻔﻴﺪﻹﺩﺍﺭﺓ ﺍﻟﻤﺨﺎﺯﻥ ﺍﻟﻜﺒﻴﺮﺓ ﻟﻠﻤﻌﺎﻣﻼﺕ ﻭﺍﻟﺒﻴﺎﻧﺎﺕ ﺫﺍﺕ ﺍﻟﺼﻠﺔ‪.‬‬ ‫‪-‬‬
    ‫ﺗﺴﻤﺢﻧﻤﺎﺫﺝ ﺃﻣﺎﻥ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻟﻠﻤﺴﺘﺨﺪﻣﻴﻦ ﺑﺮﺅﻳﺔ ﻣﺎ ﻳﺤﻖ ﻟﻬﻢ ﺭﺅﻳﺘﻪ ﻓﻘﻂ‪.‬‬ ‫‪-‬‬
    ‫ﻳﻤﻜﻦﺍﻻﺳﺘﻌﻼﻡ ﻋﻨﻬﺎ )ﺗﺤﻠﻴﻠﻬﺎ( ﺑﺎﺳﺘﺨﺪﺍﻡ ﻟﻐﺔ ﺍﺳﺘﻌﻼﻡ ﻫﻴﻜﻠﻴﺔ ﺑﺴﻴﻄﺔ )‪ (SQL‬ﻭﺑﺘﻨﺴﻴﻖ ﺟﺪﻭﻟﻲ ‪ ،‬ﻋﺎﺩﺓ ً‬ ‫‪-‬‬
    ‫ﺑﺎﺳﺘﺨﺪﺍﻡﺑﺮﻧﺎﻣﺞ ﻗﺎﻋﺪﺓ ﺑﻴﺎﻧﺎﺕ ﻣﻤﻠﻮﻙ‪.‬‬

    ‫ﺗﺘﻤﻴﺰﻗﻮﺍﻋﺪ ﺑﻴﺎﻧﺎﺕ (‪ SQL )NoSQL‬ﻏﻴﺮ ﺍﻟﻌﻼﺉﻘﻴﺔ ﺃﻭ ﻏﻴﺮ ﺍﻟﻌﻼﺉﻘﻴﺔ ﺑﺎﻟﺨﺼﺎﺉﺺ ﺍﻟﺘﺎﻟﻴﺔ‪:‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪15‬‬ ‫‪www.theiia.org‬‬


    ‫ﻣﺠﻤﻮﻋﺎﺕﺍﻟﺒﻴﺎﻧﺎﺕ ﻣﺮﺗﺒﺔ ﻓﻲ ﻣﺠﻤﻮﻋﺎﺕ ﻭﺑﺘﻨﺴﻴﻖ ﻏﻴﺮ ﺧﻄﻲ‪ .‬ﻳﺴﺘﻮﻋﺐ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻏﻴﺮ‬ ‫‪-‬‬
    ‫ﺍﻟﻤﻬﻴﻜﻠﺔﻓﻲ ﺑﻴﺉﺔ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻀﺨﻤﺔ ﺍﻟﺤﺪﻳﺜﺔ‪ .‬ﺗﺼﻤﻴﻢ ﺑﺴﻴﻂ ﻷﻧﻮﺍﻉ ﻣﺨﺘﻠﻔﺔ ﻣﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ )‬ ‫‪-‬‬
    ‫ﻣﺜﻞﺍﻟﺴﻼﺳﻞ ﺍﻟﺰﻣﻨﻴﺔ ﻭﺟﻬﺎﺕ ﺍﻻﺗﺼﺎﻝ ﻭﺍﻟﻮﺳﺎﺉﻂ(‪.‬‬ ‫‪-‬‬

    ‫ﺃﻧﻈﻤﺔﺇﺩﺍﺭﺓ ﻗﻮﺍﻋﺪ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻌﻼﺉﻘﻴﺔ )‪ (RDBMS‬ﻫﻲ ﺃﻧﻈﻤﺔ ﺃﺳﺎﺳﻴﺔ ﺗﺴﻤﺢ ﻟﻠﻤﺴﺘﺨﺪﻣﻴﻦ ﺑﺘﺤﺪﻳﺚ ﺑﻴﺎﻧﺎﺕ ﺍﻟﺠﺪﻭﻝ‬
    ‫ﻭﺇﻧﺸﺎﺉﻬﺎﻭﺇﻟﺤﺎﻗﻬﺎ ﻭﺣﺬﻓﻬﺎ ﺩﺍﺧﻞ ﻗﺎﻋﺪﺓ ﺑﻴﺎﻧﺎﺕ ﻋﻼﺉﻘﻴﺔ‪ .‬ﻋﺎﺩﺓ ًﻣﺎ ﺗﻜﻮﻥ ﻣﻨﺼﺎﺕ ‪ RDBMS‬ﻣﻤﻠﻮﻛﺔ ﻭﺗﺘﻄﻠﺐ‬
    ‫ﺍﺳﺘﺨﺪﺍﻣﺎًﻣﺮﺧﺼﺎً ﻟﻠﻨﻈﺎﻡ ﺍﻷﺳﺎﺳﻲ‪ .‬ﺗﺘﻀﻤﻦ ﻣﻨﺼﺎﺕ ‪ RDBMS‬ﺍﻟﻨﻤﻮﺫﺟﻴﺔ ‪ Microsoft SQL Server‬ﻭ ‪ IBM DB2‬ﻭ‬
    ‫‪ Oracle Database‬ﻭ ‪ MySQL‬ﻭ ‪.Microsoft Access‬‬

    ‫‪.‬ﻟﻠﺘﻔﺎﻋﻞﻣﻊ ﺑﻴﺎﻧﺎﺕ )ﺍﻻﺳﺘﻌﻼﻡ( ﻓﻲ ﺍﻟﺠﺪﺍﻭﻝ‪ .‬ﻳﻈﻬﺮ ﻣﺜﺎﻝ ﻓﻲ ﺍﻟﺸﻜﻞ ‪ RDBMS 3‬ﻫﻲ ﻟﻐﺔ ﻗﺎﻋﺪﺓ ﺑﻴﺎﻧﺎﺕ‬
    ‫ﺗﺴﺘﺨﺪﻣﻬﺎﺃﻧﻈﻤﺔ ‪SQL‬‬

    ‫ﺍﻟﺸﻜﻞ‪ :3‬ﻣﺜﺎﻝ ﻋﻠﻰ ﺍﺳﺘﻌﻼﻡ ‪SQL‬‬

    ‫ﺣﺪﺩ* ﻣﻦ ﺍﻷﻋﻀﺎء ﺣﻴﺚ ﺍﻟﻌﻤﺮ< ‪30‬‬

    ‫ﻓﻲﻫﺬﺍ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﻳﺘﻢ ﺗﺤﺪﻳﺪ ﺟﻤﻴﻊ ﺍﻹﺩﺧﺎﻻﺕ ﻣﻦ ﺟﺪﻭﻝ ﻳﺴﻤﻰ "ﺍﻷﻋﻀﺎء" ﺣﻴﺚ ﻳﻜﻮﻥ ﻋﻤﺮﻫﻢ ‪ ،‬ﺍﻟﺬﻱ ﻳﺸُﺎﺭ ﺇﻟﻴﻪ‬
    ‫ﺑﻮﺍﺳﻄﺔﺇﺩﺧﺎﻻﺕ ﻓﻲ ﻋﻤﻮﺩ "ﺍﻟﻌﻤﺮ" ‪ ،‬ﺃﻛﺒﺮ ﻣﻦ ‪.30‬‬

    ‫ﻗﺎﻋﺪﺓﺑﻴﺎﻧﺎﺕ ‪ NoSQL‬ﻫﻲ ﻓﺉﺔ ﻣﻦ ﺃﻧﻈﻤﺔ ﺇﺩﺍﺭﺓ ﻗﻮﺍﻋﺪ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻏﻴﺮ ﺍﻟﻌﻼﺉﻘﻴﺔ‪ .‬ﻻ ﺗﺘﻮﺍﻓﻖ ﻗﻮﺍﻋﺪ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻫﺬﻩ‬
    ‫ﻣﻊﺍﻟﻨﻤﻮﺫﺝ "ﺍﻟﻌﻼﺉﻘﻲ" ﻟﻘﺎﻋﺪﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﺣﻴﺚ ﺗﻮﺟﺪ ﺯﻳﺎﺩﺓ ﻛﺒﻴﺮﺓ ﻓﻲ ﻋﺐء ﻋﻤﻞ ﻗﺎﻋﺪﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﺣﻴﺚ ﻳﻜﻮﻥ‬
    ‫ﺍﻟﻨﻬﺞﺍﻟﻨﻤﻮﺫﺟﻲ ﻫﻮ ﺗﺮﻗﻴﺔ ﺍﻷﺟﻬﺰﺓ ﻟﺘﻠﺒﻴﺔ ﺗﻮﻗﻌﺎﺕ ﺍﻷﺩﺍء‪ .‬ﻫﻨﺎﻙ ﺗﺄﺛﻴﺮ ﺯﻣﻨﻲ ﻭﺗﻜﻠﻔﺔ ﻟﻬﺬﺍ ﺍﻟﻨﻬﺞ ‪ ،‬ﻭﺍﻟﺬﻱ ﻳﺸﺎﺭ ﺇﻟﻴﻪ‬
    ‫ﺑﺎﺳﻢ"ﺍﻟﺘﻮﺳﻊ"‪ .‬ﻳﺸﻴﺮ "ﺍﻟﺘﻮﺳﻊ" ﺇﻟﻰ ﺗﻮﺯﻳﻊ ﺃﺣﻤﺎﻝ ﻋﻤﻞ ﻗﺎﻋﺪﺓ ﺑﻴﺎﻧﺎﺕ ﻛﺒﻴﺮﺓ ﻋﻠﻰ ﻣﻀﻴﻔﻴﻦ ﻣﺘﻌﺪﺩﻳﻦ ﻣﻊ ﺯﻳﺎﺩﺓ‬
    ‫ﺃﻋﺒﺎءﺍﻟﻌﻤﻞ‪ .‬ﺗﺤﻈﻰ ﻗﻮﺍﻋﺪ ﺑﻴﺎﻧﺎﺕ ‪ NoSQL‬ﺑﺸﻌﺒﻴﺔ ﻟﺪﻯ ﺍﻟﻜﻴﺎﻧﺎﺕ ﺍﻟﺘﻲ ﺗﺘﻌﺎﻣﻞ ﻣﻊ ﻋﻨﺎﺻﺮ ﺑﻴﺎﻧﺎﺕ ﻫﺎﺉﻠﺔ‬
    ‫ﻭﻣﺘﻨﻮﻋﺔﻭﺗﺮﻏﺐ ﻓﻲ "ﺍﻟﺘﻮﺳﻊ" ﺑﻄﺮﻳﻘﺔ ﺃﻛﺜﺮ ﻛﻔﺎءﺓ‪.‬‬

    ‫ﻳﺘﻢﺗﻮﻓﻴﺮ ﻣﻘﺎﺭﻧﺔ ﺑﻴﻦ ﻗﻮﺍﻋﺪ ﺑﻴﺎﻧﺎﺕ ‪ SQL‬ﻭ ‪ NoSQL‬ﻓﻲ ﺍﻟﻤﻠﺤﻖ ﺯ‪.‬‬

    ‫ﺍﻟﻤﺮﺍﺳﻠﺔ‬
    ‫ﺗﺸﻴﺮﺍﻟﺮﺳﺎﺉﻞ ﻓﻲ ﺳﻴﺎﻕ ﻫﺬﺍ ﺍﻟﺪﻟﻴﻞ ﺇﻟﻰ ﺇﻧﺸﺎء ﻣﻌﻠﻮﻣﺎﺕ ﺍﻟﻤﺆﺳﺴﺔ ﻭﻣﺸﺎﺭﻛﺘﻬﺎ ﻭﺍﺳﺘﺨﺪﺍﻣﻬﺎ ﻭﺇﺩﺍﺭﺗﻬﺎ ﻋﺒﺮ‬
    ‫ﺷﺒﻜﺔﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪ .‬ﺗﺴﺘﺨﺪﻡ ﺍﻟﻤﺆﺳﺴﺎﺕ ﺍﻟﺤﺪﻳﺜﺔ ﻣﺠﻤﻮﻋﺔ ﻣﺘﻨﻮﻋﺔ ﻣﻦ ﺃﺩﻭﺍﺕ ﺍﻟﻤﺮﺍﺳﻠﺔ ﺍﻟﻤﺪﻋﻮﻣﺔ‬
    ‫ﺩﺍﺧﻠﻴﺎًﻭﺧﺎﺭﺟﻴﺎً ﻟﻠﺘﻮﺍﺻﻞ ﺩﺍﺧﻠﻴﺎً ﻣﻊ ﺷﺮﻛﺎء ﺍﻷﻋﻤﺎﻝ ﻭﺍﻟﻌﻤﻼء‪.‬‬

    ‫ﻳﻌﺪﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﺃﺣﺪ ﺃﻛﺜﺮ ﺃﺷﻜﺎﻝ ﺭﺳﺎﺉﻞ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﺷﻴﻮﻋﺎً ‪ ،‬ﻭﺍﻟﺬﻱ ﻳﺘﻜﻮﻥ ﻓﻲ ﺟﻮﻫﺮﻩ ﻣﻦ ﺭﺳﺎﻟﺔ ﻣﺮﺳﻠﺔ‬
    ‫ﻣﻦﺟﻬﺎﺯ ﻛﻤﺒﻴﻮﺗﺮ ﻭﻳﺘﻠﻘﺎﻫﺎ ﺟﻬﺎﺯ ﺁﺧﺮ ﻋﺒﺮ ﺍﻟﺸﺒﻜﺔ‪ .‬ﺗﻄﻮﺭ ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﻭﻣﻔﻬﻮﻡ ﺍﻟﻤﺮﺍﺳﻠﺔ ﺑﺸﻜﻞ ﻋﺎﻡ ﺑﻤﺮﻭﺭ‬
    ‫ﺍﻟﻮﻗﺖﻟﻴﺸﻤﻞ ﻋﻨﺎﺻﺮ ﻣﺜﻞ ﺍﻟﻨﺼﻮﺹ ﻭﺍﻟﺼﻮﺭ ﻭﺍﻟﻤﺮﻓﻘﺎﺕ ‪ ،‬ﻭﺗﻔﺘﺢ ﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺍﻟﻤﺆﺳﺴﺎﺕ ﺷﺒﻜﺎﺗﻬﺎ ﻷﺩﻭﺍﺕ‬
    ‫ﺍﻟﻤﺮﺍﺳﻠﺔﺍﻟﻌﺎﻣﺔ ‪ ،‬ﻣﺜﻞ ‪ Skype‬ﺃﻭ ‪.Zoom‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪16‬‬ ‫‪www.theiia.org‬‬


    ‫ﺑﺮﻭﺗﻮﻛﻮﻻﺕﺍﻟﻤﺮﺍﺳﻠﺔ‬
    ‫ﺗﻢﺗﻄﻮﻳﺮ ﻋﺪﺩ ﻣﻦ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ )ﻗﻮﺍﻋﺪ ﻧﻘﻞ ﺍﻟﺮﺳﺎﺉﻞ( ﻹﺩﺍﺭﺓ ﻭﺗﺤﻜﻢ ﻧﻘﻞ ﺍﻟﺮﺳﺎﺉﻞ ﺑﻴﻦ ﺃﺟﻬﺰﺓ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ‬
    ‫ﺍﻟﻤﻮﺟﻮﺩﺓﻋﻠﻰ ﺍﻟﺸﺒﻜﺔ‪ .‬ﻫﻨﺎﻙ ﻋﺪﺩ ﻣﻦ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﻤﺘﻌﻠﻘﺔ ﺑﺎﻟﺮﺳﺎﺉﻞ ﺍﻟﺘﻲ ﺗﺤﻜﻢ ﻛﻴﻔﻴﺔ ﺇﺭﺳﺎﻝ ﺍﻟﺮﺳﺎﺉﻞ‬
    ‫ﻭﺍﺳﺘﻼﻣﻬﺎﻭﻭﺿﻌﻬﺎ ﻓﻲ ﻗﺎﺉﻤﺔ ﺍﻻﻧﺘﻈﺎﺭ‪ .‬ﻃﺮﻳﻘﺔ ﺳﻬﻠﺔ ﻟﻠﺘﻔﻜﻴﺮ ﻓﻲ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻝ ﻫﻲ ﺍﻋﺘﺒﺎﺭﻩ ﻣﺸﺎﺑﻬﺎً ﻟﻠﻐﺔ‪ .‬ﻟﻜﻲ‬
    ‫ﻳﺘﻮﺍﺻﻞﺟﻬﺎﺯﺍﻥ ‪ ،‬ﻳﺠﺐ ﺃﻥ ﻳﻀﻌﻮﺍ ﻗﻮﺍﻋﺪ ﺍﻟﻠﻐﺔ ﺍﻟﺘﻲ ﺳﻴﺘﺒﻌﻮﻧﻬﺎ‪.‬‬

    ‫ﻛﻤﺎﻫﻮ ﻣﺬﻛﻮﺭ ﻓﻲ ﺟﺰء ﺃﺟﻬﺰﺓ ﺍﻟﺘﻮﺟﻴﻪ ﻭﺍﻟﻤﺤﻮﻻﺕ ﻣﻦ ﻗﺴﻢ ﻣﻜﻮﻧﺎﺕ ﻭﻣﻔﺎﻫﻴﻢ ﺍﻟﺸﺒﻜﺔ ‪ ،‬ﻳﺤﺪﺩ ‪ TCP / IP‬ﺍﻟﻘﻮﺍﻋﺪ‬
    ‫ﺍﻟﺨﺎﺻﺔﺑﻜﻴﻔﻴﺔ ﺇﺭﺳﺎﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﺍﺳﺘﻼﻣﻬﺎ ﻋﺒﺮ ﺍﻟﺸﺒﻜﺔ‪ TCP / IP .‬ﻫﻮ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻝ ﺍﻷﺳﺎﺳﻲ ﺍﻟﺬﻱ ﻳﺪﻋﻢ ﺍﻻﺗﺼﺎﻝ‬
    ‫ﻋﺒﺮﺍﻹﻧﺘﺮﻧﺖ ‪ ،‬ﻭﺗﺴﺘﻔﻴﺪ ﺟﻤﻴﻊ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻷﺧﺮﻯ ﻣﻦ ‪.TCP / IP‬‬

    ‫ﻳﺘﺤﻜﻢﺑﺮﻭﺗﻮﻛﻮﻝ ﻧﻘﻞ ﺍﻟﺒﺮﻳﺪ ﺍﻟﺒﺴﻴﻂ )‪ (SMTP‬ﻓﻲ ﻛﻴﻔﻴﺔ ﺇﺭﺳﺎﻝ ﺭﺳﺎﺉﻞ ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﻭﺍﺳﺘﻼﻣﻬﺎ‪ .‬ﻳﺠﺐ‬
    ‫ﻭﺿﻊﺍﻟﺮﺳﺎﺉﻞ ﻓﻲ ﻗﺎﺉﻤﺔ ﺍﻻﻧﺘﻈﺎﺭ ﻷﻥ ﺍﻟﻤﺴﺘﺨﺪﻣﻴﻦ ﻟﻴﺴﻮﺍ ﺑﺎﻟﻀﺮﻭﺭﺓ ﻣﺘﺎﺣﻴﻦ ﻋﻠﻰ ﺍﻟﻔﻮﺭ ﻻﺳﺘﻬﻼﻛﻬﺎ‪.‬‬

    ‫ﻳﺘﻢﺍﺳﺘﻬﻼﻙ ﺍﻟﺮﺳﺎﺉﻞ ﺑﺎﺳﺘﺨﺪﺍﻡ ﺃﺣﺪ ﺑﺮﻭﺗﻮﻛﻮﻟﻲ ﻗﻮﺍﺉﻢ ﺍﻻﻧﺘﻈﺎﺭ‪ :‬ﺑﺮﻭﺗﻮﻛﻮﻝ (‪ Post Office Protocol )POP‬ﻭﺑﺮﻭﺗﻮﻛﻮﻝ‬
    ‫ﺍﻟﻮﺻﻮﻝﺇﻟﻰ ﺍﻟﺮﺳﺎﺉﻞ ﻋﺒﺮ ﺍﻹﻧﺘﺮﻧﺖ )‪:(IMAP‬‬

    ‫ﻳﺘﻢﺍﺳﺘﻼﻡ ﺭﺳﺎﺉﻞ ‪ POP‬ﻭﺗﺨﺰﻳﻨﻬﺎ ﻋﻠﻰ ﺧﺎﺩﻡ ﺑﺮﻳﺪ ﺇﻟﻜﺘﺮﻭﻧﻲ‪ .‬ﻋﻨﺪ ﺍﺳﺘﻬﻼﻙ ﻫﺬﻩ ﺍﻟﺮﺳﺎﺉﻞ ‪ ،‬ﻳﺘﻢ ﺗﻨﺰﻳﻠﻬﺎ‬ ‫‪-‬‬
    ‫ﻋﻠﻰﺟﻬﺎﺯ ﺍﻟﻤﺴﺘﻬﻠﻚ‪ .‬ﻻ ﻳﺘﻢ ﺍﻻﺣﺘﻔﺎﻅ ﺑﺎﻟﺮﺳﺎﺉﻞ ﻋﻠﻰ ﺍﻟﺨﺎﺩﻡ ﺑﻤﺠﺮﺩ ﺍﺳﺘﻬﻼﻛﻬﺎ‪.‬‬

    ‫ﻳﺘﻢﺍﺳﺘﻼﻡ ﺭﺳﺎﺉﻞ ‪ IMAP‬ﻭﺍﻻﺣﺘﻔﺎﻅ ﺑﻬﺎ ﻋﻠﻰ ﺧﺎﺩﻡ ﺑﺮﻳﺪ ﺇﻟﻜﺘﺮﻭﻧﻲ‪ .‬ﻋﻨﺪ ﺍﺳﺘﻬﻼﻙ ﻫﺬﻩ ﺍﻟﺮﺳﺎﺉﻞ ‪،‬‬ ‫‪-‬‬
    ‫ﻳﻤﻜﻦﺗﻨﻈﻴﻤﻬﺎ ﻓﻲ ﻣﺠﻠﺪﺍﺕ ﻣﺨﺘﻠﻔﺔ ﺑﺪﻻ ًﻣﻦ ﺗﻨﺰﻳﻠﻬﺎ ﻋﻠﻰ ﺟﻬﺎﺯ ﺍﻟﻤﺴﺘﻬﻠﻚ‪ .‬ﻳﺘﻢ ﺍﻻﺣﺘﻔﺎﻅ ﺑﺎﻟﺮﺳﺎﺉﻞ‬
    ‫ﻋﻠﻰﺍﻟﺨﺎﺩﻡ ﺑﻤﺠﺮﺩ ﺍﺳﺘﻬﻼﻛﻬﺎ ‪ ،‬ﻭﺑﺎﻟﺘﺎﻟﻲ ﻳﻤﻜﻦ ﺍﻋﺘﺒﺎﺭ ‪ IMAP‬ﻛﺨﺎﺩﻡ ﻣﻠﻔﺎﺕ ﻟﻠﺮﺳﺎﺉﻞ‪.‬‬

    ‫ﻣﺠﺎﻻﺕﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﻭﺍﻟﻤﺸﺎﺭﻛﻴﻦ‬


    ‫ﺍﻟﺸﻜﻞ‪ :4‬ﻋﻤﻠﻴﺔ ﺗﺴﻠﻴﻢ ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﺍﻟﻨﻤﻮﺫﺟﻴﺔ‬
    ‫ﺗﻤﺘﻠﻚﺟﻤﻴﻊ ﺍﻟﻤﺆﺳﺴﺎﺕ ﺗﻘﺮﻳﺒﺎً ﻣﺠﺎﻝ ﺑﺮﻳﺪ‬
    ‫ﺇﻟﻜﺘﺮﻭﻧﻲﻓﺮﻳﺪﺍً )ﺍﻟﻤﺤﺘﻮﻯ ﺍﻟﺬﻱ ﻳﺄﺗﻲ ﺑﻌﺪ ﺍﻟﺮﻣﺰ @‬
    ‫ﺇﻧﺘﺮﻧﺖ‬
    ‫ﻓﻲﻋﻨﻮﺍﻥ ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ( ‪ ،‬ﻭﺍﻟﺬﻱ ﻳﻌﺘﺒﺮ‬
    ‫‪SMTP‬‬ ‫‪SMTP‬‬ ‫ﻣﺠﺎﻻًﻣﺤﻠﻴﺎً‪ .‬ﺗﺘﻢ ﺇﺩﺍﺭﺓ ﻫﺬﺍ ﺍﻟﻤﺠﺎﻝ ﺍﻟﻤﺤﻠﻲ ﻣﻦ‬
    ‫ﺧﻼﻝﺧﺎﺩﻡ ﺑﺮﻳﺪ ‪ ،‬ﻳﻌُﺮﻑ ﺃﻳﻀﺎً ﺑﺎﺳﻢ ﻭﻛﻴﻞ ﻧﻘﻞ‬
    ‫ﺗﺤﻮﻳﻞﺍﻟﺒﺮﻳﺪ‬ ‫ﺗﺤﻮﻳﻞﺍﻟﺒﺮﻳﺪ‬ ‫ﺍﻟﺒﺮﻳﺪ)ﺃﻭ ﺍﻟﺮﺳﺎﺉﻞ( )‪ .(MTA‬ﻳﻤﻜﻦ ﺇﺩﺍﺭﺓ ﻫﺬﺍ‬
    ‫ﻭﻛﻴﻞ)‪(MTA‬‬ ‫ﻭﻛﻴﻞ)‪(MTA‬‬ ‫ﺍﻟﺨﺎﺩﻡﻣﻦ ﻗﺒﻞ ﺍﻟﻤﻨﻈﻤﺔ ﺃﻭ ﻣﻦ ﺧﻼﻝ ﻃﺮﻑ‬
    ‫ﺛﺎﻟﺚﺃﻭ ﺧﺪﻣﺔ ﺳﺤﺎﺑﻴﺔ )ﺍﻟﺸﻜﻞ ‪.(4‬‬

    ‫ﻣﺴﺘﺨﺪﻡﺍﻟﺒﺮﻳﺪ‬ ‫ﻣﺴﺘﺨﺪﻡﺍﻟﺒﺮﻳﺪ‬ ‫ﻳﺘﻢﺇﻧﺸﺎء ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﻭﺗﺴﻠﻴﻤﻪ ﺑﺎﺳﺘﺨﺪﺍﻡ‬


    ‫ﻭﻛﻴﻞ)‪(MUA‬‬ ‫ﻭﻛﻴﻞ)‪(MUA‬‬ ‫ﻋﻤﻴﻞﺑﺮﻳﺪ ﺇﻟﻜﺘﺮﻭﻧﻲ ‪ ،‬ﻭﻫﻮ ﺇﻣﺎ ﺗﻄﺒﻴﻖ ﻣﺴﺘﻨﺪ‬
    ‫ﺇﻟﻰﺍﻟﻮﻳﺐ ‪ ،‬ﻣﺜﻞ ‪ ، Gmail‬ﺃﻭ ﺑﺎﺳﺘﺨﺪﺍﻡ ﺗﻄﺒﻴﻖ‬
    ‫ﺍﻟﻤﺼﺪﺭ‪:‬ﻣﻌﻬﺪ ﺍﻟﻤﺮﺍﺟﻌﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬
    ‫ﻣﺨﺼﺺﻋﻠﻰ ﺍﻟﻤﺴﺘﺨﺪﻡ‬

    ‫‪17‬‬ ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ‪،‬ﻣﺜﻞ ‪ .Microsoft Outlook‬ﻳﻄُﻠﻖ ﻋﻠﻰ ﻋﻤﻴﻞ ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﺃﻳﻀﺎً ﺍﺳﻢ ﻭﻛﻴﻞ ﻣﺴﺘﺨﺪﻡ ﺍﻟﺒﺮﻳﺪ )‪.(MUA‬‬

    ‫ﻋﻨﺪﻣﺎﻳﺮﺳﻞ ﻣﺴﺘﺨﺪﻡ ﺑﺮﻳﺪﺍً ﺇﻟﻜﺘﺮﻭﻧﻴﺎً ‪ ،‬ﻓﺈﻧﻪ ﻳﻨﺘﻘﻞ ﺇﻟﻰ ‪ ، MTA‬ﺍﻟﺬﻱ ﻳﺠﻤﻊ ﻭﻳﻮﺯﻉ ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﺍﻟﺪﺍﺧﻠﻲ )‬
    ‫ﺍﻟﺮﺳﺎﺉﻞﺩﺍﺧﻞ ﻧﻔﺲ ﺍﻟﻤﺠﺎﻝ(‪ .‬ﻛﻤﺎ ﻳﻮﺯﻉ ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﺍﻟﺼﺎﺩﺭ ﻟﻠﻤﺴﺘﺨﺪﻣﻴﻦ ﺍﻟﺨﺎﺭﺟﻴﻴﻦ )ﺧﺎﺭﺝ ﺍﻟﻤﺠﺎﻝ(‪.‬‬

    ‫ﻳﺘﻢﺗﻌﻴﻴﻦ ﻋﻨﻮﺍﻥ ﺑﺮﻳﺪ ﺇﻟﻜﺘﺮﻭﻧﻲ ﻓﺮﻳﺪ ﻟﻜﻞ ﻣﺴﺘﺨﺪﻡ ﺑﺮﻳﺪ )‪ (MU‬ﺑﺘﻨﺴﻴﻖ‪ .user@domain.com‬ﻫﺬﺍ ﻳﺘﻮﺍﻓﻖ ﻣﻊ‬
    ‫"ﺻﻨﺪﻭﻕ ﺍﻟﺒﺮﻳﺪ" ﺍﻟﺬﻱ ﺳﺘﻘﻮﻡ ‪ MTA‬ﺑﺘﺴﻠﻴﻢ ﺟﻤﻴﻊ ﺍﻟﺮﺳﺎﺉﻞ ﺍﻟﻮﺍﺭﺩﺓ ﺇﻟﻴﻪ‪ .‬ﺳﺘﻘﻮﻡ ‪ MTA‬ﺃﻳﻀﺎً ﺑﺘﺴﻤﻴﺔ ﺟﻤﻴﻊ‬
    ‫ﺍﻟﺒﺮﻳﺪﺍﻟﺼﺎﺩﺭ ﻣﻦ ﺻﻨﺪﻭﻕ ﺍﻟﺒﺮﻳﺪ ﺑﻌﻨﻮﺍﻥ ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﺍﻟﻔﺮﻳﺪ ﻟﻠﻤﺴﺘﺨﺪﻡ‪.‬‬

    ‫ﻣﺮﺷﺤﺎﺕﺍﻟﺒﺮﻳﺪ ﺍﻟﻌﺸﻮﺍﺉﻲ‬

    ‫ﺗﺴﺘﺨﺪﻡ‪ MTAs‬ﻋﻮﺍﻣﻞ ﺗﺼﻔﻴﺔ ﺍﻟﺒﺮﻳﺪ ﺍﻟﻌﺸﻮﺍﺉﻲ ﺃﻭ ﺃﺟﻬﺰﺓ ﻣﺮﺍﻗﺒﺔ ﺍﻟﺒﺮﻳﺪ ﻟﻼﺗﺼﺎﻻﺕ ﻏﻴﺮ ﺍﻟﻤﺮﻏﻮﺏ ﻓﻴﻬﺎ‪ .‬ﺗﺤﺎﻭﻝ ﻣﺮﺷﺤﺎﺕ ﺍﻟﺒﺮﻳﺪ‬
    ‫ﺍﻟﻌﺸﻮﺍﺉﻲﺗﺤﺪﻳﺪ ﻭﺇﻋﺎﺩﺓ ﺗﻮﺟﻴﻪ ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﻏﻴﺮ ﺍﻟﻤﺮﻏﻮﺏ ﻓﻴﻪ ﺃﻭ ﻏﻴﺮ ﺍﻟﻤﺮﻏﻮﺏ ﻓﻴﻪ‪ .‬ﺗﺘﻄﻠﺐ ﻣﺮﺷﺤﺎﺕ ﺍﻟﺒﺮﻳﺪ ﺍﻟﻌﺸﻮﺍﺉﻲ‬
    ‫ﺻﻴﺎﻧﺔﺷﺒﻪ ﻣﺴﺘﻤﺮﺓ ﻧﻈﺮﺍً ﻟﻄﺒﻴﻌﺔ ﻃﺮﻳﻘﺔ ﺍﻟﺘﺼﻔﻴﺔ‪ .‬ﻓﻲ ﻛﺜﻴﺮ ﻣﻦ ﺍﻷﺣﻴﺎﻥ ‪ ،‬ﻳﺘﻢ ﺇﻋﺎﺩﺓ ﺗﻮﺟﻴﻪ ﺍﻹﻳﺠﺎﺑﻴﺎﺕ ﺍﻟﺨﺎﻃﺉﺔ ﺍﻟﺘﻲ ﺗﺴﻤﺢ ﻟﻠﺒﺮﻳﺪ‬
    ‫ﺍﻹﻟﻜﺘﺮﻭﻧﻲﻏﻴﺮ ﺍﻟﻤﺮﻏﻮﺏ ﻓﻴﻪ ﺑﺎﻟﻮﺻﻮﻝ ﺇﻟﻰ ﺻﻨﺪﻭﻕ ﺑﺮﻳﺪ ﺍﻟﻤﺴﺘﺨﺪﻡ ﻭﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﺍﻟﺸﺮﻋﻲ ﺃﺣﻴﺎﻧﺎً ﺇﻟﻰ ﻣﺠﻠﺪ ﺍﻟﺒﺮﻳﺪ ﺍﻟﻌﺸﻮﺍﺉﻲ‬
    ‫ﺃﻭﺍﻟﺒﺮﻳﺪ ﻏﻴﺮ ﺍﻟﻬﺎﻡ‪ .‬ﺗﺘﻤﺘﻊ ﻓﻼﺗﺮ ﺍﻟﺒﺮﻳﺪ ﺍﻟﻌﺸﻮﺍﺉﻲ ﺫﺍﺕ ﺍﻟﺴﻤﻌﺔ ﺍﻟﻄﻴﺒﺔ ﺑﻘﺪﺭﺍﺕ ﻣﺘﻄﻮﺭﺓ ﻟﻤﻜﺎﻓﺤﺔ ﺍﻟﻔﻴﺮﻭﺳﺎﺕ ﻟﻠﺤﺪ ﻣﻦ ﺗﻬﺪﻳﺪ‬
    ‫ﺍﻟﻔﻴﺮﻭﺳﺎﺕ‪.‬ﺗﻘﻮﻡ ﺃﺟﻬﺰﺓ ﻣﺮﺍﻗﺒﺔ ﺍﻟﺒﺮﻳﺪ ﺑﺈﺧﻄﺎﺭ ﺍﻟﻤﺴﺘﺨﺪﻡ ﺑﺎﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﺍﻟﺠﺪﻳﺪ ﻭﺍﻟﺴﻤﺎﺡ ﻟﻠﻤﺴﺘﺨﺪﻣﻴﻦ ﺑﺘﺤﺪﻳﺪ ﺍﻟﺮﺳﺎﺉﻞ‬
    ‫ﺍﻟﻤﺸﺮﻭﻋﺔﻭﺍﻟﻤﺮﻳﺒﺔ‪.‬‬

    ‫ﻣﺸﺎﺭﻛﺔﺍﻟﻤﻠﻔﺎﺕ‬

    ‫ﻗﺒﻞﺍﻹﻧﺘﺮﻧﺖ ﻭﺍﻷﺟﻬﺰﺓ ﺍﻟﻤﺘﺼﻠﺔ ﺑﺎﻟﺸﺒﻜﺔ ‪ ،‬ﻛﺎﻥ ﺍﻟﻤﺴﺘﺨﺪﻣﻮﻥ ﻳﺸﺎﺭﻛﻮﻥ ﺍﻟﻤﻠﻔﺎﺕ ﺑﺎﺳﺘﺨﺪﺍﻡ ﺍﻷﻗﺮﺍﺹ ﺍﻟﻤﺮﻧﺔ‪ .‬ﻣﻊ‬
    ‫ﻇﻬﻮﺭﺑﺮﻭﺗﻮﻛﻮﻻﺕ ﻣﺜﻞ ﺑﺮﻭﺗﻮﻛﻮﻝ ﻧﻘﻞ ﺍﻟﻤﻠﻔﺎﺕ )‪ (FTP‬ﻭﺑﺮﻭﺗﻮﻛﻮﻝ ﻧﻘﻞ ﺍﻟﻤﻠﻔﺎﺕ ﺍﻵﻣﻦ )‪) (SFTP‬ﺍﻟﻤﺬﻛﻮﺭ ﻓﻲ ﺟﺰء‬
    ‫ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕﻓﻲ ﻗﺴﻢ ﺷﺒﻜﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ( ‪ ،‬ﺃﺻﺒﺤﺖ ﻣﺸﺎﺭﻛﺔ ﺍﻟﻤﻠﻔﺎﺕ ﺃﺳﻬﻞ ‪ ،‬ﻭﻟﻜﻦ ﻟﻴﺲ ﺑﺎﻟﻀﺮﻭﺭﺓ ﺃﻥ‬
    ‫ﺗﻜﻮﻥﺳﻬﻠﺔ ﺍﻻﺳﺘﺨﺪﺍﻡ‪ .‬ﺗﺘﻴﺢ ﻣﺸﺎﺭﻛﺔ ﺍﻟﻤﻠﻔﺎﺕ ﻟﻠﻤﺴﺘﺨﺪﻣﻴﻦ ﻣﺸﺎﺭﻛﺔ ﺍﻟﻤﻠﻔﺎﺕ ﺑﺴﻬﻮﻟﺔ ﻣﺜﻞ ﺍﻟﻜﺘﺐ ﺃﻭ ﺍﻟﻤﻮﺳﻴﻘﻰ ﺃﻭ‬
    ‫ﺍﻟﺼﻮﺭﺃﻭ ﺃﻱ ﺷﻲء ﺑﺘﻨﺴﻴﻖ ﺇﻟﻜﺘﺮﻭﻧﻲ ‪ ،‬ﺳﻮﺍء ﺑﺸﻜﻞ ﻋﺎﻡ ﺃﻭ ﺧﺎﺹ ‪ ،‬ﻋﺒﺮ ﺍﻹﻧﺘﺮﻧﺖ )ﺍﻟﺸﻜﻞ ‪.(5‬‬

    ‫ﺍﻟﺸﻜﻞ‪ :5‬ﻣﺜﺎﻝ ﻧﻤﻮﺫﺟﻲ ﻟﻤﻨﺼﺔ ﻣﺸﺎﺭﻛﺔ ﺍﻟﻤﻠﻔﺎﺕ ﺍﻟﺘﺠﺎﺭﻳﺔ‬

    ‫ﺩﻋﻢ‬

    ‫‪PaaS‬‬
    ‫ﺳﺤﺎﺏ‬

    ‫ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‬ ‫ﺍﻟﺨﺎﺩﻡ‬

    ‫ﺍﻟﻤﺼﺪﺭ‪:‬ﻣﻌﻬﺪ ﺍﻟﻤﺮﺍﺟﻌﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪18‬‬ ‫‪www.theiia.org‬‬


    ‫ﻋﺎﺩﺓ ًﻣﺎ ﺗﺤﺘﻮﻱ ﻣﻨﺼﺎﺕ ﻣﺸﺎﺭﻛﺔ ﺍﻟﻤﻠﻔﺎﺕ ﺍﻟﺘﺠﺎﺭﻳﺔ ‪ ،‬ﻣﺜﻞ ‪ Dropbox‬ﻭ ‪ Microsoft One Drive‬ﻭ ‪Drive‬‬
    ‫‪ Google‬ﻭ ‪ Microsoft SharePoint‬ﻭ ‪ Apple iCloud‬ﻭﻏﻴﺮﻫﺎ ‪ ،‬ﻋﻠﻰ ﻣﻌﻠﻤﺎﺕ ﺃﻭ ﻗﻴﻮﺩ ﻋﻠﻰ ﻧﻮﻉ ﻣﺸﺎﺭﻛﺔ‬
    ‫ﺍﻟﻤﻠﻔﺎﺕ)ﺃﻱ ﺍﻷﺫﻭﻧﺎﺕ(‪ .‬ﻳﻤﻜﻦ ﺇﻧﺸﺎء ﺍﻟﻤﻠﻔﺎﺕ ﺍﻟﻤﺸﺘﺮﻛﺔ ﺃﻭ ﻗﺮﺍءﺗﻬﺎ ﺃﻭ ﺗﺤﺪﻳﺜﻬﺎ ﺃﻭ ﺣﺬﻓﻬﺎ ‪ ،‬ﺍﻋﺘﻤﺎﺩﺍً ﻋﻠﻰ ﻧﻮﻉ‬
    ‫ﺍﻷﺫﻭﻧﺎﺕﺍﻟﻤﺨﺼﺼﺔ ﻟﻠﻤﻠﻒ ﺍﻟﻤﺸﺘﺮﻙ‪ .‬ﻳﺠﺐ ﺃﻥ ﺗﺪﺭﻙ ﺍﻟﻤﺆﺳﺴﺎﺕ ﺃﻥ ﺍﻟﻌﺪﻳﺪ ﻣﻦ ﻫﺬﻩ ﺍﻷﺩﻭﺍﺕ ﺗﺘﻄﻠﺐ ﺍﻟﻘﻠﻴﻞ‬
    ‫ﻣﻦﺍﻟﺘﺮﺍﺧﻴﺺ ﺃﻭ ﻻ ﺗﺘﻄﻠﺐ ﺗﺮﺧﻴﺼﺎً ‪ ،‬ﻭﻋﻨﺪﻣﺎ ﻳﺘﻌﻠﻖ ﺍﻷﻣﺮ ﺑﺎﻻﺣﺘﻔﺎﻅ ﺑﺎﻟﺒﻴﺎﻧﺎﺕ ﻭﺗﺪﻣﻴﺮﻫﺎ ‪ ،‬ﻗﺪ ﻳﻜﻮﻥ ﻟﺪﻯ‬
    ‫ﺍﻟﻤﺆﺳﺴﺔﺍﻟﻘﻠﻴﻞ ﻣﻦ ﺍﻟﺘﺤﻜﻢ ﻓﻲ ﻣﻜﺎﻥ ﻭﺟﻮﺩ ﺑﻴﺎﻧﺎﺗﻬﺎ )ﻋﺎﺩﺓ ًﻓﻲ ﺍﻟﺴﺤﺎﺑﺔ( ﺃﻭ ﻣﺪﺓ ﺍﻻﺣﺘﻔﺎﻅ ﺑﻬﺎ‪.‬‬

    ‫ﻭﻣﻊﺫﻟﻚ ‪ ،‬ﻓﻘﺪ ﺍﺳﺘﺜﻤﺮﺕ ﻣﻨﺼﺎﺕ ﻣﺸﺎﺭﻛﺔ ﺍﻟﻤﻠﻔﺎﺕ ﺍﻟﺘﺠﺎﺭﻳﺔ ﺍﻟﻤﻮﺍﺭﺩ ﻓﻲ ﺃﻣﺎﻥ ﺍﻟﻤﺴﺘﺨﺪﻡ ﻭﺍﻟﻤﻠﻔﺎﺕ ﻓﻲ ﻛﻞ‬
    ‫ﺧﻄﻮﺓﻣﻦ ﺍﻟﻌﻤﻠﻴﺔ‪ .‬ﻳﻤﻜﻦ ﺃﻥ ﺗﺘﻀﻤﻦ ﻣﻴﺰﺍﺕ ﺍﻷﻣﺎﻥ ﺍﻟﻤﺼﺎﺩﻗﺔ ﺫﺍﺕ ﺍﻟﻌﺎﻣﻠﻴﻦ ‪ ،‬ﻭﺃﺫﻭﻧﺎﺕ ﺍﻟﻤﺴﺘﺨﺪﻡ ‪ ،‬ﻭﺗﺸﻔﻴﺮ‬
    ‫ﺍﻟﻤﻠﻔﺎﺕ ‪،‬ﻭﻓﻲ ﺑﻌﺾ ﺍﻟﺤﺎﻻﺕ ‪ ،‬ﺍﻻﻣﺘﺜﺎﻝ ﻟﻠﻮﺍﺉﺢ ﻣﺜﻞ ﻗﺎﻧﻮﻥ ﺍﻟﺘﺄﻣﻴﻦ ﺍﻟﺼﺤﻲ ﻟﻘﺎﺑﻠﻴﺔ ﺍﻟﻨﻘﻞ ﻭﺍﻟﻤﺴﺎءﻟﺔ )‪(HIPAA‬‬
    ‫ﻟﻠﺮﻋﺎﻳﺔﺍﻟﺼﺤﻴﺔ ﻭﻫﻴﺉﺔ ﺗﻨﻈﻴﻢ ﺍﻟﺼﻨﺎﻋﺔ ﺍﻟﻤﺎﻟﻴﺔ )‪ (FINRA‬ﻟﻠﺨﺪﻣﺎﺕ ﺍﻟﻤﺎﻟﻴﺔ ﺍﻟﺼﻨﺎﻋﺔ ﻓﻲ ﺍﻟﻮﻻﻳﺎﺕ ﺍﻟﻤﺘﺤﺪﺓ‬
    ‫ﻭﺳﻠﻄﺎﺕﺍﻷﻭﺭﺍﻕ ﺍﻟﻤﺎﻟﻴﺔ ﻭﺍﻟﺴﻮﻕ ﺍﻷﻭﺭﻭﺑﻴﺔ )‪ (ESMA‬ﻓﻲ ﺃﻭﺭﻭﺑﺎ‪ .‬ﻭﻣﻊ ﺫﻟﻚ ‪ ،‬ﻳﺠﺐ ﺃﻥ ﺗﻜﻮﻥ ﺍﻟﻤﻨﻈﻤﺎﺕ ﻋﻠﻰ‬
    ‫ﺩﺭﺍﻳﺔﺑﺄﻱ ﻣﺨﺎﻭﻑ ﻗﺎﻧﻮﻧﻴﺔ ﺃﻭ ﺗﻨﻈﻴﻤﻴﺔ ﺃﻭ ﺃﻣﻨﻴﺔ ﻓﻴﻤﺎ ﻳﺘﻌﻠﻖ ﺑﺎﺳﺘﺨﺪﺍﻡ ﺃﻱ ﻣﻦ ﻫﺬﻩ ﺍﻟﺨﺪﻣﺎﺕ‪ .‬ﻋﻠﻰ ﻫﺬﺍ ﺍﻟﻨﺤﻮ ‪،‬‬
    ‫ﻳﻮﺻﻰﺑﺴﻴﺎﺳﺔ ﻣﺸﺎﺭﻛﺔ ﺍﻟﻤﻠﻔﺎﺕ‪.‬‬

    ‫ﺃﺟﻬﺰﺓﻣﺤﻤﻮﻟﺔ‬
    ‫ﺗﺴﻤﺢﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺍﻟﻤﺆﺳﺴﺎﺕ ﻟﻤﻮﻇﻔﻴﻬﺎ ﺑﺘﻮﺻﻴﻞ ﺟﻬﺎﺯ ﺷﺨﺼﻲ ﺑﺸﺒﻜﺔ ﺍﻟﺸﺮﻛﺔ ‪ ،‬ﻣﻤﺎ ﻳﻤﻨﺢ ﺍﻟﻤﻮﻇﻒ ﻓﺮﺻﺔ‬
    ‫ﻟﺤﻤﻞﻋﺪﺩ ﺃﻗﻞ ﻣﻦ ﺍﻷﺟﻬﺰﺓ‪ .‬ﻛﻤﺎ ﺃﻧﻪ ﻳﻮﻓﺮ ﻟﻠﻤﺆﺳﺴﺔ ﻭﻓﻮﺭﺍﺕ ﻣﺤﺘﻤﻠﺔ ﻓﻲ ﺍﻟﺘﻜﻠﻔﺔ ﻣﻦ ﺧﻼﻝ ﻋﺪﻡ ﺍﻻﺿﻄﺮﺍﺭ ﺇﻟﻰ‬
    ‫ﺷﺮﺍءﺃﺟﻬﺰﺓ ﺇﺿﺎﻓﻴﺔ‪ .‬ﻓﻲ ﺣﻴﻦ ﺃﻥ ﻫﺬﻩ ﺍﻟﻤﻤﺎﺭﺳﺔ ‪ ،‬ﺍﻟﺘﻲ ﻳﺸﺎﺭ ﺇﻟﻴﻬﺎ ﺑﺎﺳﻢ "ﺃﺣﻀﺮ ﺟﻬﺎﺯﻙ ﺍﻟﺨﺎﺹ" )‪ (BYOD‬ﺃﻭ "‬
    ‫ﺃﺣﻀﺮﺗﻘﻨﻴﺘﻚ ﺍﻟﺨﺎﺻﺔ" )‪ ، (BYOT‬ﺗﻮﻓﺮ ﻛﻔﺎءﺍﺕ ‪ ،‬ﺇﻻ ﺃﻧﻬﺎ ﻳﻤﻜﻦ ﺃﻥ ﺗﻘﺪﻡ ﻣﺨﺎﻭﻑ ﺃﻣﻨﻴﺔ ﻣﺤﺘﻤﻠﺔ‪) .‬ﻷﻏﺮﺍﺽ ﻫﺬﺍ‬
    ‫ﺍﻟﺘﻮﺟﻴﻪ ‪،‬ﺳﻮﻑ ﻧﺸﻴﺮ ﺇﻟﻰ ﻛﻼ ﻣﻔﻬﻮﻣﻲ ‪ BYOD‬ﻭ ‪ BYOT‬ﻛـ ‪(.BYOD‬‬

    ‫ﺃﻧﻈﻤﺔﺗﺸﻐﻴﻞ ﺍﻷﺟﻬﺰﺓ ﺍﻟﻤﺤﻤﻮﻟﺔ‬

    ‫ﺃﻧﻈﻤﺔﺗﺸﻐﻴﻞ ﺍﻷﺟﻬﺰﺓ ﺍﻟﻤﺤﻤﻮﻟﺔ ﻫﻲ ﺑﺮﺍﻣﺞ ﺍﻟﻤﺴﺘﻮﻯ ﺍﻷﺳﺎﺳﻲ ﺍﻟﺘﻲ ﺗﺴﻤﺢ ﻟﻸﺟﻬﺰﺓ ﺍﻟﻤﺤﻤﻮﻟﺔ ﺑﺈﺩﺍﺭﺓ ﻣﻜﻮﻧﺎﺗﻬﺎ ﺍﻟﺪﺍﺧﻠﻴﺔ‬
    ‫ﺍﻟﺨﺎﺻﺔﻭﺍﻟﺘﻔﺎﻋﻞ ﻣﻊ ﻣﺴﺘﺨﺪﻡ ﺍﻟﺠﻬﺎﺯ‪ .‬ﻳﺘﺤﻜﻢ ﻧﻈﺎﻡ ﺗﺸﻐﻴﻞ ﺍﻟﻬﺎﺗﻒ ﺍﻟﻤﺤﻤﻮﻝ ﻓﻲ ﺍﻹﺩﺧﺎﻝ ﻋﻠﻰ ﺍﻟﺠﻬﺎﺯ ﺍﻟﻤﺤﻤﻮﻝ ﻣﻦ ﻣﺼﺎﺩﺭ‬
    ‫ﻣﺨﺘﻠﻔﺔ)ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﺍﻟﺸﺎﺷﺔ ﺍﻟﺘﻲ ﺗﻌﻤﻞ ﺑﺎﻟﻠﻤﺲ ﻭﺍﻟﻤﻴﻜﺮﻭﻓﻮﻥ ﻭﺍﻟﻜﺎﻣﻴﺮﺍ ﻭﻧﻈﺎﻡ ﺗﺤﺪﻳﺪ ﺍﻟﻤﻮﺍﻗﻊ ﺍﻟﻌﺎﻟﻤﻲ( ﻭﻳﺴﻤﺢ‬
    ‫ﻟﻠﻤﺴﺘﺨﺪﻣﻴﻦﺑﺎﻟﺘﻔﺎﻋﻞ ﻣﻊ ﺍﻟﺠﻬﺎﺯ ﻋﺒﺮ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﻤﺤﻤﻠﺔ ﻋﻠﻴﻪ‪.‬‬

    ‫ﺃﻛﺜﺮﺃﻧﻈﻤﺔ ﺗﺸﻐﻴﻞ ﺍﻷﺟﻬﺰﺓ ﺍﻟﻤﺤﻤﻮﻟﺔ ﺷﻴﻮﻋﺎً ﻫﻲ ‪ Apple iOS‬ﻭ ‪ ، Android‬ﻭﻟﻜﻦ ﻫﻨﺎﻙ ﺃﻧﻈﻤﺔ ﺗﺸﻐﻴﻞ ﺃﺧﺮﻯ ‪ ،‬ﻣﺜﻞ‬
    ‫ﻧﻈﺎﻡﺍﻟﺘﺸﻐﻴﻞ ‪ Windows Mobile‬ﻭ ‪ Symbian‬ﻭ ‪ Blackberry‬ﻣﻦ ‪ .Microsoft‬ﻋﻠﻰ ﺍﻟﺮﻏﻢ ﻣﻦ ﺃﻥ ﻫﺬﻩ ﻗﺪ ﻻ‬
    ‫ﺗﻜﻮﻥﻣﻨﺘﺸﺮﺓ ﻣﺜﻞ ‪ iOS‬ﺃﻭ ‪ ، Android‬ﻳﺠﺐ ﺃﻥ ﺗﻜﻮﻥ ﺍﻟﻤﺆﺳﺴﺎﺕ ﻋﻠﻰ ﺩﺭﺍﻳﺔ ﺑﺎﺳﺘﺨﺪﺍﻡ ﺃﻧﻈﻤﺔ ﺍﻟﺘﺸﻐﻴﻞ ﺍﻷﺧﺮﻯ ﻫﺬﻩ‬
    ‫ﺇﺫﺍﺳﻤﺤﺖ ﻟﻤﻮﻇﻔﻴﻬﺎ ﺑﺈﺣﻀﺎﺭ ﺃﺟﻬﺰﺗﻬﻢ ﺍﻟﺨﺎﺻﺔ ‪ ،‬ﺣﻴﺚ ﻳﻤﻜﻦ ﻷﻱ ﺟﻬﺎﺯ ﻣﺘﺼﻞ ﺑﺸﺒﻜﺔ ﻣﺆﺳﺴﺔ ﻣﺎ ﺃﻥ ﻳﺸﻜﻞ ﻣﺨﺎﻃﺮ‬
    ‫ﺃﻣﻨﻴﺔ‪.‬‬

    ‫ﺗﺸﻴﺮﻃﺒﻴﻌﺔ ﺍﻟﻤﺼﺪﺭ ﺍﻟﻤﻔﺘﻮﺡ ﻟﻨﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ ‪ Android‬ﺇﻟﻰ ﺃﻥ ﻣﺼﻨﻌﻲ ﺍﻷﺟﻬﺰﺓ ﻭﻣﻮﻓﺮﻱ ﺍﻟﺸﺒﻜﺎﺕ ﻳﻤﻜﻨﻬﻢ‬
    ‫ﺇﺟﺮﺍءﺗﻐﻴﻴﺮﺍﺕ ﻋﻠﻰ ﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ ﻷﺳﺒﺎﺏ ﻋﺪﻳﺪﺓ ‪ ،‬ﺑﻤﺎ ﻓﻲ ﺫﻟﻚ ﺗﺤﺴﻴﻦ ﺍﻟﺠﻬﺎﺯ ﻭﺍﻟﺸﺒﻜﺔ‪ .‬ﻳﻤﻜﻦ ﺃﻥ ﻳﻜﻮﻥ ﻟﻬﺬﺍ‬
    ‫ﺍﻟﻨﻬﺞﻣﺘﻌﺪﺩ ﺍﻟﻄﺒﻘﺎﺕ ﺗﺄﺛﻴﺮ ﻛﺒﻴﺮ ﻋﻠﻰ ﺃﻣﺎﻥ ﻭﻣﻴﺰﺍﺕ ﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ ‪ .Android‬ﻣﻦ ﻧﺎﺣﻴﺔ ﺃﺧﺮﻯ ‪ ،‬ﺗﺘﺤﻜﻢ ‪Apple‬‬
    ‫ﺑﺸﻜﻞﺻﺎﺭﻡ ﻓﻲ ﺑﻴﺉﺔ ‪ .iOS‬ﻻ ﺗﺘﻢ ﻣﺸﺎﺭﻛﺔ ﻛﻮﺩ ﺍﻟﻤﺼﺪﺭ ﻣﻊ ﻣﻮﻓﺮﻱ ﺍﻟﺸﺒﻜﺔ ﻭﺗﻘﻮﻡ ‪ Apple‬ﺑﺪﻓﻊ ﺍﻟﺘﺤﺪﻳﺜﺎﺕ ﺇﻟﻰ‬
    ‫ﺃﺟﻬﺰﺗﻬﻢ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪19‬‬ ‫‪www.theiia.org‬‬


    ‫ﺇﺩﺍﺭﺓﺍﻷﺟﻬﺰﺓ ﺍﻟﻤﺤﻤﻮﻟﺔ ﻭﺇﺩﺍﺭﺓ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﻬﺎﺗﻒ ﺍﻟﻤﺤﻤﻮﻝ‬
    ‫ﺇﺩﺍﺭﺓﺍﻷﺟﻬﺰﺓ ﺍﻟﻤﺤﻤﻮﻟﺔ )‪ (MDM‬ﻫﻲ ﺑﺮﻧﺎﻣﺞ ﻳﺴﻤﺢ ﻟﻠﻤﺆﺳﺴﺔ ﺑﺎﻟﺘﺤﻜﻢ ﻓﻲ ﻣﻴﺰﺍﺕ ﺍﻟﺠﻬﺎﺯ )ﻣﺜﻞ ﺍﻟﻬﻮﺍﺗﻒ ﺍﻟﺬﻛﻴﺔ‬
    ‫ﻭﺍﻷﺟﻬﺰﺓﺍﻟﻠﻮﺣﻴﺔ ﻭﺃﺟﻬﺰﺓ ﺍﻟﻘﺮﺍءﺓ ﺍﻹﻟﻜﺘﺮﻭﻧﻴﺔ ﻭﺍﻷﺟﻬﺰﺓ ﺍﻟﻘﺎﺑﻠﺔ ﻟﻼﺭﺗﺪﺍء( ﻟﺘﺄﻣﻴﻦ ﺍﻟﺴﻴﺎﺳﺎﺕ ﻭﺇﻧﻔﺎﺫﻫﺎ‪ .‬ﻳﺘﻴﺢ ﺫﻟﻚ‬
    ‫ﻟﻠﻤﺆﺳﺴﺎﺕﺇﺩﺍﺭﺓ ﺃﻋﺪﺍﺩ ﻛﺒﻴﺮﺓ ﻣﻦ ﺃﺟﻬﺰﺗﻬﺎ ﺍﻟﻤﺤﻤﻮﻟﺔ ﺑﻄﺮﻳﻘﺔ ﻣﺘﺴﻘﺔ ﻭﻗﺎﺑﻠﺔ ﻟﻠﺘﻄﻮﻳﺮ‪ .‬ﻳﺴﻤﺢ ‪ MDM‬ﺃﻳﻀﺎً‬
    ‫ﻟﻠﻤﺆﺳﺴﺔﺑﻤﺴﺢ ﺃﻱ ﺟﻬﺎﺯ ﺗﻢ ﻓﻘﺪﻩ ﺃﻭ ﺗﻌﺮﺿﻪ ﻟﻠﺨﻄﺮ ﻋﻦ ﺑﻌُﺪ‪ .‬ﺍﻟﻌﻴﺐ ﻓﻲ ﺫﻟﻚ ﻫﻮ ﻣﺮﻭﻧﺔ ﺍﻟﻤﺴﺘﺨﺪﻡ ﺍﻟﻤﺤﺪﻭﺩﺓ‬
    ‫ﺍﻟﻨﺎﺗﺠﺔﻋﻠﻰ ﺍﻟﺠﻬﺎﺯ ﺍﻟﻤﺤﻤﻮﻝ ﻟﻠﺸﺮﻛﺔ‪.‬‬

    ‫ﺗﺼﻒﺇﺩﺍﺭﺓ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﻬﺎﺗﻒ ﺍﻟﻤﺤﻤﻮﻝ )‪ (MAM‬ﺍﻟﺒﺮﺍﻣﺞ ﻭﺍﻟﺨﺪﻣﺎﺕ ﺍﻟﻤﺴﺆﻭﻟﺔ ﻋﻦ ﺗﻮﻓﻴﺮ ﻭﺇﺩﺍﺭﺓ ﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ‬
    ‫ﺗﻄﺒﻴﻘﺎﺕﺍﻟﻬﺎﺗﻒ ﺍﻟﻤﺤﻤﻮﻝ )ﺍﻟﻤﻄﻮﺭﺓ ﺩﺍﺧﻠﻴﺎً ﺃﻭ ﺍﻟﻤﺘﻮﻓﺮﺓ ﺗﺠﺎﺭﻳﺎً( ﺳﻮﺍء ﺗﻢ ﺗﻄﺒﻴﻘﻬﺎ ﻋﻠﻰ ﺍﻷﺟﻬﺰﺓ ﺍﻟﻤﺤﻤﻮﻟﺔ‬
    ‫ﺍﻟﻤﻤﻠﻮﻛﺔﻟﻠﻤﺆﺳﺴﺔ ﺃﻭ ‪ .BYOD‬ﺗﺘﻤﺘﻊ ‪ MAM‬ﺃﻳﻀﺎً ﺑﻤﻴﺰﺓ ﺇﺿﺎﻓﻴﺔ ﺗﺘﻤﺜﻞ ﻓﻲ ﺍﻟﻘﺪﺭﺓ ﻋﻠﻰ ﺍﻟﺤﺪ ﻣﻦ ﻣﺸﺎﺭﻛﺔ‬
    ‫ﺑﻴﺎﻧﺎﺕﺍﻟﺸﺮﻛﺔ ﺑﻴﻦ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‪.‬‬

    ‫ﻳﻨﺼﺐﺍﻟﺘﺮﻛﻴﺰ ﺍﻟﺮﺉﻴﺴﻲ ﻟـ ‪ MDM‬ﻭ ‪ MAM‬ﻋﻠﻰ ﺍﻟﺘﺤﻜﻢ ﻓﻲ ﺗﻌﺮﺽ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﺸﺮﻛﺔ ﻭﺍﻟﺒﺮﻳﺪ ﻭﺍﻟﻤﺴﺘﻨﺪﺍﺕ‬
    ‫ﺍﻟﺴﺮﻳﺔ ‪،‬ﻭﺍﻟﺤﻔﺎﻅ ﻋﻠﻰ ﺍﻟﺘﻜﺎﻣﻞ ﻣﻊ ﺃﺻﻮﻝ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﺸﺮﻛﺔ ﺍﻷﺧﺮﻯ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﺃﺟﻬﺰﺓ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ‬
    ‫ﺍﻟﻤﺤﻤﻮﻟﺔﻭﺍﻟﻄﺎﺑﻌﺎﺕ(‪ .‬ﺑﺎﻹﺿﺎﻓﺔ ﺇﻟﻰ ﺫﻟﻚ ‪ ،‬ﻳﻤﻜﻦ ﺗﻀﻤﻴﻦ ﺳﻴﺎﺳﺎﺕ ﺍﻷﻣﺎﻥ ﻭﻓﺮﺿﻬﺎ ﻋﻠﻰ ﻣﺴﺘﻮﻯ ﺗﻄﺒﻴﻖ‬
    ‫ﺍﻟﺸﺮﻛﺔﻭﻗﺪ ﻻ ﺗﻌﺘﻤﺪ ﻋﻠﻰ ﺍﻷﻣﺎﻥ ﻋﻠﻰ ﻣﺴﺘﻮﻯ ﺍﻟﺠﻬﺎﺯ ﺃﻭ ﺗﺼﺤﻴﺤﺎﺕ ﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ‪ .‬ﻫﺬﺍ ﻳﻌﻨﻲ ﺃﻥ ﺍﻻﺧﺘﺒﺎﺭ‬
    ‫ﺍﻟﻤﺴﺘﻤﺮﻟﺘﻄﺒﻴﻘﺎﺕ ‪ MAM‬ﻣﻄﻠﻮﺏ ﻟﻀﻤﺎﻥ ﺍﻟﺘﻮﺍﻓﻖ ﻣﻊ ﺗﺮﻗﻴﺎﺕ ﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ ﻋﻠﻰ ﻣﺴﺘﻮﻯ ﺍﻟﺠﻬﺎﺯ‪.‬‬

    ‫ﻳﺠﺐﺃﻥ ﺗﻨﻈﺮ ﺍﻟﻤﻨﻈﻤﺎﺕ ﻓﻲ ﺳﻴﺎﺳﺔ ﺇﺩﺍﺭﺓ ﺍﻷﺟﻬﺰﺓ ﺍﻟﻤﺤﻤﻮﻟﺔ ﺍﻟﻤﻨﺎﺳﺒﺔ ﻭﺳﻴﺎﺳﺔ ‪.BYOD‬‬

    ‫ﺗﺤﺪﻳﺎﺕﻭﻣﺨﺎﻃﺮ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ‬


    ‫ﺍﻟﺒﻨﻴﺔﺍﻟﺘﺤﺘﻴﺔ ﻟﻠﻤﺆﺳﺴﺔ ﻫﻲ ﺍﻟﻌﻤﻮﺩ ﺍﻟﻔﻘﺮﻱ ﻟﻌﻤﻠﻴﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﺨﺎﺻﺔ ﺑﻬﺎ‪ .‬ﻋﻨﺪ ﺍﻹﻋﺪﺍﺩ ﺑﺸﻜﻞ ﺟﻴﺪ ‪ ،‬ﻳﻤﻜﻦ‬
    ‫ﺃﻥﻳﺴﺎﻋﺪ ﻓﻲ ﺯﻳﺎﺩﺓ ﺍﻟﻜﻔﺎءﺓ ﺇﻟﻰ ﺃﻗﺼﻰ ﺣﺪ‪ .‬ﻋﻨﺪﻣﺎ ﻻ ﻳﺘﻢ ﺗﺤﺴﻴﻨﻪ ‪ ،‬ﻳﻤﻜﻦ ﺃﻥ ﻳﺆﺩﻱ ﺇﻟﻰ ﻣﺨﺎﻃﺮ ﻭﺗﺤﺪﻳﺎﺕ ﻏﻴﺮ ﺿﺮﻭﺭﻳﺔ‪ .‬ﺗﻌﺪ‬
    ‫ﺍﻟﺒﻨﻴﺔﺍﻟﺘﺤﺘﻴﺔ ﻣﻜﻮﻧﺎً ﺭﺉﻴﺴﻴﺎً ﻟﻔﻬﻢ ﺍﻟﻤﺪﻗﻖ ﺍﻟﺪﺍﺧﻠﻲ ﻟﺠﻤﻴﻊ ﺍﻟﻤﻬﺎﻡ ﺍﻟﻤﺘﻌﻠﻘﺔ ﺑﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪ .‬ﻫﻨﺎﻙ ﺍﻟﻌﺪﻳﺪ ﻣﻦ‬
    ‫ﺍﻟﺘﺤﺪﻳﺎﺕ ‪ /‬ﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﻤﺘﻌﻠﻘﺔ ﺑﺎﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﺨﺎﺻﺔ ﺑﺎﻟﻤﺆﺳﺴﺔ ﻭﺍﻟﺘﻲ ﻳﻤﻜﻦ ﺃﻥ ﺗﺸﻤﻞ ﻋﻠﻰ‬
    ‫ﺳﺒﻴﻞﺍﻟﻤﺜﺎﻝ ﻻ ﺍﻟﺤﺼﺮ‪:‬‬

    ‫ﺇﻋﺪﺍﺩﺍﺕ‪-‬ﺣﻴﺚ ﻻ ﻳﺘﻢ ﺗﻜﻮﻳﻦ ﺃﻧﻈﻤﺔ ﺍﻟﺘﺸﻐﻴﻞ ﻭﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﻤﺮﺗﺒﻄﺔ ﺑﻬﺎ )ﺍﻟﻤﺆﺳﺴﺔ ﻭﺍﻟﻤﺴﺘﺨﺪﻡ‬ ‫‪-‬‬
    ‫ﺍﻟﻨﻬﺎﺉﻲ( ﺑﺸﻜﻞ ﺁﻣﻦ ‪ ،‬ﻳﻤﻜﻦ ﺃﻥ ﺗﻮﺟﺪ ﺛﻐﺮﺍﺕ ﺃﻣﻨﻴﺔ‪.‬‬
    ‫ﺣﻤﺎﻳﺔ‪-‬‬ ‫‪-‬‬
    ‫ﻳﻤﻜﻦﺃﻥ ﻳﺆﺩﻱ ﻋﺪﻡ ﻛﻔﺎﻳﺔ ﺗﻄﻮﻳﺮ ﺃﻭ ﺇﺩﺍﺭﺓ ﺍﻻﺳﺘﺜﻨﺎءﺍﺕ ﺍﻷﻣﻨﻴﺔ ﺇﻟﻰ ﺗﻘﺎﺩﻡ ﺍﻟﺠﻬﺎﺯ‪.‬‬ ‫ﺍ‬

    ‫ﻳﻤﻜﻦﺃﻥ ﻳﺴﻤﺢ ﺍﻟﺘﺸﻔﻴﺮ ﺃﻭ ﺇﺩﺍﺭﺓ ﺍﻟﻮﺻﻮﻝ ﺍﻟﻀﻌﻴﻔﺔ ﺃﻭ ﺍﻟﻤﺠﺰﺃﺓ ﺑﺎﻟﻮﺻﻮﻝ ﺍﻟﻤﻔﺮﻁ ‪ ،‬ﺧﺎﺻﺔ ًﻋﻨﺪﻣﺎ‬ ‫ﺍ‬
    ‫ﻻﻳﺘﻐﻴﺮ ﺍﻟﻤﻔﺘﺎﺡ ﺑﻌﺪ ﺃﻥ ﻟﻢ ﻳﻌﺪ ﺍﻟﻤﻔﺘﺎﺡ ﺍﻟﺬﻱ ﺗﻢ ﺗﺨﺼﻴﺼﻪ ﻟﻠﻔﺮﺩ ﻓﻲ ﻭﺿﻊ ﻳﺴﻤﺢ ﻟﻪ ﺑﺎﻟﺤﺎﺟﺔ ﺇﻟﻰ‬
    ‫ﺍﻟﻮﺻﻮﻝ‪.‬ﺑﺎﻹﺿﺎﻓﺔ ﺇﻟﻰ ﺫﻟﻚ ‪ ،‬ﻫﻨﺎﻙ ﺧﻄﺮ ﺍﻟﺘﻌﺮﺽ ﻟﻠﺒﻴﺎﻧﺎﺕ ﻋﻨﺪ ﺍﻧﺘﻬﺎء ﺻﻼﺣﻴﺔ ﺍﻟﻤﻔﺘﺎﺡ ﻭﻋﺪﻡ‬
    ‫ﺗﻌﻴﻴﻦﻣﻔﺘﺎﺡ ﺟﺪﻳﺪ ﻓﻲ ﺍﻟﻮﻗﺖ ﺍﻟﻤﻨﺎﺳﺐ‪.‬‬
    ‫ﻳﻤﻜﻦﺃﻥ ﺗﺰﻳﺪ ﺍﻷﺟﻬﺰﺓ ﺍﻟﺘﻲ ﺗﻤﺖ ﺇﺿﺎﻓﺘﻬﺎ ﺇﻟﻰ ﺍﻟﺸﺒﻜﺔ ﺑﺪﻭﻥ ﺗﺼﻠﺐ )ﺗﺄﻣﻴﻦ( ﻣﻨﺎﺳﺐ ﻣﻦ ﻣﺨﺎﻃﺮ‬ ‫ﺍ‬
    ‫ﺍﻻﺧﺘﺮﺍﻕﺑﺴﺒﺐ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﻤﻔﺘﻮﺣﺔ ﻭﻛﻠﻤﺎﺕ ﺍﻟﻤﺮﻭﺭ ﺍﻻﻓﺘﺮﺍﺿﻴﺔ ﻭﻧﻘﺺ ﺍﻟﻤﺮﺍﻗﺒﺔ‪.‬‬
    ‫ﻳﺰﻳﺪﺍﻟﺘﺪﺭﻳﺐ ﺍﻷﻣﻨﻲ ﺍﻟﺬﻱ ﻻ ﻣﻌﻨﻰ ﻟﻪ ﺃﻭ ﺍﻟﻌﺎﻡ ﻣﻦ ﺧﻄﺮ ﺍﺳﺘﺴﻼﻡ ﺍﻟﻤﺴﺘﺨﺪﻣﻴﻦ ﻷﺳﺎﻟﻴﺐ‬ ‫ﺍ‬
    ‫ﺍﻟﻬﻨﺪﺳﺔﺍﻻﺟﺘﻤﺎﻋﻴﺔ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪20‬‬ ‫‪www.theiia.org‬‬


    ‫ﻳﻤﻜﻦﺃﻥ ﻳﺆﺩﻱ ‪ BYOD‬ﺇﻟﻰ ﺗﺴﺮﺏ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻣﻦ ﺍﻷﺟﻬﺰﺓ ﻋﻠﻰ ﺍﻟﺸﺒﻜﺔ ﻋﻨﺪﻣﺎ ﻻ ﻳﺘﻢ ﺍﺗﺒﺎﻉ ﺍﻟﻌﻤﻠﻴﺎﺕ‬ ‫ﺍ‬
    ‫ﺍﻟﺪﺍﺧﻠﻴﺔﺑﺸﻜﻞ ﺻﺤﻴﺢ‪.‬‬
    ‫ﻳﻤﻜﻦﺃﻥ ﺗﺴﻤﺢ ﺍﻟﻘﻮﺍﻋﺪ ﺍﻟﻤﻔﻘﻮﺩﺓ ﺃﻭ ﺍﻟﻘﺪﻳﻤﺔ ﺃﻭ ﺍﻟﻤﻮﺿﻮﻋﺔ ﺑﺸﻜﻞ‬ ‫ﺍ‬
    ‫ﻏﻴﺮﺻﺤﻴﺢ ﻟﻠﻤﻤﺜﻠﻴﻦ ﺍﻟﺴﻴﺉﻴﻦ ﺑﺎﻟﺘﺤﺎﻳﻞ ﻋﻠﻰ ﻋﻨﺎﺻﺮ ﺍﻟﺘﺤﻜﻢ ﻣﺜﻞ‬
    ‫ﺍﻟﻤﻮﺍﺭﺩ‬
    ‫ﻗﻮﺍﺉﻢﺍﻟﺘﺤﻜﻢ ﻓﻲ ﺍﻟﻮﺻﻮﻝ )‪ (ACLs‬ﻭﻗﻮﺍﻋﺪ ﺟﺪﺍﺭ ﺍﻟﺤﻤﺎﻳﺔ‪.‬‬

    ‫ﻟﻤﺰﻳﺪﻣﻦ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺣﻮﻝ ﺇﺩﺍﺭﺓ‬ ‫ﺍﻟﻤﻄﺎﺑﻘﺔ‪-‬ﻗﺪ ﻻ ﻳﺘﻢ ﺍﺗﺒﺎﻉ ﺍﻷﻃﺮ ﺃﻭ ﺍﻟﻤﻌﺎﻳﻴﺮ ﺃﻭ ﺍﻟﻤﻨﻬﺠﻴﺎﺕ‬ ‫‪-‬‬
    ‫ﺍﻟﺘﺼﺤﻴﺢ ‪،‬ﺭﺍﺟﻊ ‪" ، IIA GTAG‬ﺇﺩﺍﺭﺓ ﺗﻐﻴﻴﺮ‬ ‫ﺍﻟﻤﻌﺘﺮﻑﺑﻬﺎ ﻣﻦ ﻗﺒﻞ ﺍﻟﺼﻨﺎﻋﺔ ‪ ،‬ﻣﻤﺎ ﻳﺆﺩﻱ ﺇﻟﻰ ﺇﺩﺧﺎﻝ‬
    ‫ﺗﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪ :‬ﺣﺎﺳﻤﺔ ﻟﻠﻨﺠﺎﺡ‬ ‫ﻣﺨﺎﻃﺮﺗﻨﻈﻴﻤﻴﺔ ﺃﻭ ﺍﻣﺘﺜﺎﻝ ﻣﺤﺘﻤﻠﺔ‪.‬‬
    ‫ﺍﻟﺘﻨﻈﻴﻤﻲ ‪3،‬ﺑﺤﺚ ﻭﺗﻄﻮﻳﺮﺍﻹﺻﺪﺍﺭ‪".‬‬
    ‫ﺑﻘﻊ‪-‬ﺇﺫﺍ ﻟﻢ ﻳﺘﻢ ﺗﻄﺒﻴﻖ ﺍﻟﺘﺼﺤﻴﺤﺎﺕ ﻋﻠﻰ ﺍﻷﻧﻈﻤﺔ ﺍﻟﻬﺎﻣﺔ ‪،‬‬ ‫‪-‬‬
    ‫ﻓﻴﻤﻜﻨﻬﺎﺗﻘﺪﻳﻢ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺇﻟﻰ‬
    ‫ﻧﻘﺎﻁﺍﻟﻀﻌﻒ ﻭﺍﻟﻘﻀﺎﻳﺎ ﺍﻷﻣﻨﻴﺔ‪.‬‬

    ‫ﺷﺒﻜﺔﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬

    ‫ﺗﻌﺮﻳﻒﺍﻟﺸﺒﻜﺔ‬
    ‫ﺇﻥﺃﺑﺴﻂ ﺗﻌﺮﻳﻒ ﻟﻠﺸﺒﻜﺔ ﻓﻲ ﺳﻴﺎﻕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻫﻮ ﻭﺳﻴﻠﺔ ﻟﺘﻮﺻﻴﻞ ﺟﻬﺎﺯﻱ ﻛﻤﺒﻴﻮﺗﺮ ﺃﻭ ﺃﻛﺜﺮ ﻷﻏﺮﺍﺽ‬
    ‫ﻣﺸﺎﺭﻛﺔﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪ .‬ﺗﺤﺘﻮﻱ ﺍﻟﺸﺒﻜﺔ ﺑﺸﻜﻞ ﻋﺎﻡ ﻋﻠﻰ ﺛﻼﺙ ﺧﺼﺎﺉﺺ ﺭﺉﻴﺴﻴﺔ‪ :‬ﺍﻟﻬﻴﻜﻞ ﻭﺍﻟﺒﻨﻴﺔ ﻭﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ‪.‬‬
    ‫ﻳﺸﺮﺡﻫﺬﺍ ﺍﻟﻘﺴﻢ ﻛﻞ ﻣﻨﻬﺎ ﻭﻳﻘﺪﻡ ﺃﻣﺜﻠﺔ‪ .‬ﻛﻤﺎ ﻳﻘﺪﻡ ﻣﻔﺎﻫﻴﻢ ﺗﺸﻤﻞ ﻭﺿﻊ ﺍﻟﺨﺪﻣﺔ ﻣﺘﻌﺪﺩ ﺍﻟﻄﺒﻘﺎﺕ ‪ ،‬ﻭﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ‬
    ‫ﺍﻟﺸﺒﻜﺔﻋﻦ ﺑﻌﺪ ‪ ،‬ﻭﺍﻟﺪﻓﺎﻉ ﻋﻦ ﺍﻟﺸﺒﻜﺔ‪.‬‬

    ‫ﻫﻨﺎﻙﺛﻼﺛﺔ ﺃﻧﻮﺍﻉ ﺭﺉﻴﺴﻴﺔ ﻣﻦ ﺍﻟﺸﺒﻜﺎﺕ‪ :‬ﺷﺒﻜﺎﺕ ﺍﻟﻤﻨﻄﻘﺔ ﺍﻟﻤﺤﻠﻴﺔ )‪ ، (LAN‬ﻭﺷﺒﻜﺎﺕ ﺍﻟﻤﻨﻄﻘﺔ ﺍﻟﺤﻀﺮﻳﺔ‬
    ‫)‪ ، (MANs‬ﻭﺷﺒﻜﺎﺕ ﺍﻟﻤﻨﻄﻘﺔ ﺍﻟﻮﺍﺳﻌﺔ )‪ .(WAN‬ﺳﻴﺤﺪﺩ ﺣﺠﻢ ﺍﻟﻤﻨﻈﻤﺔ ﻭﺍﻟﺒﺼﻤﺔ ﺍﻟﺠﻐﺮﺍﻓﻴﺔ ﻋﺎﺩﺓ ًﺍﻟﻨﻮﻉ ﺍﻷﻛﺜﺮ‬
    ‫ﻣﻼءﻣﺔ‪.‬ﺗﺴُﺘﺨﺪﻡ ﺍﻟﺸﺒﻜﺎﺕ ﺍﻟﻤﺤﻠﻴﺔ ﻟﻠﺘﻮﺍﺻﻞ ﺩﺍﺧﻞ ﺃﻭ ﺑﻴﻦ ﻃﻮﺍﺑﻖ ﺍﻟﻤﺒﻨﻰ ؛ ﺗﻬﺪﻑ ﺍﻟﺸﺨﺼﻴﺎﺕ ﺇﻟﻰ ﺍﻟﺘﻮﺍﺻﻞ‬
    ‫ﺩﺍﺧﻞﺍﻟﻤﺒﺎﻧﻲ ﺩﺍﺧﻞ ﺍﻟﺤﺮﻡ ﺍﻟﺠﺎﻣﻌﻲ ﺃﻭ ﺍﻟﻤﺪﻳﻨﺔ ؛ ﻭﺗﺘﻴﺢ ﺷﺒﻜﺔ ‪ WAN‬ﺍﻻﺗﺼﺎﻝ ﺩﺍﺧﻞ ﻣﺪﻥ ﺃﻭ ﻭﻻﻳﺎﺕ ﺃﻭ ﺣﺘﻰ ﺩﻭﻝ‬
    ‫ﻣﺘﻌﺪﺩﺓ‪.‬ﻳﺸُﺎﺭ ﺇﻟﻰ ﺃﻱ ﻧﻈﺎﻡ ﺃﻭ ﺟﻬﺎﺯ ‪ ،‬ﻣﺜﻞ ﺟﻬﺎﺯ ﻛﻤﺒﻴﻮﺗﺮ ﺃﻭ ﻛﻤﺒﻴﻮﺗﺮ ﻣﺤﻤﻮﻝ ﺃﻭ ﺟﻬﺎﺯ ﻣﺤﻤﻮﻝ ﻣﺘﺼﻞ ﺑﺸﺒﻜﺔ‬
    ‫ﺑﺎﺳﻢﻋﻘﺪﺓ‪.‬‬

    ‫ﺍﻟﺒﻨﻴﺔ‬
    ‫ﺗﺼﻮﺭﻃﻮﺑﻮﻟﻮﺟﻴﺎ ﺍﻟﺸﺒﻜﺔ ﻛﻴﻒ ﻳﺘﻢ ﺗﺮﺗﻴﺒﻬﺎ ﻣﺎﺩﻳﺎً ﻭﻣﻨﻄﻘﻴﺎً‪ .‬ﺗﻌﺘﺒﺮ ﻃﺒﻮﻟﻮﺟﻴﺎ ﺍﻟﺤﺎﻓﻠﺔ ﺃﻭ ﺍﻟﻨﺠﻤﺔ ﺃﻭ ﺍﻟﺤﻠﻘﺔ ﺃﻭ‬
    ‫ﺍﻟﻬﺠﻴﻨﺔ ‪،‬ﻛﻤﺎ ﻫﻮ ﻣﻮﺿﺢ ﻓﻲ ﺍﻟﺸﻜﻞ ‪ ، 6‬ﺃﻣﺜﻠﺔ ﺷﺎﺉﻌﺔ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪21‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﺸﻜﻞ‪ :6‬ﺃﻣﺜﻠﺔ ﻃﻮﺑﻮﻟﻮﺟﻴﺎ ﺍﻟﺸﺒﻜﺔ‬

    ‫ﻧﺠﻤﺔ‬ ‫ﺣﺎﻓﻠﺔ‬

    ‫ﺟﻬﺎﺯﺍﻟﺘﻮﺟﻴﻪ‬

    ‫ﻫﺠﻴﻦ‬
    ‫ﺟﺮﺱ‬

    ‫ﺟﻬﺎﺯﺍﻟﺘﻮﺟﻴﻪ‬

    ‫ﺍﻟﻤﺼﺪﺭ‪:‬ﻣﻌﻬﺪ ﺍﻟﻤﺮﺍﺟﻌﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬

    ‫ﻫﻨﺪﺳﺔﺍﻟﺸﺒﻜﺎﺕ‬
    ‫ﺗﻮﻓﺮﺑﻨﻴﺔ ﺍﻟﺸﺒﻜﺔ ﺳﻴﺎﻗﺎً ﻟﻔﻬﻢ ﺑﻨﻴﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﺨﺎﺻﺔ ﺑﺎﻟﻤﺆﺳﺴﺔ ‪ ،‬ﻭﻫﻨﺎﻙ ﺃﻧﻮﺍﻉ ﺑﻨﻴﺔ ﻣﺘﻌﺪﺩﺓ ﻳﻤﻜﻦ‬
    ‫ﺍﻻﺧﺘﻴﺎﺭﻣﻦ ﺑﻴﻨﻬﺎ‪.‬‬

    ‫ﺍﻟﻨﺪﻟﻠﻨﺪ‬
    ‫ﺗﺴُﺘﺨﺪﻡﺑﻨﻴﺔ ﺍﻟﻨﺪ ﻟﻠﻨﺪ ﺃﻭ ‪ P2P‬ﻋﺎﺩﺓ ًﻟﺨﻮﺍﺩﻡ ﺍﻟﺸﺒﻜﺎﺕ ﺃﻭ ﺃﻧﻈﻤﺔ ﺍﻟﻤﺴﺘﺨﺪﻡ ﺍﻟﻨﻬﺎﺉﻲ ﺍﻷﺻﻐﺮ ‪ ،‬ﻭﻳﺸُﺎﺭ ﺇﻟﻴﻬﺎ ﺃﺣﻴﺎﻧﺎً‬
    ‫ﺑﺎﺳﻢﺷﺒﻜﺔ ﻣﺸﺎﺭﻛﺔ ﻣﻠﻔﺎﺕ ﺍﻟﺘﻄﺒﻴﻖ ﺍﻟﻤﻮﺯﻋﺔ‪ .‬ﻳﺸﻴﺮ ﺍﻟﺘﻄﺒﻴﻖ ﺍﻟﻤﻮﺯﻉ ﺇﻟﻰ ﺍﻟﺒﺮﺍﻣﺞ ﺃﻭ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﺘﻲ ﻳﺘﻢ‬
    ‫ﺗﻨﻔﻴﺬﻫﺎﺃﻭ ﺗﺸﻐﻴﻠﻬﺎ ﻋﻠﻰ ﻋﻘﺪ ﻣﺘﻌﺪﺩﺓ ﺩﺍﺧﻞ ﺍﻟﺸﺒﻜﺔ‪.‬‬

    ‫ﺗﺸﻴﺮﺑﻨﻴﺔ ‪ P2P‬ﺇﻟﻰ ﻋﺪﻡ ﻭﺟﻮﺩ ﺗﺴﻠﺴﻞ ﻫﺮﻣﻲ ﻟﻠﺸﺒﻜﺔ‪ .‬ﻳﺘﻢ ﺗﻨﻔﻴﺬ ﺍﻟﻤﻬﺎﻡ ﻭﻣﺸﺎﺭﻛﺔ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺑﻴﻦ ﺃﻋﻀﺎء ﺍﻟﺸﺒﻜﺔ )‬
    ‫ﺍﻟﻌﻘﺪ( ﻋﺒﺮ ﻟﻮﺣﺔ ﻭﺻﻞ‪ .‬ﻓﻲ ﺣﻴﻦ ﺃﻥ ﺑﻌﺾ ﺍﻟﻌﻘﺪ ﻗﺪ ﺗﻜﻮﻥ ﺃﻛﺜﺮ ﻗﻮﺓ ﺑﺴﺒﺐ ﺍﺧﺘﻼﻓﺎﺕ ﺍﻷﺟﻬﺰﺓ ﺃﻭ ﺗﺤﺘﻮﻱ ﻋﻠﻰ‬
    ‫ﺑﻴﺎﻧﺎﺕﻣﺨﺘﻠﻔﺔ ﺑﺴﺒﺐ ﺍﻟﻐﺮﺽ ﻣﻨﻬﺎ ‪ ،‬ﻓﺈﻥ ﺗﺼﻤﻴﻢ ﺷﺒﻜﺔ ‪ P2P‬ﻳﻮﻓﺮ ﻧﻔﺲ ﺍﻻﻣﺘﻴﺎﺯﺍﺕ ﺃﻭ ﻣﺴﺘﻮﻳﺎﺕ ﺍﻟﺴﻠﻄﺔ ﺑﻴﻦ‬
    ‫ﺟﻤﻴﻊﺍﻟﻌﻘﺪ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪22‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﺸﻜﻞ‪ :7‬ﻧﻤﻮﺫﺝ ﺷﺒﻜﺔ ﺍﻟﻨﺪ ﻟﻠﻨﺪ‬ ‫ﻓﻲﺷﺒﻜﺔ ‪ ، P2P‬ﻳﻤﻜﻦ ﻟﻠﻌﻘﺪ ﺍﻻﺗﺼﺎﻝ ﺑﺒﻌﻀﻬﺎ‬
    ‫ﺍﻟﺒﻌﺾﻣﺒﺎﺷﺮﺓ ‪ ،‬ﻣﻤﺎ ﻳﻤﻨﺢ ﻫﺬﻩ ﺍﻟﺒﻨﻴﺔ ﻣﺮﻭﻧﺔ ﺃﻛﺒﺮ ﻓﻲ‬
    ‫ﺗﺼﻤﻴﻢﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﻤﻮﺯﻋﺔ‪ .‬ﺗﻮﻓﺮ ﻫﺬﻩ ﺍﻟﺒﻨﻴﺔ ﻣﺮﻭﻧﺔ‬
    ‫ﻟﻠﺘﻐﻴﻴﺮﻭﺍﻻﺿﻄﺮﺍﺏ ﻷﻥ ﺍﻟﺘﺒﻌﻴﺎﺕ ﺑﻴﻦ ﺍﻟﻌﻘﺪ ﺍﻟﻨﻈﻴﺮﺓ‬
    ‫ﺣﺎﺳﻮﺏ‬
    ‫ﻣﻨﺨﻔﻀﺔ‪.‬ﺗﻌﻤﻞ ﺑﻨﻴﺔ ‪ P2P‬ﻋﻠﻰ ﺗﺒﺴﻴﻂ ﻃﺒﻘﺎﺕ‬
    ‫ﺣﺎﺳﻮﺏ‬
    ‫ﺍﻟﺨﺪﻣﺔ)ﺭﺍﺟﻊ ﻧﻤﻮﺫﺝ ‪ OSI‬ﺫﻭ ﺍﻟﻄﺒﻘﺎﺕ ﺍﻟﺴﺒﻊ ﻓﻲ‬
    ‫ﻣﺮَﻛﺰَ‬
    ‫ﺍﻟﺸﻜﻞ‪ (11‬ﻋﻦ ﻃﺮﻳﻖ ﺗﺒﺴﻴﻂ ﺗﺼﻤﻴﻤﺎﺕ ﺍﻻﺗﺼﺎﻝ‬
    ‫ﺑﻴﻦﺍﻟﻌﻘﺪ‪.‬‬
    ‫ﺣﺎﺳﻮﺏ‬ ‫ﺣﺎﺳﻮﺏﻣﺤﻤﻮﻝ‬

    ‫ﺍﻟﻤﺼﺪﺭ‪:‬ﻣﻌﻬﺪ ﺍﻟﻤﺮﺍﺟﻌﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬


    ‫ﻳﻤﻜﻦﺗﻜﻮﻳﻦ ﺷﺒﻜﺔ ‪ ، LAN‬ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﻋﻠﻰ ﺃﻧﻬﺎ‬
    ‫ﺑﻨﻴﺔ‪ ، P2P‬ﻛﻤﺎ ﻫﻮ ﻣﻮﺿﺢ ﻓﻲ ﺍﻟﺸﻜﻞ ‪.7‬‬

    ‫ﺧﺪﻣﺔﺍﻟﺰﺑﺎﺉﻦ‬
    ‫ﺍﻟﺸﻜﻞ‪ :8‬ﻧﻤﻮﺫﺝ ﺷﺒﻜﺔ ﺧﺎﺩﻡ ﺍﻟﻌﻤﻴﻞ‬ ‫ﺑﻨﻴﺔﺧﺎﺩﻡ ﺍﻟﻌﻤﻴﻞ ﻫﻲ ﻧﻤﻮﺫﺝ ﻳﻌﺘﻤﺪ ﻋﻠﻰ ﺍﻟﺘﺴﻠﺴﻞ‬
    ‫ﺍﻟﻬﺮﻣﻲﻟﻠﺨﺪﻣﺔ‪ .‬ﻳﻄﻠﺐ ﺍﻟﻌﻤﻼء ﺍﻟﻔﺮﺩﻳﻮﻥ ﺃﻭ ﺍﻟﻌﻘﺪ )ﺃﻱ‬
    ‫ﻛﻤﺒﻴﻮﺗﺮﻣﺘﺼﻞ ﺑﺎﻟﺸﺒﻜﺔ( ﺧﺪﻣﺎﺕ ﻣﻦ ﺍﻟﺨﻮﺍﺩﻡ‪ .‬ﺛﻢ ﻳﻘﻮﻡ‬
    ‫ﺍﻟﺨﺎﺩﻡ)ﺍﻟﺨﻮﺍﺩﻡ( ﺑﺘﻮﻓﻴﺮ ﺍﻟﺨﺪﻣﺔ )ﺍﻟﺨﺪﻣﺎﺕ( ﻟﻠﻌﻤﻴﻞ‪.‬‬
    ‫ﺷﺒﻜﺔ‬ ‫ﻋﻤﻴﻞ‬ ‫ﻫﺬﻩﺍﻟﻄﺮﻳﻘﺔ ﻣﻔﻴﺪﺓ ﻟﺠﻮﺍﻧﺒﻬﺎ ﺍﻷﻣﻨﻴﺔ‪ .‬ﻋﻠﻰ ﺳﺒﻴﻞ‬
    ‫ﺍﻟﻤﺜﺎﻝ ‪،‬ﺗﺴﺘﺨﺪﻡ ﺧﻮﺍﺩﻡ ﺍﻟﻤﺼﺎﺩﻗﺔ )ﺃﻱ ﺗﺴﺠﻴﻞ ﺍﻟﺪﺧﻮﻝ‬
    ‫ﺍﻟﺨﺎﺩﻡ‬ ‫( ﺗﺴﻠﺴﻼ ًﻫﺮﻣﻴﺎً ﻟﺘﻮﻓﻴﺮ ﻭﺻﻮﻝ ﺁﻣﻦ ﺇﻟﻰ ﻣﻮﺍﺭﺩ ﺍﻟﺸﺒﻜﺔ‪.‬‬
    ‫ﻳﻮﻓﺮﺍﻟﻌﻤﻴﻞ ﺑﻴﺎﻧﺎﺕ ﺍﻋﺘﻤﺎﺩ ﻟﺨﺎﺩﻡ ﺗﺴﺠﻴﻞ ﺍﻟﺪﺧﻮﻝ‬
    ‫ﻋﻤﻴﻞ‬
    ‫ﻭﻳﺘﻠﻘﻰﺭﻣﺰ ﻭﺻﻮﻝ ﺃﻭ ﻣﻔﺘﺎﺡ‪.‬‬
    ‫ﺍﻟﻤﺼﺪﺭ‪:‬ﻣﻌﻬﺪ ﺍﻟﻤﺮﺍﺟﻌﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬

    ‫ﻋﻠﻰﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﻳﻤﻜﻦ ﺗﻜﻮﻳﻦ ﺷﺒﻜﺔ ‪ LAN‬ﻋﻠﻰ ﺃﻧﻬﺎ ﺑﻨﻴﺔ ﺧﺎﺩﻡ ﻋﻤﻴﻞ ‪ ،‬ﻛﻤﺎ ﻫﻮ ﻣﻮﺿﺢ ﻓﻲ ﺍﻟﺸﻜﻞ ‪.8‬‬

    ‫ﻳﻤﻜﻦﺃﻥ ﺗﻜﻮﻥ ﺍﻟﻌﻘﺪﺓ ﺍﻟﻤﻔﺮﺩﺓ ﻋﺒﺎﺭﺓ ﻋﻦ ﻋﻤﻴﻞ ﻭﺧﺎﺩﻡ ‪ ،‬ﻣﻤﺎ ﻳﻮﻓﺮ ﺳﻬﻮﻟﺔ ﻓﻲ ﺍﻟﺘﺨﻄﻴﻂ ﻭﺍﻟﻔﻬﻢ ﻟﻌﻤﻠﻴﺎﺕ ﺗﻨﻔﻴﺬ‬
    ‫ﺍﻟﺸﺒﻜﺔﻋﻠﻰ ﻧﻄﺎﻕ ﺻﻐﻴﺮ ﺃﻭ ﻋﻠﻰ ﺃﺳﺎﺱ ﺍﻟﻤﻮﻗﻊ‪.‬‬

    ‫ﺍﻟﺸﻜﻞ‪ :9‬ﻫﻨﺪﺳﺔ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻬﺠﻴﻨﺔ‬

    ‫ﺟﻬﺎﺯﺍﻟﺘﻮﺟﻴﻪ‬
    ‫ﻋﻤﻴﻞ‬

    ‫ﻃﺎﺑﻌﺔ‬ ‫ﺣﺎﺳﻮﺏ‬ ‫ﺣﺎﺳﻮﺏ‬ ‫ﺍﻟﻤﺎﺳﺢﺍﻟﻀﻮﺉﻲ‬ ‫ﺍﻟﺨﺎﺩﻡ‬ ‫ﻋﻤﻴﻞ‬

    ‫ﻋﻤﻴﻞ‬
    ‫ﺍﻟﻤﺼﺪﺭ‪:‬ﻣﻌﻬﺪ ﺍﻟﻤﺮﺍﺟﻌﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪23‬‬ ‫‪www.theiia.org‬‬


    ‫ﻫﺠﻴﻦ‬
    ‫ﺇﻥﺑﻨﻴﺔ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻬﺠﻴﻨﺔ ‪ ،‬ﻛﻤﺎ ﻫﻮ ﻣﻮﺿﺢ ﻓﻲ ﺍﻟﺸﻜﻞ ‪ ، 9‬ﻛﻤﺎ ﻳﻮﺣﻲ ﺍﻻﺳﻢ ‪ ،‬ﻫﻲ ﻣﺰﻳﺞ ﻣﻦ ﺃﻧﻮﺍﻉ ﺧﺎﺩﻡ ﻋﻤﻴﻞ‬
    ‫ﻭﺧﺎﺩﻡﻧﻈﻴﺮ ﺇﻟﻰ ﻧﻈﻴﺮ‪ .‬ﺑﺎﺳﺘﺜﻨﺎء ﺃﺻﻐﺮ ﺍﻟﺸﺒﻜﺎﺕ ‪ ،‬ﻧﺎﺩﺭﺍً ﻣﺎ ﺗﻮﺟﺪ ﺷﺒﻜﺔ ‪ P2P‬ﺃﻭ ﺷﺒﻜﺔ ﺧﺎﺩﻡ ﻋﻤﻴﻞ ‪ ،‬ﻭﻣﻦ ﺍﻟﻨﺎﺣﻴﺔ‬
    ‫ﺍﻟﻮﻇﻴﻔﻴﺔ ‪،‬ﺗﻘﺪﻡ ﺟﻤﻴﻊ ﺍﻟﺸﺒﻜﺎﺕ ﻧﻤﺎﺫﺝ ﺧﺪﻣﺔ ﻣﺨﺘﻠﻄﺔ ‪ ،‬ﺍﻋﺘﻤﺎﺩﺍً ﻋﻠﻰ ﺍﻟﺨﺪﻣﺎﺕ ﺍﻟﻤﻄﻠﻮﺑﺔ‪ .‬ﻳﻤﻜﻦ ﻟﻌﻘﺪﺓ ﻭﺍﺣﺪﺓ‬
    ‫ﺍﺳﺘﺨﺪﺍﻡﺧﺪﻣﺎﺕ ﻣﻦ ﺧﺎﺩﻡ ﻋﻠﻰ ﺍﻟﺸﺒﻜﺔ ﺃﺛﻨﺎء ﺍﻟﻤﺸﺎﺭﻛﺔ ﻣﻊ ﻧﻈﻴﺮ ﻓﻲ ﻧﻈﺎﻡ ﻣﻠﻔﺎﺕ ﻣﻮﺯﻉ ﺃﻳﻀﺎً ﻋﻠﻰ ﺍﻟﺸﺒﻜﺔ‬
    ‫ﻭﺗﻘﺪﻳﻢﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺇﻟﻰ ﻋﻤﻴﻞ ‪ ،‬ﻭﻛﻞ ﺫﻟﻚ ﻋﻠﻰ ﻧﻔﺲ ﺍﻟﺸﺒﻜﺔ‪.‬‬

    ‫ﻣﻦﺍﻟﻨﺎﺣﻴﺔ ﺍﻟﻮﻇﻴﻔﻴﺔ ‪ ،‬ﺗﻌﺪ ﺑﻨﻴﺔ ﺍﻟﺸﺒﻜﺔ ﺃﻛﺜﺮ ﻣﻦ ﻣﺠﺮﺩ ﻧﻈﺎﻡ ﺍﺗﺼﺎﻻﺕ ﺑﻴﻦ ﺍﻟﻌﻘﺪ‪ .‬ﺗﻄﻮﺭﺕ ﻣﺘﻄﻠﺒﺎﺕ ﺍﻟﺤﻮﺳﺒﺔ‬
    ‫ﺍﻟﺤﺪﻳﺜﺔﺑﺴﺮﻋﺔ ‪ ،‬ﻭﺗﺘﻄﻠﺐ ﺍﻟﺸﺒﻜﺎﺕ ﺗﺤﻜﻤﺎً ﻣﺮﻛﺰﻳﺎً ﻓﻲ ﺑﻨﻴﺔ ﺧﺪﻣﺔ ﺍﻟﻌﻤﻴﻞ ﻟﺒﻌﺾ ﺍﻟﻤﺘﻄﻠﺒﺎﺕ ‪ ،‬ﻭﻟﻜﻨﻬﺎ ﺗﺤﺘﺎﺝ‬
    ‫ﺃﻳﻀﺎًﺇﻟﻰ ﻣﺮﻭﻧﺔ ﻋﻼﻗﺎﺕ ‪ P2P‬ﺍﻟﻤﻔﺘﻮﺣﺔ ﻟﻤﻄﺎﻟﺐ ﺃﺧﺮﻯ‪.‬‬

    ‫ﺍﻟﻘﺎﺉﻢﻋﻠﻰ ﺍﻟﺴﺤﺎﺑﺔ‬
    ‫ﻓﻲﺍﻟﻨﻤﻮﺫﺝ ﺍﻟﺘﻘﻠﻴﺪﻱ "ﺍﻟﻤﺤﻠﻲ" ‪ ،‬ﺗﻜﻮﻥ ﺍﻟﻤﻨﻈﻤﺔ ﻣﺴﺆﻭﻟﺔ ﻋﻦ ﺟﻤﻴﻊ ﺟﻮﺍﻧﺐ ﺍﻟﺸﺒﻜﺔ ‪ ،‬ﺑﻤﺎ ﻓﻲ ﺫﻟﻚ ﺍﻣﺘﻼﻙ‬
    ‫ﻭﺻﻴﺎﻧﺔﺟﻤﻴﻊ ﺍﻟﺨﻮﺍﺩﻡ ﻭﺍﻟﺘﺨﺰﻳﻦ ﻭﺃﻧﻈﻤﺔ ﺍﻟﺘﺸﻐﻴﻞ ﻭﺗﻄﻮﻳﺮ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﺻﻴﺎﻧﺘﻬﺎ‪ .‬ﺗﻘﺪﻡ ﺍﻟﺨﺪﻣﺎﺕ ﺍﻟﻤﺴﺘﻨﺪﺓ ﺇﻟﻰ‬
    ‫ﺍﻟﺴﺤﺎﺑﺔﺑﺪﻳﻼ ًﻟﻬﺬﺍ ﺍﻟﻨﻤﻮﺫﺝ‪.‬‬

    ‫ﻭﻓﻘﺎًﻟﻠﻤﻌﻬﺪ ﺍﻟﻮﻃﻨﻲ ﻟﻠﻤﻌﺎﻳﻴﺮ ﻭﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ )‪" ، (NIST‬ﺗﻌﺪ ﺍﻟﺤﻮﺳﺒﺔ ﺍﻟﺴﺤﺎﺑﻴﺔ ﻧﻤﻮﺫﺟﺎً ﻟﺘﻤﻜﻴﻦ ﺍﻟﻮﺻﻮﻝ ﺍﻟﺸﺎﻣﻞ‬
    ‫ﻭﺍﻟﻤﺮﻳﺢﻭﺍﻟﺸﺒﻜﺔ ﻋﻨﺪ ﺍﻟﻄﻠﺐ ﺇﻟﻰ ﻣﺠﻤﻮﻋﺔ ﻣﺸﺘﺮﻛﺔ ﻣﻦ ﻣﻮﺍﺭﺩ ﺍﻟﺤﻮﺳﺒﺔ ﺍﻟﻘﺎﺑﻠﺔ ﻟﻠﺘﻜﻮﻳﻦ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪،‬‬
    ‫ﺍﻟﺸﺒﻜﺎﺕﻭﺍﻟﺨﻮﺍﺩﻡ ﻭﺍﻟﺘﺨﺰﻳﻦ ﻭﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﺍﻟﺨﺪﻣﺎﺕ ( ﺍﻟﺘﻲ ﻳﻤﻜﻦ ﺗﻮﻓﻴﺮﻫﺎ ﻭﺇﺻﺪﺍﺭﻫﺎ ﺑﺴﺮﻋﺔ ﺑﺄﻗﻞ ﺟﻬﺪ ﺇﺩﺍﺭﻱ ﺃﻭ‬
    ‫ﺗﻔﺎﻋﻞﻣﺰﻭﺩ ﺍﻟﺨﺪﻣﺔ "ﻋﺒﺮ ﺍﻹﻧﺘﺮﻧﺖ‪1.‬‬

    ‫ﻓﻲﻫﺬﺍ ﺍﻟﻨﻤﻮﺫﺝ ‪ ،‬ﺗﻘﻮﻡ ﺍﻟﻤﺆﺳﺴﺔ ﺑﺈﺷﺮﺍﻙ ﻣﻮﻓﺮ ﺧﺎﺭﺟﻲ ﻟﺘﻘﺪﻳﻢ ﺍﻟﺨﺪﻣﺎﺕ ﺍﻟﻤﺴﺘﻨﺪﺓ ﺇﻟﻰ ﻣﺠﻤﻮﻋﺔ ﺍﻟﻨﻈﺮﺍء‪.‬‬
    ‫ﻳﻤﻜﻦﻟﻠﺒﻨﻴﺔ ﺍﻟﻘﺎﺉﻤﺔ ﻋﻠﻰ ﺍﻟﺴﺤﺎﺑﺔ ﺩﻣﺞ ﺃﻭ ﺗﺒﺴﻴﻂ ﺑﻌﺾ ﻋﻼﻗﺎﺕ ﺍﻟﺸﺒﻜﺔ ﻭﺗﻮﻓﺮ ﺍﻟﻤﺮﻭﻧﺔ ﻟﻤﺘﻠﻘﻲ ﺍﻟﺨﺪﻣﺔ‬
    ‫ﺍﻟﺴﺤﺎﺑﻴﺔ‪.‬‬

    ‫ﻫﻨﺎﻙﺛﻼﺛﺔ ﺃﻧﻮﺍﻉ ﻋﺎﻣﺔ ﻣﻦ ﺍﻟﺨﺪﻣﺎﺕ ﺍﻟﺴﺤﺎﺑﻴﺔ ﺣﻴﺚ ﻳﻤﻜﻦ ﺍﻹﺷﺎﺭﺓ ﺇﻟﻰ ﻧﻮﻉ ﺍﻟﺨﺪﻣﺔ ﺑﺎﺳﻢ "‪ "X‬ﻛﺨﺪﻣﺔ ‪،‬‬
    ‫ﻭﺍﻟﻤﺨﺘﺼﺮﺓ‪ XaaS. XaaS‬ﺗﻌﻨﻲ "ﺍﻟﺘﺴﻠﻴﻢ ﺃﻭ ﺃﻱ ﺷﻲء ﻛﺨﺪﻣﺔ‪ :‬ﺍﻟﻤﻨﺘﺠﺎﺕ ﻭﺍﻟﺨﺪﻣﺎﺕ ﻭﺍﻟﺘﻘﻨﻴﺎﺕ‪ ".‬ﺗﺸﻤﻞ ﺃﻧﻮﺍﻉ‬
    ‫ﺍﻟﺨﺪﻣﺎﺕﺍﻟﺴﺤﺎﺑﻴﺔ ﺍﻟﻌﺎﻣﺔ ﺍﻟﺜﻼﺛﺔ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ )‪ (IaaS‬ﺃﻭ ﺍﻟﻨﻈﺎﻡ ﺍﻷﺳﺎﺳﻲ )‪ (PaaS‬ﺃﻭ ﺍﻟﺒﺮﺍﻣﺞ )‪ .(SaaS‬ﺗﺘﻀﻤﻦ‬
    ‫ﺍﻟﺘﻔﺎﺻﻴﻞﺍﻟﺨﺎﺻﺔ ﺑﻜﻞ ﻣﻦ ﻫﺬﻩ ﺍﻟﻄﺮﺍﺯﺍﺕ ‪ ،‬ﻣﻘﺎﺭﻧﺔ ﺑﺎﻟﻨﻤﻮﺫﺝ ﺍﻟﺘﻘﻠﻴﺪﻱ ﺩﺍﺧﻞ ﺍﻟﺸﺮﻛﺔ ﻣﺎ ﻳﻠﻲ‪:‬‬

    ‫ﻓﻲﻣﻘﺮ ﺍﻟﺸﺮﻛﺔ ‪-‬ﺍﻟﻤﻨﻈﻤﺔ ﻣﺴﺆﻭﻟﺔ ﻋﻦ ﺟﻤﻴﻊ ﺟﻮﺍﻧﺐ ﺍﻟﺸﺒﻜﺔ ‪ ،‬ﺑﻤﺎ ﻓﻲ ﺫﻟﻚ ﺻﻴﺎﻧﺔ ﺟﻤﻴﻊ‬ ‫‪-‬‬
    ‫ﺍﻟﺨﻮﺍﺩﻡﻭﺍﻟﺘﺨﺰﻳﻦ ﻭﺃﻧﻈﻤﺔ ﺍﻟﺘﺸﻐﻴﻞ ﻭﺗﻄﻮﻳﺮ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﺻﻴﺎﻧﺘﻬﺎ‪.‬‬

    ‫ﺍﻟﺒﻨﻴﺔﺍﻟﺘﺤﺘﻴﺔ ﻛﺨﺪﻣﺔ )‪- (IaaS‬ﺗﻤﺘﻠﻚ ﺍﻟﻤﻨﻈﻤﺔ ﺻﻴﺎﻧﺔ ﺍﻟﺨﻮﺍﺩﻡ ﺩﺍﺧﻞ ﺍﻟﺴﺤﺎﺑﺔ‪ .‬ﻫﺬﺍ ﻧﻤﻮﺫﺝ ﺍﻟﺪﻓﻊ‬ ‫‪-‬‬
    ‫ﻋﻨﺪﺍﻻﺳﺘﺨﺪﺍﻡ ﻟﻠﺸﺒﻜﺔ ﻭﺍﻟﺨﻮﺍﺩﻡ ﻭﺍﻟﺘﺨﺰﻳﻦ ﻭﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﻣﺎ ﺇﻟﻰ ﺫﻟﻚ ‪ ،‬ﺣﻴﺚ ﻳﻤﻜﻦ ﺗﻌﺪﻳﻞ ﺍﻟﺤﺠﻢ‬
    ‫ﺣﺴﺐﺍﻟﺤﺎﺟﺔ‪ .‬ﺍﻟﻤﺘﻠﻘﻲ‬

    ‫‪.‬ﺳﺒﺘﻤﺒﺮ‪Computing ،" NIST Information Technology Laboratory ، Computer Security Resource Center ، SP 800-145 ، 2011‬‬
    ‫‪.https://csrc.nist.gov/publications/detail/sp/800- 145 / final1. Peter Mell ، Tim Grance ، "The NIST Definition of Cloud‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪24‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻤﻨﻈﻤﺔﻣﺴﺆﻭﻟﺔ ﻋﻦ ﺟﻤﻴﻊ ﺍﻟﺘﻜﻮﻳﻨﺎﺕ ﺍﻟﻤﻨﻄﻘﻴﺔ ﻭﺍﻟﺼﻴﺎﻧﺔ ‪ ،‬ﻋﻠﻰ ﺍﻟﺮﻏﻢ ﻣﻦ ﺃﻧﻬﺎ ﻋﺎﺩﺓ ﻻ ﺗﻤﻠﻚ ﺣﻖ‬
    ‫ﺍﻟﻮﺻﻮﻝﺇﻟﻰ ﺍﻷﺟﻬﺰﺓ‪ .‬ﻏﺎﻟﺒﺎً ﻣﺎ ﺗﺴﺘﺨﺪﻡ ﺍﻟﻤﺆﺳﺴﺎﺕ ﺍﻟﺘﻲ ﺗﺮﻏﺐ ﻓﻲ ﻣﻴﺰﺍﺗﻬﺎ ﻭﻭﻇﺎﺉﻔﻬﺎ ﺍﻟﺨﺎﺻﺔ‬
    ‫‪ IaaS‬ﻟﺘﻄﻮﻳﺮ ﺗﻄﺒﻴﻘﺎﺕ ﻣﺨﺼﺼﺔ ﺩﻭﻥ ﺍﻟﺤﺎﺟﺔ ﺇﻟﻰ ﺇﺳﻜﺎﻥ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ‪ .‬ﻓﻲ ﻫﺬﻩ ﺍﻟﺤﺎﻟﺔ ‪ ،‬ﻳﻮﻓﺮ‬
    ‫ﻣﻮﻓﺮ‪ ، IaaS‬ﻣﺜﻞ (‪ Amazon Web Services )AWS‬ﺃﻭ ‪ Microsoft‬ﺃﻭ ‪ Google‬ﺃﻭ ‪ ، IBM‬ﻧﻈﺎﻣﺎً‬
    ‫ﺃﺳﺎﺳﻴﺎًﻳﻤﻜﻦ ﻟﻠﻤﺆﺳﺴﺎﺕ ﻣﻦ ﺧﻼﻟﻪ ﺗﻄﻮﻳﺮ ﺗﻄﺒﻴﻘﺎﺗﻬﺎ ﺑﺴﺮﻋﺔ‪.‬‬

    ‫ﺍﻟﻨﻈﺎﻡﺍﻷﺳﺎﺳﻲ ﻛﺨﺪﻣﺔ )‪- (PaaS‬ﻳﻮﻓﺮ ﺃﺩﻭﺍﺕ ﺍﻷﺟﻬﺰﺓ ﻭﺍﻟﺒﺮﺍﻣﺞ )ﺍﻟﻨﻈﺎﻡ ﺍﻷﺳﺎﺳﻲ( ﻹﻧﺸﺎء ﺍﻟﺒﺮﺍﻣﺞ‬ ‫‪-‬‬
    ‫ﻭﺍﻟﺘﻄﺒﻴﻘﺎﺕ‪.‬ﻫﺬﻩ ﺍﻟﺒﻨﻴﺔ ﻣﻨﺎﺳﺒﺔ ﻟﻠﻤﺆﺳﺴﺎﺕ ﺍﻟﺘﻲ ﺗﺮﻏﺐ ﻓﻲ ﺍﺳﺘﻀﺎﻓﺔ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﺗﺸﻐﻴﻠﻬﺎ ﻓﻲ‬
    ‫ﺍﻟﺴﺤﺎﺑﺔﺩﻭﻥ ﺍﻟﺤﺎﺟﺔ ﺇﻟﻰ ﺇﺩﺍﺭﺓ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ )ﻣﺜﻞ ﺍﻟﺘﺨﺰﻳﻦ ﻭﺍﻟﺘﺤﺪﻳﺜﺎﺕ ﻭ ‪ .(O / S‬ﻳﺸﻤﻞ ﻣﻮﻓﺮﻭ‬
    ‫‪ ، PaaS‬ﻣﻦ ﺑﻴﻦ ﺁﺧﺮﻳﻦ ‪ Microsoft Google ،‬ﻭ ‪.AWS‬‬

    ‫ﺍﻟﺒﺮﻣﺠﻴﺎﺕﻛﺨﺪﻣﺔ )‪- (SaaS‬ﺗﻄﺒﻴﻖ ﻳﺘﻢ ﺗﺴﻠﻴﻤﻪ ﻋﺒﺮ ﺍﻟﺴﺤﺎﺑﺔ ﺍﻟﻤﺘﺎﺣﺔ ﻋﺒﺮ ﺍﻹﻧﺘﺮﻧﺖ ‪ ،‬ﻣﻘﺎﺑﻞ ﺭﺳﻮﻡ‬ ‫‪-‬‬
    ‫ﻣﺤﺪﺩﺓﻋﺎﺩﺓ‪ ً.‬ﻳﺘﻴﺢ ﻫﺬﺍ ﺍﻟﻨﻤﻮﺫﺝ ﺃﻛﺒﺮ ﻗﺪﺭ ﻣﻦ ﺍﻟﻤﺮﻭﻧﺔ ﻟﻠﻤﻨﻈﻤﺔ ﺍﻟﻤﺘﻠﻘﻴﺔ‪ .‬ﻳﺸﻤﻞ ﻣﻮﻓﺮﻭ ‪SaaS‬‬
    ‫ﺗﻄﺒﻴﻘﺎﺕ‪ Google‬ﻭ ‪ Netsuite‬ﻭ ‪ Salesforce.com‬ﻭ ‪ ServiceNow‬ﻭ ‪ Workday‬ﻭ ‪Dropbox‬‬
    ‫ﻭ‪ ، DocuSign‬ﻣﻦ ﺑﻴﻦ ﺁﺧﺮﻳﻦ‪.‬‬

    ‫ﻋﻠﻰﺍﻟﺮﻏﻢ ﻣﻦ ﺃﻥ ﺍﻟﻤﻮﻓﺮﻳﻦ ﺍﻟﺨﺎﺭﺟﻴﻴﻦ ﻳﺴﺘﺨﺪﻣﻮﻥ ﻫﺬﻩ ﺍﻟﻤﺼﻄﻠﺤﺎﺕ ﻟﻠﺘﺴﻮﻳﻖ ﻭﺷﺮﺡ ﺧﺪﻣﺎﺗﻬﻢ ﻭﺃﺳﺎﻟﻴﺒﻬﻢ ‪ ،‬ﻓﻘﺪ ﻳﺴﺘﺨﺪﻡ ﻗﺴﻢ‬
    ‫ﺗﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻓﻲ ﺍﻟﻤﺆﺳﺴﺔ ﺍﻟﻤﺼﻄﻠﺤﺎﺕ ﺃﻳﻀﺎً ﺇﺫﺍ ﻛﺎﻧﻮﺍ ﻳﻘﺪﻣﻮﻥ ﻣﺜﻞ ﻫﺬﻩ ﺍﻟﺨﺪﻣﺎﺕ‪.‬‬

    ‫ﻳﺼﻒﻣﺼﻄﻠﺢ "ﺍﻟﺴﺤﺎﺑﺔ" ﻛﻴﻔﻴﺔ ﺗﺨﺰﻳﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺍﻟﻮﺻﻮﻝ ﺇﻟﻴﻬﺎ ﻋﺒﺮ ﺍﻹﻧﺘﺮﻧﺖ ‪ ،‬ﻭﻟﻜﻦ ﺑﺸﻜﻞ‬
    ‫ﻣﺒﺴﻂ ‪،‬ﻫﻮ ﺍﺳﺘﺨﺪﺍﻡ ﺷﺒﻜﺔ ﻛﻤﺒﻴﻮﺗﺮ ﺷﺨﺺ ﺁﺧﺮ‪ .‬ﻳﻌﺪ ﺍﺳﺘﺨﺪﺍﻡ ﻣﺼﻄﻠﺢ ﺍﻟﺴﺤﺎﺑﺔ ﺑﻤﺜﺎﺑﺔ ﺍﻋﺘﺮﺍﻑ ﺑﺄﻥ ﺑﻨﻴﺔ‬
    ‫ﺍﻟﺸﺒﻜﺔﻏﻴﺮ ﺫﺍﺕ ﺻﻠﺔ ﺇﻟﻰ ﺣﺪ ﻛﺒﻴﺮ ﺑﻤﻌﻈﻢ ﻣﺴﺘﻬﻠﻜﻲ ﺧﺪﻣﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﻣﻦ ﺃﻧﻈﻤﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﺍﻟﺘﻨﻈﻴﻤﻴﺔ ﺇﻟﻰ ﺍﻟﻤﺴﺘﺨﺪﻣﻴﻦ ﺍﻟﻔﺮﺩﻳﻴﻦ‪ .‬ﻳﻮﺿﺢ ﺍﻟﺸﻜﻞ ‪ 10‬ﺍﻟﻨﻤﺎﺫﺝ ﺍﻟﻤﺤﻠﻴﺔ ﻭﺍﻟﺴﺤﺎﺑﺔ ﻭﺍﻟﻤﺴﺆﻭﻟﻴﺎﺕ‬
    ‫ﺍﻟﻨﻤﻮﺫﺟﻴﺔﺍﻟﻤﻘﺎﺑﻠﺔ‪ .‬ﻭﻣﻊ ﺫﻟﻚ ‪ ،‬ﻗﺪ ﺗﺨﺘﻠﻒ ﺑﻌﺾ ﻫﺬﻩ ﺍﻟﻤﺴﺆﻭﻟﻴﺎﺕ ﻋﻠﻰ ﺃﺳﺎﺱ ﻛﻞ ﺣﺎﻟﺔ ﻋﻠﻰ ﺣﺪﺓ ‪ ،‬ﻭﺗﻜﻮﻥ‬
    ‫ﺍﻟﻤﻨﻈﻤﺔﻣﺴﺆﻭﻟﺔ ﺩﺍﺉﻤﺎً ﺗﻘﺮﻳﺒﺎً ﻋﻦ ﺗﻮﻓﻴﺮ ﺍﻟﻤﺴﺘﺨﺪﻡ ﻭﺍﻟﻮﺻﻮﻝ ﺇﻟﻴﻪ ﻭﺍﻟﻤﺼﺎﺩﻗﺔ‪.‬‬

    ‫ﺍﻟﺸﻜﻞ‪ :10‬ﺑﻨﻴﺔ ﺍﻟﺴﺤﺎﺑﺔ ﺍﻟﻨﻤﻮﺫﺟﻴﺔ ﺣﺴﺐ ﺍﻟﻨﻮﻉ ﻭﺍﻟﻤﺴﺆﻭﻟﻴﺔ‬


    ‫‪SaaS‬‬ ‫‪PaaS‬‬ ‫‪IaaS‬‬ ‫ﻓﻲﻣﻜﺎﻥ ﺍﻟﻌﻤﻞ‬

    ‫ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‬ ‫ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‬ ‫ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‬ ‫ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‬

    ‫ﺣﻤﺎﻳﺔ‬ ‫ﺣﻤﺎﻳﺔ‬ ‫ﺣﻤﺎﻳﺔ‬ ‫ﺣﻤﺎﻳﺔ‬

    ‫ﻗﺎﻋﺪﺓﺍﻟﺒﻴﺎﻧﺎﺕ‬ ‫ﻗﺎﻋﺪﺓﺍﻟﺒﻴﺎﻧﺎﺕ‬ ‫ﻗﺎﻋﺪﺓﺍﻟﺒﻴﺎﻧﺎﺕ‬ ‫ﻗﺎﻋﺪﺓﺍﻟﺒﻴﺎﻧﺎﺕ‬

    ‫ﺃﻧﻈﻤﺔﺍﻟﺘﺸﻐﻴﻞ‬ ‫ﺃﻧﻈﻤﺔﺍﻟﺘﺸﻐﻴﻞ‬ ‫ﺃﻧﻈﻤﺔﺍﻟﺘﺸﻐﻴﻞ‬ ‫ﺃﻧﻈﻤﺔﺍﻟﺘﺸﻐﻴﻞ‬

    ‫ﺍﻻﻓﺘﺮﺍﺿﻴﺔ‬ ‫ﺍﻻﻓﺘﺮﺍﺿﻴﺔ‬ ‫ﺍﻻﻓﺘﺮﺍﺿﻴﺔ‬ ‫ﺍﻻﻓﺘﺮﺍﺿﻴﺔ‬

    ‫ﺍﻟﺨﻮﺍﺩﻡ‬ ‫ﺍﻟﺨﻮﺍﺩﻡ‬ ‫ﺍﻟﺨﻮﺍﺩﻡ‬ ‫ﺍﻟﺨﻮﺍﺩﻡ‬

    ‫ﺗﺨﺰﻳﻦ‬ ‫ﺗﺨﺰﻳﻦ‬ ‫ﺗﺨﺰﻳﻦ‬ ‫ﺗﺨﺰﻳﻦ‬

    ‫ﺷﺒﻜﺔ‬ ‫ﺷﺒﻜﺔ‬ ‫ﺷﺒﻜﺔ‬ ‫ﺷﺒﻜﺔ‬


    ‫ﻣﺮﺍﻛﺰﺍﻟﺒﻴﺎﻧﺎﺕ‬ ‫ﻣﺮﺍﻛﺰﺍﻟﺒﻴﺎﻧﺎﺕ‬ ‫ﻣﺮﺍﻛﺰﺍﻟﺒﻴﺎﻧﺎﺕ‬ ‫ﻣﺮﺍﻛﺰﺍﻟﺒﻴﺎﻧﺎﺕ‬

    ‫ﻳﺪﻳﺮﻫﺎﻣﺰﻭﺩ ﺍﻟﺴﺤﺎﺑﺔ‬ ‫ﺗﺪﺍﺭﻣﻦ ﻗﺒﻞ ﺍﻟﺸﺮﻛﺔ‬ ‫ﻣﻔﺘﺎﺡ‪:‬‬

    ‫ﺍﻟﻤﺼﺪﺭ‪:‬ﻣﻌﻬﺪ ﺍﻟﻤﺮﺍﺟﻌﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪25‬‬ ‫‪www.theiia.org‬‬


    ‫ﺑﺸﻜﻞﻋﺎﻡ ﻣﻦ ﻭﺟﻬﺔ ﻧﻈﺮ ﺍﻟﻤﺴﺆﻭﻟﻴﺔ ‪ ،‬ﺗﻜﻮﻥ ﺍﻟﻤﺆﺳﺴﺔ ﻣﺴﺆﻭﻟﺔ ﻋﺎﺩﺓ ًﻋﻦ ﺍﻷﻣﺎﻥ "ﻓﻲ" ﺍﻟﺴﺤﺎﺑﺔ ‪ ،‬ﺑﻴﻨﻤﺎ ﻳﻜﻮﻥ‬
    ‫ﻣﻮﻓﺮﺍﻟﺴﺤﺎﺑﺔ ﻣﺴﺆﻭﻻ ًﻋﻦ ﺃﻣﺎﻥ "ﺍﻟﺴﺤﺎﺑﺔ"‪.‬‬

    ‫ﻧﻤﻮﺫﺝﺷﺒﻜﺔ ﺍﻟﺨﺪﻣﺔ ﺫﺍﺕ ﺍﻟﻄﺒﻘﺎﺕ‬


    ‫ﺍﻟﺸﻜﻞ‪ :11‬ﻧﻤﻮﺫﺝ ‪ OSI‬ﺫﻭ ﺍﻟﻄﺒﻘﺎﺕ ﺍﻟﺴﺒﻊ‬ ‫ﻋﻨﺪﺍﻟﺮﺟﻮﻉ ﺇﻟﻰ ﺍﻟﺸﺒﻜﺎﺕ ‪ ،‬ﻣﻦ ﺍﻟﻤﻔﻴﺪ‬
    ‫ﺗﺼﻮﺭ"ﻃﺒﻘﺎﺕ" ﺍﻟﺸﺒﻜﺔ ﺍﻟﻤﺨﺘﻠﻔﺔ‬
    ‫ﺑﺎﺳﺘﺨﺪﺍﻡﻧﻤﻮﺫﺝ‪ .‬ﻳﺸُﺎﺭ ﺃﺣﻴﺎﻧﺎً ﺑﺸﻜﻞ‬
    ‫ﺟﻤﺎﻋﻲﺇﻟﻰ ﻣﻜﺪﺱ ﺍﻟﺸﺒﻜﺔ ‪ ،‬ﻭﻫﻮ ﻧﻤﻮﺫﺝ‬
    ‫ﻃﺒﻘﺎﺕﺍﻟﺸﺒﻜﺔ ﺍﻷﻛﺜﺮ ﺍﺳﺘﺨﺪﺍﻣﺎً ﻫﻮ ﻧﻤﻮﺫﺝ‬
    ‫ﺍﻟﻄﺒﻘﺎﺕﺍﻟﺴﺒﻌﺔ ﻟﻠﺘﻮﺻﻴﻞ ﺍﻟﺒﻴﻨﻲ ﻟﻸﻧﻈﻤﺔ‬
    ‫ﺍﻟﻤﻔﺘﻮﺣﺔ)‪ ، (OSI‬ﻛﻤﺎ ﻫﻮ ﻣﻮﺿﺢ ﻓﻲ‬
    ‫ﺍﻟﺸﻜﻞ‪.11‬‬

    ‫ﻣﺜﻞﺍﻟﻌﺪﻳﺪ ﻣﻦ ﻣﻔﺎﻫﻴﻢ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬


    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪،‬ﻫﺬﺍ ﺍﻟﻨﻤﻮﺫﺝ ﻟﻴﺲ ﻋﺎﻟﻤﻴﺎً ‪،‬‬
    ‫ﻭﻟﻜﻨﻪﻗﺪ ﻳﻜﻮﻥ ﻣﻔﻴﺪﺍً ﻋﻨﺪ ﺍﻟﺘﻔﻜﻴﺮ ﻓﻲ‬
    ‫ﺍﻟﺨﺪﻣﺎﺕﺍﻟﺘﻲ ﺗﻘﺪﻣﻬﺎ ﻣﻜﺪﺱ ﺍﻟﺸﺒﻜﺔ‪.‬‬
    ‫ﺗﻮﻓﺮﻣﻌﻈﻢ ﺃﻧﻈﻤﺔ ﺍﻟﺘﺸﻐﻴﻞ ﻣﻜﺪﺱ ﺷﺒﻜﺔ‬
    ‫ﻳﺤﺘﻮﻱﻋﻠﻰ ﺳﻠﺴﻠﺔ ﻣﻦ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﺘﻲ‬
    ‫ﺗﺴﻤﺢﺑﺎﻻﺗﺼﺎﻻﺕ ﻋﻦ ﺑﻌُﺪ ﻭﺇﺭﺳﺎﻝ ‪/‬‬
    ‫ﻟﻤﺰﻳﺪﻣﻦ ﺍﻟﺘﻔﺎﺻﻴﻞ ﺣﻮﻝ ﺗﻔﺎﺻﻴﻞ ﻧﻤﻮﺫﺝ ‪OSI‬‬ ‫ﺍﺳﺘﻘﺒﺎﻝﺍﻟﺒﻴﺎﻧﺎﺕ ﺇﻟﻰ ﺍﻷﺟﻬﺰﺓ ﺍﻟﺒﻌﻴﺪﺓ‪ .‬ﻛﻞ‬
    ‫ﺫﻭﺍﻟﻄﺒﻘﺎﺕ ﺍﻟﺴﺒﻌﺔ ‪ ،‬ﺭﺍﺟﻊ ﺍﻟﻤﻠﺤﻖ ‪ D‬ﻭﺍﻟﻤﻠﺤﻖ ‪E‬‬ ‫ﻃﺒﻘﺔﻟﺪﻳﻬﺎ ﻣﺴﺆﻭﻟﻴﺔ ﻭﺗﻌﻤﻞ ﺑﺸﻜﻞ‬
    ‫‪.‬‬ ‫ﻣﺴﺘﻘﻞﻋﻦ ﺍﻟﻄﺒﻘﺎﺕ ﺍﻷﺧﺮﻯ‪ .‬ﺑﺎﻹﺿﺎﻓﺔ‬
    ‫ﺇﻟﻰﺫﻟﻚ ‪ ،‬ﺗﻘﺒﻞ ﻛﻞ ﻃﺒﻘﺔ ﺍﻟﺒﻴﺎﻧﺎﺕ‬

    ‫ﻣﻦﺍﻟﻤﺴﺘﻮﻯ ﺍﻷﻋﻠﻰ ﻭﻳﺆﺩﻱ ﻭﻇﺎﺉﻔﻪ ﺍﻟﻤﻄﻠﻮﺑﺔ ﻗﺒﻞ ﺗﻤﺮﻳﺮﻩ ﺇﻟﻰ ﻣﺴﺘﻮﻯ ﺃﺩﻧﻰ‪ .‬ﻳﺸُﺎﺭ ﺇﻟﻰ ﺫﻟﻚ ﺑﺘﻤﺮﻳﺮ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬
    ‫ﺇﻟﻰﺃﺳﻔﻞ "ﻣﻜﺪﺱ ﺍﻟﺸﺒﻜﺔ" ﻭﻳﺴﻤﺢ ﻟﻠﻤﻄﻮﺭﻳﻦ ﺑﺎﻓﺘﺮﺍﺽ ﺃﻥ ﺍﻟﺨﺪﻣﺎﺕ ﺍﻟﻀﺮﻭﺭﻳﺔ ﺳﻴﺘﻢ ﺗﻮﻓﻴﺮﻫﺎ ﺑﻮﺍﺳﻄﺔ‬
    ‫ﺍﻟﻄﺒﻘﺎﺕﺍﻟﺪﻧﻴﺎ‪ .‬ﻛﻤﺎ ﻳﺘﻄﻠﺐ ﺃﻳﻀﺎً ﺃﻥ ﺗﻮﻓﺮ ﺍﻟﺨﺪﻣﺎﺕ ﺍﻟﺘﻲ ﻳﻄﻮﺭﻭﻧﻬﺎ ﺗﺸﻐﻴﻼً ﻣﺘﺪﺍﺧﻼً ﺛﺎﺑﺘﺎً "ﺃﻋﻠﻰ ﺍﻟﻤﻜﺪﺱ"‪.‬‬

    ‫ﻏﺎﻟﺒﺎًﻣﺎ ﺗﻜﻮﻥ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﺘﻲ ﺗﻨﺘﻘﻞ ﻣﻦ ﻃﺒﻘﺔ ﺃﻋﻠﻰ ﺳﻠﻴﻤﺔ‪ .‬ﻳﻤﻜﻦ ﺗﻘﺴﻴﻤﻬﺎ ﺃﻭ ﺩﻣﺠﻬﺎ ﺣﺴﺐ ﺍﻟﺤﺎﺟﺔ ﻓﻲ‬
    ‫ﺍﻟﻄﺒﻘﺔﺍﻟﺠﺪﻳﺪﺓ ﻷﻥ ﺟﻤﻴﻊ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻣﻦ ﺍﻟﻤﺴﺘﻮﻯ ﺍﻷﻋﻠﻰ ﻫﻲ ﻣﺠﺮﺩ ﺣﻘﻞ ﺑﻴﺎﻧﺎﺕ‪ .‬ﺗﺘﻢ ﺇﺿﺎﻓﺔ ﻣﻌﻠﻮﻣﺎﺕ ﺍﻟﺘﺤﻜﻢ‬
    ‫ﺍﻟﺘﻲﺗﺴﻤﻰ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻮﺻﻔﻴﺔ )ﺑﻴﺎﻧﺎﺕ ﺣﻮﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ( ؛ ﻋﺎﺩﺓ ﻣﺎ ﺗﺴﻤﻰ ﻫﺬﻩ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻮﺻﻔﻴﺔ ﺑﺎﻟﺮﺃﺱ‪.‬‬

    ‫ﺳﺘﺸﻴﺮﺃﺟﺰﺍء ﻣﻦ ﻫﺬﺍ ﺍﻟﺪﻟﻴﻞ ﺇﻟﻰ ﺍﻟﻄﺒﻘﺎﺕ ﺍﻟﻤﺨﺘﻠﻔﺔ‪.‬‬

    ‫ﺑﺮﻭﺗﻮﻛﻮﻻﺕﺍﻟﺸﺒﻜﺔ‬
    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﺍﻟﺸﺒﻜﺔ ﻫﻮ ﺗﻨﺴﻴﻖ ﻣﺘﻔﻖ ﻋﻠﻴﻪ ﻟﺘﺒﺎﺩﻝ ﺃﻭ ﻧﻘﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺑﻴﻦ ﺍﻷﻧﻈﻤﺔ )ﺃﻭ ﺃﻋﻠﻰ ﻭﺃﺳﻔﻞ ﻣﻜﺪﺱ ﺍﻟﺸﺒﻜﺔ(‪.‬‬
    ‫ﺗﺤﺪﺩﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ ﻋﺪﺩﺍً ﻣﻦ ﺍﻟﻤﻌﻠﻤﺎﺕ ﺍﻟﻤﺘﻔﻖ ﻋﻠﻴﻬﺎ ‪ ،‬ﻣﺜﻞ ﻃﺮﻳﻘﺔ ﺿﻐﻂ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﻭﻧﻮﻉ ﺍﻟﺘﺤﻘﻖ ﻣﻦ ﺍﻷﺧﻄﺎء‬
    ‫ﺍﻟﻤﺮﺍﺩﺍﺳﺘﺨﺪﺍﻣﻪ ‪ ،‬ﻭﺁﻟﻴﺎﺕ ﺍﻷﻧﻈﻤﺔ ﻟﻺﺷﺎﺭﺓ ﻋﻨﺪ ﺍﻻﻧﺘﻬﺎء ﻣﻦ ﺗﻠﻘﻲ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺃﻭ ﺇﺭﺳﺎﻟﻬﺎ‪ .‬ﺍﻟﺘﺸﺒﻴﻪ ﺍﻟﺒﺴﻴﻂ ﻫﻮ‬
    ‫ﻣﺤﺎﺩﺛﺔﻫﺎﺗﻔﻴﺔ ﻳﻘﻮﻝ ﻓﻴﻬﺎ ﻣﺘﻠﻘﻲ ﺍﻟﻤﻜﺎﻟﻤﺔ "ﻣﺮﺣﺒﺎً" ﻣﺘﻰ‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪26‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﺮﺩﻋﻠﻰ ﺍﻟﻤﻜﺎﻟﻤﺔ ‪ ،‬ﻭﺍﻟﻤﺘﺼﻞ ﻳﺮﺩ ‪" ،‬ﻣﺮﺣﺒﺎً" ‪ ،‬ﻭﺇﻧﺸﺎء ﺑﺮﻭﺗﻮﻛﻮﻝ ﺻﻮﺗﻲ )ﺍﻟﺘﺤﺪﺙ ﺑﻠﻐﺔ ﻣﺘﻔﻖ ﻋﻠﻴﻬﺎ(‪.‬‬

    ‫ﺗﺘﻀﻤﻦﺑﻌﺾ ﺑﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﺸﺒﻜﺔ ﺍﻟﺸﺎﺉﻌﺔ ‪ Ethernet‬ﻭﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻟﺘﺤﻜﻢ ﻓﻲ ﺍﻹﺭﺳﺎﻝ ‪ /‬ﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻹﻧﺘﺮﻧﺖ‬


    ‫)‪ (TCP / IP‬ﻭﺑﺮﻭﺗﻮﻛﻮﻝ ﻧﻘﻞ ﺍﻟﻤﻠﻔﺎﺕ )‪ (FTP‬ﻭﺑﺮﻭﺗﻮﻛﻮﻝ ﻧﻘﻞ ﺍﻟﻨﺺ ﺍﻟﺘﺸﻌﺒﻲ )‪ (HTTP‬ﻭﺑﺮﻭﺗﻮﻛﻮﻝ ﻃﺒﻘﺔ ﻣﺂﺧﺬ‬
    ‫ﺍﻟﺘﻮﺻﻴﻞﺍﻵﻣﻨﺔ )‪ .(SSL‬ﺗﺘﻮﻓﺮ ﺃﻭﺻﺎﻑ ﺑﺴﻴﻄﺔ ﻟﻜﻞ ﻣﻨﻬﺎ ﻓﻲ ﺍﻟﻤﻠﺤﻖ ﻭ‪.‬‬

    ‫ﺗﺤﺘﻮﻱﺑﻌﺾ ﺇﺻﺪﺍﺭﺍﺕ ﻫﺬﻩ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ ﻋﻠﻰ ﺃﻣﺎﻥ ﺃﻭ ﺗﺸﻔﻴﺮ ﺇﺿﺎﻓﻲ ‪ ،‬ﻳﺸُﺎﺭ ﺇﻟﻴﻪ ﺑﺎﻟﺤﺮﻑ "‪ ، "S‬ﻣﺜﻞ ‪ SFTP‬ﺃﻭ‬
    ‫‪ FTP‬ﻋﺒﺮ ﺍﺗﺼﺎﻝ (‪ Secure Shell )SSH‬ﺃﻭ ‪ .HTTPS‬ﻣﻦ ﺍﻟﻤﻬﻢ ﻟﻠﻤﺆﺳﺴﺔ ﺃﻥ ﺗﻔﻬﻢ ﻣﺘﻄﻠﺒﺎﺕ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻝ ﺍﻵﻣﻦ‬
    ‫ﺍﻟﻤﻄﺒﻖﻓﻴﻤﺎ ﻳﺘﻌﻠﻖ ﺑﺎﻟﻠﻮﺍﺉﺢ ﻭﺍﻟﺴﻴﺎﺳﺎﺕ ﻭﺍﻟﻤﻌﺎﻳﻴﺮ ﺍﻟﺤﺎﻛﻤﺔ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ، NIST ،‬ﺻﻨﺎﻋﺔ ﺑﻄﺎﻗﺎﺕ‬
    ‫ﺍﻟﺪﻓﻊ]‪ [PCI‬ﻣﻌﻴﺎﺭ ﺃﻣﺎﻥ ﺍﻟﺒﻴﺎﻧﺎﺕ ]‪.([DSS‬‬

    ‫ﻏﺎﻟﺒﺎًﻣﺎ ﻳﺘﺤﺪﺙ ﺍﻟﻌﺪﻳﺪ ﻣﻦ ﻣﺤﺘﺮﻓﻲ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻣﻦ ﺣﻴﺚ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﺘﻲ ﺗﻨﻔﺬ ﺍﻟﻮﻇﺎﺉﻒ ﺍﻟﺘﻲ‬
    ‫ﺗﺘﻄﻠﺒﻬﺎﺍﻟﻄﺒﻘﺔ‪ .‬ﻳﺘﻢ ﺃﻳﻀﺎً ﺗﻘﺪﻳﻢ ﻗﺎﺉﻤﺔ ﺑﺒﻌﺾ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﻤﺴﺘﺨﺪﻣﺔ ﻓﻲ ﻛﻞ ﻃﺒﻘﺔ ﻋﻠﻰ ﺃﻧﻬﺎ "ﺑﺮﻭﺗﻮﻛﻮﻻﺕ )‬
    ‫ﺃﻭﻭﺳﺎﺉﻂ( ﺗﻨﻔﺬ ﻫﺬﻩ ﺍﻟﻄﺒﻘﺔ‪ ".‬ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﻨﻤﻮﺫﺟﻴﺔ ﻟﻴﺴﺖ ﺷﺎﻣﻠﺔ ‪ ،‬ﻭﻟﻜﻨﻬﺎ ﻗﺪ ﺗﺴﺎﻋﺪ ﻓﻲ ﺗﺤﺪﻳﺪ ﻣﻮﺍﺭﺩ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﺃﻭ ﻣﺎ ﻳﻌﺎﺩﻟﻬﺎ ﻭﺗﻮﻓﻴﺮ ﺍﻟﺴﻴﺎﻕ‪ .‬ﻳﻮﺿﺢ ﺍﻟﺸﻜﻞ ‪ 12‬ﺑﻌﺾ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﺸﺎﺉﻌﺔ ﺍﻟﻤﺴﺘﺨﺪﻣﺔ ﻓﻲ ﻛﻞ‬
    ‫ﻃﺒﻘﺔ‪.‬‬

    ‫ﻋﻠﻰﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﻳﺘﻢ ﺗﻨﻔﻴﺬ ﺧﺪﻣﺎﺕ ﺍﻟﻮﻳﺐ ﻓﻲ ﻃﺒﻘﺔ ‪) HTTP‬ﺍﻟﻄﺒﻘﺔ ‪ .(7‬ﺑﺎﻹﺿﺎﻓﺔ ﺇﻟﻰ ﺫﻟﻚ ‪ ،‬ﻋﻨﺪ ﻣﻨﺎﻗﺸﺔ‬
    ‫ﻣﻜﻮﻧﺎﺕﺍﻟﺸﺒﻜﺔ )ﺍﻟﻤﻮﺿﺤﺔ ﻓﻲ ﺍﻟﻘﺴﻢ ﺍﻟﺘﺎﻟﻲ( ‪ ،‬ﻏﺎﻟﺒﺎً ﻣﺎ ﻳﺘﻢ ﺗﺤﺪﻳﺪﻫﺎ ﻋﻠﻰ ﺃﻧﻬﺎ "ﺗﺆﺩﻱ" ﻓﻲ ﻃﺒﻘﺔ ﻣﻌﻴﻨﺔ‪.‬‬

    ‫ﺍﻟﺸﻜﻞ‪ :12‬ﻧﻤﻮﺫﺝ ‪ OSI‬ﻣﻊ ﺃﻣﺜﻠﺔ ﻋﻠﻰ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ‬

    ‫ﻧﻤﻮﺫﺝ‪ OSI‬ﺍﻟﻤﻜﻮﻥ ﻣﻦ ﺳﺒﻊ ﻃﺒﻘﺎﺕ‬

    ‫ﻣﺜﺎﻝﻋﻠﻰ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ‬ ‫ﺍﺳﻢ‬ ‫ﻃﺒﻘﺔ‬


    ‫ﺍﻟﺒﺮﻳﺪﺍﻹﻟﻜﺘﺮﻭﻧﻲ ‪، FTP ، Telnet ،‬‬
    ‫ﻃﺒﻘﺔﺍﻟﺘﻄﺒﻴﻘﺎﺕ‬ ‫ﻃﺒﻘﺔ‪7‬‬
    ‫‪HTTP ، SMTP ، POP3‬‬

    ‫‪SSL ، TSL ، JPEG ، GIF‬‬ ‫ﻃﺒﻘﺔﺍﻟﻌﺮﺽ‬ ‫ﻃﺒﻘﺔ‪6‬‬

    ‫‪NetBIOS ، SAP‬‬ ‫ﻃﺒﻘﺔﺍﻟﺠﻠﺴﺔ‬ ‫ﻃﺒﻘﺔ‪5‬‬

    ‫‪TCP ، UDP‬‬ ‫ﻃﺒﻘﺔﺍﻟﻨﻘﻞ‬ ‫ﻃﺒﻘﺔ‪4‬‬

    ‫‪IPv4 ، IPv6 ، IPsec ، IP‬‬ ‫ﻃﺒﻘﺔﺍﻟﺸﺒﻜﺔ‬ ‫ﺍﻟﻄﺒﻘﺔ‪3‬‬

    ‫ﺇﻳﺜﺮﻧﺖ ‪، PPP ، ATM،‬‬


    ‫ﺍﻷﻟﻴﺎﻑ ‪،‬ﻋﻨﻮﺍﻥ ‪، MAC‬‬ ‫ﻃﺒﻘﺔﻭﺻﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ‬ ‫ﻃﺒﻘﺔ‪2‬‬
    ‫‪VLAN‬‬
    ‫ﻛﺒﻼﺕ ‪،‬ﻣﻮﺻﻼﺕ ‪ ،‬ﻣﺤﺎﻭﺭ‬
    ‫)‪، USB ، (T1 ، ISDN‬‬ ‫ﺍﻟﻄﺒﻘﺔﺍﻟﻤﺎﺩﻳﺔ‬ ‫ﻃﺒﻘﺔ‪1‬‬
    ‫ﺑﻠﻮﺗﻮﺙ‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪27‬‬ ‫‪www.theiia.org‬‬


    ‫ﻣﻜﻮﻧﺎﺕﻭﻣﻔﺎﻫﻴﻢ ﺍﻟﺸﺒﻜﺔ‬
    ‫ﺗﺤﺘﻮﻱﺑﻨﻴﺔ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻨﻤﻮﺫﺟﻴﺔ ﻓﻲ ﻣﻌﻈﻢ ﺍﻟﻤﺆﺳﺴﺎﺕ ﻋﻠﻰ ﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺍﻟﻤﻜﻮﻧﺎﺕ ﺍﻟﻤﻮﺿﺤﺔ ﻓﻲ ﺍﻟﺸﻜﻞ ‪.13‬‬

    ‫ﺍﻟﺸﻜﻞ‪ :13‬ﻣﻜﻮﻧﺎﺕ ﻣﻌﻤﺎﺭﻳﺔ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻨﻤﻮﺫﺟﻴﺔ‬

    ‫ﻧﻘﺎﻁﺍﻟﻨﻬﺎﻳﺔ‬
    ‫‪ -‬ﻧﺎﺳﺨﺔ‬ ‫ﺁﻟﺔﺗﺼﻮﻳﺮ‬‫‪-‬‬
    ‫‪ -‬ﻫﺎﺗﻒﺫﻛﻲ‬ ‫‪-‬‬
    ‫ﺣﺎﺳﻮﺏﻣﺤﻤﻮﻝ‬

    ‫‪ -‬ﻓﺎﻛﺲ‬ ‫‪ -‬ﻗﺎﺭﺉﺍﻟﺒﻄﺎﻗﺔ ﺍﻟﺬﻛﻴﺔ‬


    ‫‪ -‬ﻣﻮﺩﻡ‬ ‫ﺳﻄﺢﺍﻟﻤﻜﺘﺐ‬ ‫‪-‬‬
    ‫ﺣﺎﺳﻮﺏﻣﺤﻤﻮﻝ‬
    ‫ﺍﻟﻤﺎﺳﺢﺍﻟﻀﻮﺉﻲ‬ ‫‪-‬‬ ‫‪-‬‬
    ‫ﺍﻟﻬﺎﺗﻒﺍﻟﻤﻠﻜﻴﺔ ﺍﻟﻔﻜﺮﻳﺔ‬

    ‫ﻻﺳﻠﻜﻲ‬ ‫‪ -‬ﻃﺎﺑﻌﺔ‬
    ‫ﻧﻘﻄﺔﻭﺻﻮﻝ‬

    ‫ﺇﻧﺘﺮﻧﺖ‬ ‫ﺧﺪﻣﺎﺕﺍﻷﻣﻦ‬
    ‫‪ -‬ﻣﺪﻳﺮﻣﺤﺘﻮﻯ‬
    ‫‪ -‬ﺳﻴﻢ‬
    ‫‪IDS / IPS‬‬
    ‫‪ -‬ﺇﺩﺍﺭﺓﻧﻘﻄﺔ ﺍﻟﻨﻬﺎﻳﺔ‬
    ‫‪-‬‬
    ‫ﺃﻧﺎﺃﻛﻮﻥ‬

    ‫ﻳﺤُﻮﻝّ‬ ‫ﺟﻬﺎﺯ‪DLP‬‬
    ‫‪ -‬ﻭﻫﻦ‬
    ‫ﺟﻬﺎﺯﺍﻟﺘﻮﺟﻴﻪ‬

    ‫ﺟﺪﺍﺭﺍﻟﺤﻤﺎﻳﺔ‬ ‫ﺟﺪﺍﺭﺍﻟﺤﻤﺎﻳﺔ‬
    ‫ﺇﺩﺍﺭﺓ‬

    ‫ﺍﻟﻤﻨﻄﻘﺔﺍﻟﻤﺠﺮﺩﺓ ﻣﻦ ﺍﻟﺴﻼﺡ‬ ‫ﺍﻟﺨﻮﺍﺩﻡ)ﺍﻟﻤﻀﻴﻔﻮﻥ(‬


    ‫‪ -‬ﺧﺎﺩﻡﺍﻹﻧﺘﺮﻧﺖ‬
    ‫‪ -‬ﺍﻻﺗﺼﺎﻝﻋﻦ ﺑﻌﺪ‬ ‫‪-‬‬
    ‫‪IP PBX‬‬ ‫‪-‬‬
    ‫ﺍﻟﺸﺒﻜﺔﺍﻟﺪﺍﺧﻠﻴﺔ‬

    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻧﻘﻞ ﺍﻟﻤﻠﻔﺎﺕ‬ ‫‪-‬‬ ‫‪ -‬ﻃﻠﺐ‬ ‫‪-‬‬


    ‫ﺑﺮﻳﺪﺇﻟﻜﺘﺮﻭﻧﻲ‬

    ‫‪ -‬ﺇﺩﺍﺭﺓﺍﻟﻔﻴﺮﻭﺳﺎﺕ‬ ‫ﺍﻟﺨﺎﺩﻡ‬ ‫‪DB -‬‬


    ‫‪ -‬ﺑﻮﺍﺑﺔﺍﻟﺒﺮﻳﺪ‬ ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻧﻘﻞ ﺍﻟﻤﻠﻔﺎﺕ‬ ‫‪-‬‬ ‫‪ -‬ﺧﺎﺩﻡﺍﻟﻤﻠﻔﺎﺕ‬

    ‫ﻭﻛﻴﻞﺍﻟﺸﺒﻜﺔ‬ ‫‪-‬‬ ‫‪ -‬ﻣﻠﻘﻢﺍﻟﻄﺒﺎﻋﺔ‬ ‫‪ -‬ﺇﺩﺍﺭﺓﺍﻟﻔﻴﺮﻭﺳﺎﺕ‬


    ‫‪DNS -‬‬ ‫‪AD / LDAP‬‬ ‫‪-‬‬ ‫‪ -‬ﻣﺘﺤﺮﻙ‬

    ‫ﺍﻟﻤﺼﺪﺭ‪.Sajay Rai:‬‬

    ‫ﻣﻀﻴﻔﻮﻭﻋﻘﺪ ﺍﻟﺸﺒﻜﺔ‬
    ‫ﺍﻟﻤﻀﻴﻒﺃﻭ "ﻣﻀﻴﻒ ﺍﻟﺸﺒﻜﺔ" ﻫﻮ ﺟﻬﺎﺯ ﻛﻤﺒﻴﻮﺗﺮ ﺃﻭ ﺟﻬﺎﺯ ﺁﺧﺮ ﻣﺘﺼﻞ ﺑﺎﻟﺸﺒﻜﺔ ﻗﺎﺩﺭ ﻋﻠﻰ ﺍﻻﺗﺼﺎﻝ ﺑﺎﻟﻤﻀﻴﻔﻴﻦ‬
    ‫ﺍﻵﺧﺮﻳﻦ‪.‬ﻳﻤﻜﻦ ﺃﻥ ﻳﻜﻮﻥ ﻋﻤﻴﻼً ﺃﻭ ﺧﺎﺩﻣﺎً ﻭﻗﺪ ﻳﻜﻮﻥ ﻣﻮﺟﻮﺩﺍً ﻛﻌﻤﺎﺭﺓ ﻧﻈﻴﺮﺓ ﺃﻭ ﻣﺨﺘﻠﻄﺔ ‪ ،‬ﻭﻟﻜﻦ ﺳﻴﻜﻮﻥ ﻟﻪ ﺩﺍﺉﻤﺎً‬
    ‫ﻋﻨﻮﺍﻥﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻹﻧﺘﺮﻧﺖ )‪ .(IP‬ﻛﻤﺎ ﺫﻛﺮﻧﺎ ‪ ،‬ﻳﺘﻢ ﺗﻌﺮﻳﻒ ﺍﻟﻌﻘﺪﺓ ﻋﻠﻰ ﺃﻧﻬﺎ ﺃﻱ ﻧﻈﺎﻡ ﺃﻭ ﺟﻬﺎﺯ ﻣﺘﺼﻞ ﺑﺎﻟﺸﺒﻜﺔ ‪ ،‬ﺑﻤﺎ‬
    ‫ﻓﻲﺫﻟﻚ ﺃﺟﻬﺰﺓ ﺍﻟﺘﻮﺟﻴﻪ ﻭﺍﻟﻤﺤﻮﻻﺕ ‪ ،‬ﻭﻟﻜﻦ ﺍﻟﻌﻘﺪﺓ ﻻ ﺗﺤﺘﺎﺝ ﺑﺎﻟﻀﺮﻭﺭﺓ ﺇﻟﻰ ﻋﻨﻮﺍﻥ ‪ .IP‬ﻳﻨﻔﺬ ﺑﺮﻧﺎﻣﺞ ﺷﺒﻜﺔ‬
    ‫ﺍﻟﻤﻀﻴﻒﺑﺮﻭﺗﻮﻛﻮﻻﺕ ﻣﺨﺘﻠﻔﺔ ﺗﺆﺩﻱ ﻭﻇﺎﺉﻒ ﻛﻞ ﻃﺒﻘﺔ ﻣﻦ ﻃﺮﺍﺯ ‪ OSI‬ﺫﻭ ﺍﻟﻄﺒﻘﺎﺕ ﺍﻟﺴﺒﻌﺔ‪ .‬ﺗﺘﻮﻓﺮ "ﺍﻟﻤﻜﺪﺱ"‬
    ‫ﺍﻟﻜﺎﻣﻞﻟﺨﺪﻣﺎﺕ ﺍﻟﺸﺒﻜﺔ ﻓﻲ ﻣﻀﻴﻒ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪28‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻤﻮﺟﻬﺎﺕﻭﺍﻟﻤﻔﺎﺗﻴﺢ‬
    ‫ﺟﻬﺎﺯﺍﻟﺘﻮﺟﻴﻪ ﻫﻮ ﺟﻬﺎﺯ ﻣﻦ ﺍﻟﻄﺒﻘﺔ ﺍﻟﺜﺎﻟﺜﺔ )ﻃﺒﻘﺔ ﺍﻟﺸﺒﻜﺔ( ﻳﻨﻘﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺑﻴﻦ ﺍﻟﺸﺒﻜﺎﺕ‪ .‬ﻳﺘﻢ ﺇﺭﺳﺎﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻓﻲ‬
    ‫ﺷﻜﻞﺣﺰﻡ )ﺣﺰﻡ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻟﻴﺘﻢ ﻧﻘﻠﻬﺎ ﺩﺍﺧﻞ ﺍﻟﺸﺒﻜﺔ(‪ .‬ﻳﻤﻜﻦ ﺩﻣﺞ ﺧﺪﻣﺎﺕ ﻣﺜﻞ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻤﺤﻠﻴﺔ ﺍﻟﻈﺎﻫﺮﻳﺔ )‪(vLAN‬‬
    ‫ﻭﺟﺪﺭﺍﻥﺍﻟﺤﻤﺎﻳﺔ ﻟﺘﺼﻔﻴﺔ ﺍﻟﺤﺰﻡ ﻭﺧﺪﻣﺎﺕ ﺍﻟﺸﺒﻜﺔ ﺍﻷﺧﺮﻯ ﻓﻲ ﺃﺟﻬﺰﺓ ﺍﻟﺘﻮﺟﻴﻪ‪.‬‬

    ‫ﺍﻟﻤﺤﻮﻝﻫﻮ ﺟﻬﺎﺯ ﺷﺒﻜﺔ ﻣﻦ ﺍﻟﻄﺒﻘﺔ ﺍﻟﺜﺎﻧﻴﺔ )ﺍﺭﺗﺒﺎﻁ ﺍﻟﺒﻴﺎﻧﺎﺕ( ﻳﺮﺑﻂ ﺍﻟﻌﻘﺪ ﺩﺍﺧﻞ ﺍﻟﺸﺒﻜﺔ ﺑﻮﺳﺎﺉﻂ ﻣﺎﺩﻳﺔ ﻣﺜﻞ‬
    ‫ﺍﻷﺳﻼﻙﺍﻟﻨﺤﺎﺳﻴﺔ‪ .‬ﻳﺴﺘﻘﺒﻞ ﺍﻟﻤﺤﻮﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﻳﻌﺎﻟﺠﻬﺎ ﻭﻳﻨﻘﻠﻬﺎ ﺇﻟﻰ ﺃﺟﻬﺰﺓ ﻭﺟﻬﺔ ﻣﺤﺪﺩﺓ ﻣﻦ ﺧﻼﻝ ﺍﻹﻃﺎﺭﺍﺕ ‪،‬‬
    ‫ﻭﻫﻲﻣﺠﻤﻮﻋﺎﺕ ﻣﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺗﺸﺒﻪ ﺍﻟﺤﺰﻡ ﺍﻟﻤﺴﺘﺨﺪﻣﺔ ﻓﻲ ﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻟﺘﺤﻜﻢ ﻓﻲ ﺍﻹﺭﺳﺎﻝ ‪ /‬ﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻹﻧﺘﺮﻧﺖ‬
    ‫)‪ (TCP / IP‬ﻓﻲ ﻃﺒﻘﺎﺕ ﺃﻋﻠﻰ‪ .‬ﺗﻘﻮﻡ ﺍﻟﻤﺤﻮﻻﺕ ﺑﺈﺭﺳﺎﻝ ﺍﻟﺮﺳﺎﺉﻞ ﻓﻘﻂ ﺇﻟﻰ ﺍﻟﻌﻘﺪ ﺍﻟﻤﻘﺼﻮﺩﺓ‪ .‬ﻳﻤﻜﻦ ﺗﻀﻤﻴﻦ‬
    ‫ﻭﻇﻴﻔﺔﺍﻟﺘﺒﺪﻳﻞ ﻓﻲ ﺃﺟﻬﺰﺓ ﺍﻟﺘﻮﺟﻴﻪ ‪ ،‬ﻟﺬﻟﻚ ﻳﻤﻜﻦ ﺗﺴﻤﻴﺔ ﺍﻟﺠﻬﺎﺯ ﺑﻤﻔﺘﺎﺡ ﺃﻭ ﺟﻬﺎﺯ ﺗﻮﺟﻴﻪ ﺣﺴﺐ ﺍﻟﻮﻇﻴﻔﺔ ﺍﻟﺘﻲ ﺗﺘﻢ‬
    ‫ﻣﻨﺎﻗﺸﺘﻬﺎ‪.‬ﻋﻠﻰ ﺍﻟﺮﻏﻢ ﻣﻦ ﺃﻧﻬﺎ ﻣﺮﺑﻜﺔ ﻟﻠﺒﻌﺾ ‪ ،‬ﺇﻻ ﺃﻧﻬﺎ ﻣﻔﻴﺪﺓ ﺣﻘﺎً ﻷﻥ ﺍﻟﻤﺤﻮﻻﺕ ﻭﺃﺟﻬﺰﺓ ﺍﻟﺘﻮﺟﻴﻪ ﺍﻟﻤﺴﺘﻘﻠﺔ‬
    ‫ﻳﻤﻜﻦﺃﻥ ﻳﻜﻮﻥ ﻟﻬﺎ ﻭﻇﺎﺉﻒ ﻣﺘﺪﺍﺧﻠﺔ‪.‬‬

    ‫ﺗﻨُﺸﺊﻣﺤﻮﻻﺕ ﺍﻟﻄﺒﻘﺔ ﺍﻟﺜﺎﻟﺜﺔ ‪ ،‬ﺃﻭ "ﺍﻟﻤﺤﻮﻻﺕ ﻣﺘﻌﺪﺩﺓ ﺍﻟﻄﺒﻘﺎﺕ" ‪ ،‬ﺩﻭﺍﺉﺮ ﺍﻓﺘﺮﺍﺿﻴﺔ ﻟﻨﻘﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺑﻴﻦ ﺍﻟﻌﻘﺪ‪.‬‬
    ‫ﻳﺆﺩﻱﺍﺳﺘﺨﺪﺍﻡ ﻣﻔﺘﺎﺡ ﻣﻦ ﺍﻟﻄﺒﻘﺔ ﺍﻟﺜﺎﻟﺜﺔ ﺇﻟﻰ ﺗﻘﻠﻴﻞ ﺯﻣﻦ ﺍﻧﺘﻘﺎﻝ ﺍﻟﺸﺒﻜﺔ ﻷﻥ ﺍﻟﺤﺰﻣﺔ ﺗﺘﺪﻓﻖ ﻋﺒﺮ ﺍﻟﻤﺤﻮﻝ ﻣﻘﺎﺑﻞ‬
    ‫ﺍﻟﺨﻄﻮﺓﺍﻹﺿﺎﻓﻴﺔ ﺍﻟﻤﺘﻤﺜﻠﺔ ﻓﻲ ﺍﻟﻤﺮﻭﺭ ﻋﺒﺮ ﺟﻬﺎﺯ ﺗﻮﺟﻴﻪ‪ .‬ﻭﻋﺎﺩﺓ ًﻣﺎ ﺗﻘﻮﻡ ﺗﻘﻨﻴﺔ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺑﺬﻟﻚ ﻧﺸﺮ ﻣﺤﻮﻝ ﻣﻦ‬
    ‫ﺍﻟﻄﺒﻘﺔﺍﻟﺜﺎﻟﺜﺔ ﻹﻧﺘﺮﻧﺖ ﺍﻟﺸﺮﻛﺔ ﺃﻭ ﻹﻧﺸﺎء ﺷﺒﻜﺔ ﻣﺤﻠﻴﺔ ﻇﺎﻫﺮﻳﺔ ﺑﻴﻨﻤﺎ ﺳﻴﺴﺘﺨﺪﻣﻮﻥ ﺟﻬﺎﺯ ﺗﻮﺟﻴﻪ ﺇﺫﺍ ﺍﺣﺘﺎﺟﻮﺍ ﺇﻟﻰ‬
    ‫ﺣﺮﻛﺔﻣﺮﻭﺭ ﻻﺟﺘﻴﺎﺯ ﺷﺒﻜﺔ ‪ .WAN‬ﺗﺪﻣﺞ ﻣﺤﻮﻻﺕ ﺍﻟﻄﺒﻘﺔ ‪ 7‬ﺇﻣﻜﺎﻧﻴﺎﺕ ﺍﻟﺘﻮﺟﻴﻪ ﻭﺍﻟﺘﺒﺪﻳﻞ ‪ ،‬ﻭﺍﻟﺘﻲ ﺗﺴُﺘﺨﺪﻡ ﻋﺎﺩﺓ ً‬
    ‫ﻟﻤﻮﺍﺯﻧﺔﺍﻟﺤﻤﻞ ﺑﻴﻦ ﻣﺠﻤﻮﻋﺔ ﻣﻦ ﺍﻟﺨﻮﺍﺩﻡ‪ .‬ﻳﺸﺎﺭ ﺇﻟﻰ ﺭﻣﻮﺯ ﺍﻟﺘﺒﺪﻳﻞ ﺃﻳﻀﺎً ﺑﺎﺳﻢ ﺭﻣﻮﺯ ﺗﺒﺪﻳﻞ ﺍﻟﻤﺤﺘﻮﻯ ﺃﻭ ﺍﻟﻮﻳﺐ ﺃﻭ‬
    ‫ﺍﻟﺘﻄﺒﻴﻖ‪.‬‬

    ‫ﺟﺪﺭﺍﻥﺍﻟﺤﻤﺎﻳﺔ‬

    ‫ﺟﺪﺍﺭﺍﻟﺤﻤﺎﻳﺔ ﻫﻮ ﻧﻈﺎﻡ ﺃﻣﺎﻥ ﻟﻠﺸﺒﻜﺔ ﻳﺮﺍﻗﺐ ﻭﻳﺘﺤﻜﻢ ﻓﻲ ﺣﺮﻛﺔ ﺍﻟﻤﺮﻭﺭ ﺍﻟﻮﺍﺭﺩﺓ ﻭﺍﻟﺼﺎﺩﺭﺓ ﺍﺳﺘﻨﺎﺩﺍً ﺇﻟﻰ ﻗﻮﺍﻋﺪ ﺍﻷﻣﺎﻥ‬
    ‫ﺍﻟﻤﺤﺪﺩﺓﻣﺴﺒﻘﺎً ﻭﺍﻟﺘﻜﻮﻳﻦ ‪ ،‬ﻭﻫﻮ ﻣﺼﻤﻢ ﻟﻤﻨﻊ ﺍﻟﻮﺻﻮﻝ ﻏﻴﺮ ﺍﻟﻤﺼﺮﺡ ﺑﻪ ﺇﻟﻰ ﺷﺒﻜﺔ ﺧﺎﺻﺔ ﻭﻣﻨﻬﺎ‪ .‬ﻳﺠﺐ ﻋﻠﻰ‬
    ‫ﺍﻟﻤﺆﺳﺴﺎﺕﺍﻟﺘﺄﻛﺪ ﻣﻦ ﺗﻘﻴﻴﺪ ﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ ﺟﺪﺍﺭ ﺍﻟﺤﻤﺎﻳﺔ ‪ ،‬ﻭﻳﺠﺐ ﻣﺮﺍﺟﻌﺔ ﻣﺠﻤﻮﻋﺎﺕ ﺍﻟﻘﻮﺍﻋﺪ ﻭﺗﻜﻮﻳﻦ ﺟﺪﺭﺍﻥ‬
    ‫ﺍﻟﺤﻤﺎﻳﺔﺑﺸﻜﻞ ﺩﻭﺭﻱ‪ .‬ﻳﺠﺐ ﺃﻥ ﺗﺤﺘﻮﻱ ﻛﻞ ﻣﺠﻤﻮﻋﺔ ﻗﻮﺍﻋﺪ ﻋﻠﻰ ﻭﺛﺎﺉﻖ ﻣﻨﺎﺳﺒﺔ ﻟﻐﺮﺿﻬﺎ ﻭﺗﺤﺪﻳﺪ ﻣﺎﻟﻜﻬﺎ ‪/‬‬
    ‫ﻃﺎﻟﺒﻬﺎ‪.‬‬

    ‫ﻫﻨﺎﻙﺃﻧﻮﺍﻉ ﻋﺪﻳﺪﺓ ﻣﻦ ﺟﺪﺭﺍﻥ ﺍﻟﺤﻤﺎﻳﺔ ‪ ،‬ﻟﻜﻞ ﻣﻨﻬﺎ ﻏﺮﺽ ﻣﺤﺪﺩ ‪ ،‬ﻭﻗﺪ ﻳﻜﻮﻥ ﻟﻠﻤﺆﺳﺴﺎﺕ ﻋﺪﺓ ﺃﻧﻮﺍﻉ ﺑﻨﺎء ًﻋﻠﻰ‬
    ‫ﺍﺣﺘﻴﺎﺟﺎﺗﻬﺎﺍﻟﻔﺮﻳﺪﺓ‪ .‬ﺗﻘﻮﻡ ﺟﺪﺭﺍﻥ ﺍﻟﺤﻤﺎﻳﺔ ﺍﻷﺳﺎﺳﻴﺔ ﺑﻔﺤﺺ ﻣﻌﻠﻮﻣﺎﺕ ﺍﻟﺮﺃﺱ ﻣﻦ ﻃﺒﻘﺔ ﺍﻟﺸﺒﻜﺔ )ﺍﻟﻄﺒﻘﺔ ‪(3‬‬
    ‫ﻭﻃﺒﻘﺔﺍﻟﻨﻘﻞ )ﺍﻟﻄﺒﻘﺔ ‪ .(4‬ﻳﻄﻠﻖ ﻋﻠﻴﻬﺎ ﺃﺣﻴﺎﻧﺎً ﻣﺮﺷﺤﺎﺕ ﺍﻟﺤﺰﻣﺔ ﻷﻧﻬﺎ ﺗﺰﻳﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻘﺎﺩﻣﺔ ﻣﻦ ﻋﻨﺎﻭﻳﻦ ‪IP‬‬
    ‫ﺍﻟﻤﺤﻈﻮﺭﺓ)ﻃﺒﻘﺔ ﺍﻟﺸﺒﻜﺔ( ﺃﻭ ﺍﻟﻤﻮﺟﻬﺔ ﻟﻠﻤﻨﺎﻓﺬ ﺍﻟﻤﺤﻈﻮﺭﺓ )ﻃﺒﻘﺔ ﺍﻟﻨﻘﻞ(‪ .‬ﺇﺫﺍ ﻟﻢ ﻳﺘﻢ ﺣﻈﺮ ﺍﻟﺤﺰﻣﺔ ‪ ،‬ﻓﺈﻧﻬﺎ ﺗﻨﺘﻘﻞ ﺇﻟﻰ‬
    ‫ﻭﺟﻬﺘﻬﺎﺩﺍﺧﻞ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻤﺤﻤﻴﺔ ﺑﻮﺍﺳﻄﺔ ﺟﺪﺍﺭ ﺍﻟﺤﻤﺎﻳﺔ‪.‬‬

    ‫ﺗﻘﻮﻡﺟﺪﺭﺍﻥ ﺍﻟﺤﻤﺎﻳﺔ ﺫﺍﺕ ﺍﻟﺤﺎﻟﺔ ﺑﻔﺤﺺ ﺍﻟﺤﺰﻡ ﻭﻳﻤﻜﻦ ﺃﻥ ﺗﺤﻈﺮ ﺍﻟﺤﺰﻡ ﺍﻟﺘﻲ ﻳﺤﺘﻤﻞ ﺃﻥ ﺗﻜﻮﻥ ﺿﺎﺭﺓ ﻭﺍﻟﺘﻲ ﻟﻴﺴﺖ ﺟﺰءﺍً‬
    ‫ﻣﻦﺍﺗﺼﺎﻝ ﻗﺎﺉﻢ ﺃﻭ ﺗﻔﺸﻞ ﻓﻲ ﻣﻄﺎﺑﻘﺔ ﻗﻮﺍﻋﺪ ﺑﺪء ﺍﺗﺼﺎﻝ ﺷﺮﻋﻲ‪ .‬ﺗﻘﻮﻡ ﺟﺪﺭﺍﻥ ﺣﻤﺎﻳﺔ ﻃﺒﻘﺔ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ‪ ،‬ﺃﻭ ﺟﺪﺭﺍﻥ‬
    ‫ﺍﻟﺤﻤﺎﻳﺔﻣﻦ ﺍﻟﺠﻴﻞ ﺍﻟﺘﺎﻟﻲ )‪ ، (NG‬ﺑﺎﻋﺘﺮﺍﺽ ﺣﺮﻛﺔ ﻣﺮﻭﺭ ﺍﻟﺤﺰﻡ ﻭﻓﻚ ﺗﺸﻔﻴﺮ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻋﻠﻰ ﻃﻮﻝ ﺍﻟﻄﺮﻳﻖ ﺣﺘﻰ ﺍﻟﻤﻜﺪﺱ‬
    ‫ﺇﻟﻰﻃﺒﻘﺔ ﺍﻟﺘﻄﺒﻴﻖ )ﺍﻟﻄﺒﻘﺔ ‪.(7‬‬

    ‫ﺗﻮﻓﺮﺟﺪﺭﺍﻥ ﺍﻟﺤﻤﺎﻳﺔ ﺍﻟﻤﺤﻤﻮﻟﺔ ﺍﺗﺼﺎﻻﺕ ﺁﻣﻨﺔ ﻋﻨﺪ ﺑﺪء ﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ ﺍﻟﺸﺒﻜﺔ ﻋﺒﺮ ﺟﻬﺎﺯ ﻣﺤﻤﻮﻝ‪ .‬ﺗﻘﻮﻡ ﺟﺪﺭﺍﻥ‬
    ‫ﺍﻟﺤﻤﺎﻳﺔﺍﻟﺨﺎﺻﺔ ﺑﺘﻄﺒﻴﻖ ﺍﻟﻮﻳﺐ )‪ (WAF‬ﺑﺘﺤﻠﻴﻞ ﺣﺮﻛﺔ ﺍﻟﻤﺮﻭﺭ ﺩﺍﺧﻞ ﺍﻟﺘﻄﺒﻴﻖ ﻭﺧﺎﺭﺟﻪ ‪ ،‬ﻭﻳﻤﻜﻦ ﺫﻟﻚ‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪29‬‬ ‫‪www.theiia.org‬‬


    ‫ﺑﻴﻦﺧﻮﺍﺩﻡ ﺍﻟﻮﻳﺐ ﻭﺍﻹﻧﺘﺮﻧﺖ ﻻﻛﺘﺸﺎﻑ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﻮﻳﺐ ﻭﺣﻤﺎﻳﺘﻬﺎ ﻣﻦ ﻫﺠﻤﺎﺕ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﻮﻳﺐ ﺍﻟﻤﻌﺮﻭﻓﺔ ‪ ،‬ﻛﻤﺎ‬
    ‫ﻫﻮﻣﻮﺿﺢ ﻓﻲ ﺍﻟﺸﻜﻞ ‪.14‬‬

    ‫ﺍﻟﺸﻜﻞ‪ :14‬ﻣﺜﺎﻝ ﻋﻠﻰ ﻭﺿﻊ ﺟﺪﺍﺭ ﺣﻤﺎﻳﺔ ﺗﻄﺒﻴﻖ ﺍﻟﻮﻳﺐ‬

    ‫ﺧﻮﺍﺩﻡﺍﻟﻮﻳﺐ‬ ‫ﺗﻄﺒﻴﻖﺍﻟﻮﻳﺐ‬ ‫ﺍﻟﻤﺴﺘﺨﺪﻣﻴﻦﺍﻟﻨﻬﺎﺉﻴﻴﻦ‬

    ‫ﺟﺪﺍﺭﺍﻟﺤﻤﺎﻳﺔ‬

    ‫ﺍﻟﻤﺼﺪﺭ‪:‬ﻣﻌﻬﺪ ﺍﻟﻤﺮﺍﺟﻌﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬

    ‫ﻳﻤﻜﻦﺗﻨﻔﻴﺬ ﺃﻣﺎﻥ ﺇﺿﺎﻓﻲ ﻣﻦ ﺧﻼﻝ ﺍﻟﺘﻜﻮﻳﻦ ﻟﺮﻓﺾ ﺍﻟﻮﺟﻬﺎﺕ ﺫﺍﺕ ﺍﻟﺴﻤﻌﺔ ﺍﻟﻤﺸﻜﻮﻙ ﻓﻴﻬﺎ‪ .‬ﻳﻤﻜﻦ ﻷﺩﻭﺍﺕ‬
    ‫ﺍﻷﻣﺎﻥ ‪،‬ﻣﺜﻞ ﺟﺪﺭﺍﻥ ﺍﻟﺤﻤﺎﻳﺔ ‪ ،‬ﺍﻋﺘﺮﺍﺽ ﺍﻟﺤﺰﻡ ﺃﻭ ﻓﺤﺺ ﻣﻌﻠﻮﻣﺎﺕ ﺍﻟﺮﺃﺱ ﺃﻭ ﺣﺘﻰ ﺇﻋﺎﺩﺓ ﺑﻨﺎء ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻷﺻﻠﻴﺔ‬
    ‫ﻣﻦﺍﻟﻤﻜﺪﺱ ﻟﻔﺤﺼﻬﺎ ﺑﺤﺜﺎً ﻋﻦ ﺍﻟﺘﻬﺪﻳﺪﺍﺕ ﺍﻷﻣﻨﻴﺔ‪.‬‬

    ‫‪IDS / IPS‬‬

    ‫ﺃﻧﻈﻤﺔﺍﻟﻜﺸﻒ ﻋﻦ ﺍﻟﺘﻄﻔﻞ )‪ (IDS‬ﻭﺃﻧﻈﻤﺔ ﻣﻨﻊ ﺍﻟﺘﻄﻔﻞ )‪ (IPS‬ﻫﻲ ﺃﺟﻬﺰﺓ ﺃﻭ ﺗﻄﺒﻴﻘﺎﺕ ﺑﺮﻣﺠﻴﺔ ﺗﺮﺍﻗﺐ ﺣﺮﻛﺔ ﻣﺮﻭﺭ‬
    ‫ﺍﻟﺸﺒﻜﺔﺑﺤﺜﺎً ﻋﻦ ﻣﺆﺷﺮﺍﺕ ﻋﻠﻰ ﺍﻟﺘﺴﻮﻳﺔ ﺃﻭ ﻣﺤﺎﻭﻟﺔ ﺍﻟﻤﺴﺎﻭﻣﺔ ﻋﻠﻰ ﺍﻟﻨﻈﺎﻡ‪ .‬ﻳﻤﻜﻦ ﺃﻥ ﺗﻜﻮﻥ ﻣﺠﻤﻮﻋﺎﺕ ﻗﻮﺍﻋﺪ ‪IDS‬‬
    ‫ﻭ‪ IPS‬ﻛﺒﻴﺮﺓ ﺟﺪﺍً ﻭﻗﺪ ﺗﺘﻄﻠﺐ ﻛﻞ ﻗﺎﻋﺪﺓ ﻣﻌﺎﻳﺮﺓ ﻭﺇﻋﺪﺍﺩ ﻋﺘﺒﺔ ﻟﻀﻤﺎﻥ ﺗﻜﺎﻣﻞ ﺍﻟﻨﻈﺎﻡ ‪ ،‬ﻣﺜﻞ ﻣﻨﻊ ﺍﻹﻳﺠﺎﺑﻴﺎﺕ‬
    ‫ﺍﻟﺨﺎﻃﺉﺔ‪.‬ﻳﻤﻜﻦ ﺃﻥ ﺗﺆﺩﻱ ﺗﻄﺒﻴﻘﺎﺕ ‪ IDS‬ﻭ ‪ IPS‬ﺍﻟﺘﻲ ﺗﻤﺖ ﻣﻌﺎﻳﺮﺗﻬﺎ ﺟﻴﺪﺍً ﻭﺍﻟﻤﺮﺍﻗﺒﺔ ﺟﻴﺪﺍً ﺇﻟﻰ ﺯﻳﺎﺩﺓ ﻗﺪﺭﺓ‬
    ‫ﺍﻟﻤﺆﺳﺴﺔﺑﺸﻜﻞ ﻛﺒﻴﺮ ﻋﻠﻰ ﺍﻛﺘﺸﺎﻑ ﺍﻟﻬﺠﻤﺎﺕ ﻭﺇﻳﻘﺎﻓﻬﺎ‪.‬‬

    ‫ﻋﺎﺩﺓﻣﺎ ﻳﺘﻢ ﺟﻤﻊ ﺍﻟﺘﻨﺒﻴﻬﺎﺕ ﺍﻟﺘﻲ ﺗﻢ ﺇﻧﺸﺎﺅﻫﺎ ﺑﻮﺍﺳﻄﺔ ﻧﻈﺎﻡ ﻛﺸﻒ ﺍﻟﺘﺴﻠﻞ ﻓﻲ ﻧﻈﺎﻡ ﺇﺩﺍﺭﺓ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺍﻷﺣﺪﺍﺙ‬
    ‫)‪ .(SIEM‬ﻳﻤﻜﻦ ﺭﺑﻂ ﺍﻟﺘﻨﺒﻴﻬﺎﺕ ﺑﻤﻌﻠﻮﻣﺎﺕ ﺗﺪﻓﻖ ﺣﺮﻛﺔ ﻣﺮﻭﺭ ﺍﻟﺸﺒﻜﺔ )ﺍﻟﺘﺪﻓﻘﺎﺕ ﺍﻟﺼﺎﻓﻴﺔ( ﻭﺃﺩﻭﺍﺕ ﺃﻣﺎﻥ ﺍﻟﻤﺤﻴﻂ‬
    ‫ﻣﺜﻞﺟﺪﺭﺍﻥ ﺍﻟﺤﻤﺎﻳﺔ‪ .‬ﻳﺘﻢ ﻣﻘﺎﺭﻧﺔ ﺗﻨﺒﻴﻬﺎﺕ ‪ IDS‬ﻣﻊ ﻗﻮﺍﻋﺪ ‪ IPS‬؛ ﺇﺫﺍ ﻛﺎﻥ ﻫﻨﺎﻙ ﺗﻄﺎﺑﻖ ‪ ،‬ﻓﺈﻥ ‪ IPS‬ﻭ ‪ /‬ﺃﻭ ﻣﻨﻊ‬
    ‫ﺗﺴﺮﺏﺍﻟﺒﻴﺎﻧﺎﺕ ‪ /‬ﺍﻟﻤﻌﻠﻮﻣﺎﺕ )‪ ، (DLP / ILP‬ﺳﻴﻘﻮﻡ ﺍﻟﺒﺮﻧﺎﻣﺞ ﺍﻟﻤﺼﻤﻢ ﻟﻠﻜﺸﻒ ﻋﻦ ﺍﻧﺘﻬﺎﻛﺎﺕ ﺍﻟﺒﻴﺎﻧﺎﺕ‬
    ‫ﺍﻟﻤﺤﺘﻤﻠﺔﺑﺘﻨﻔﻴﺬ ﻗﺎﻋﺪﺓ ﻹﻳﻘﺎﻑ ﻧﺸﺎﻁ ﻣﻦ ﺍﻟﺤﺪﻭﺙ‪.‬‬

    ‫ﻧﻘﺎﻁﺍﻟﻮﺻﻮﻝ ﺍﻟﻼﺳﻠﻜﻴﺔ )‪(APs‬‬


    ‫ﺗﻮﻓﺮﻧﻘﻄﺔ ﺍﻟﻮﺻﻮﻝ ﺍﻟﻼﺳﻠﻜﻴﺔ )‪ (AP‬ﻭﺻﻮﻻ ًﻻﺳﻠﻜﻴﺎً ﺇﻟﻰ ﺍﻟﺸﺒﻜﺔ‪ .‬ﺗﻮﻓﺮ ﻧﻘﺎﻁ ﺍﻟﻮﺻﻮﻝ ﺍﻟﺤﺪﻳﺜﺔ ﺧﻴﺎﺭﺍﺕ ﻟﻠﺘﺸﻔﻴﺮ ﺃﻭ‬
    ‫ﺍﻟﺘﺪﺍﻓﻊﻭﺗﺄﻣﻴﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻤﻨﻘﻮﻟﺔ ‪ ،‬ﻭﻟﻜﻦ ﻧﻈﺮﺍً ﻷﻥ ﺍﻟﻌﺎﻟﻢ ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻲ ﻳﺘﻘﺪﻡ ﺑﺴﺮﻋﺔ ﻛﺒﻴﺮﺓ ‪ ،‬ﻏﺎﻟﺒﺎً ﻣﺎ ﺗﻔﺸﻞ‬
    ‫ﺍﻷﻧﻈﻤﺔﻓﻲ ﻣﻮﺍﻛﺒﺔ ﺍﻟﺠﻬﺎﺕ ﺍﻟﻔﺎﻋﻠﺔ ﺍﻟﺴﻴﺉﺔ ﺍﻟﺘﻲ ﺗﺤﺎﻭﻝ ﺗﺠﺎﻭﺯ ﻣﻴﺰﺍﺕ ﺍﻟﺘﺸﻔﻴﺮ ﺍﻟﺨﺎﺻﺔ ﺑﻬﺎ ‪ -‬ﻋﺎﺩﺓ ً)ﺃﻭ ﻏﺎﻟﺒﺎً(‬
    ‫ﻣﺠﺮﻡﺃﻭ ﺃﻏﺮﺍﺽ ﺧﺒﻴﺜﺔ‪.‬‬

    ‫ﺗﺤﻘﻖﺑﻴﺉﺎﺕ ﺍﻟﺸﺮﻛﺎﺕ ﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻼﺳﻠﻜﻴﺔ ﻋﻦ ﻃﺮﻳﻖ ﺑﺚ ﺇﺷﺎﺭﺍﺕ ﺍﻟﺮﺍﺩﻳﻮ ﺑﻴﻦ ﺍﻟﻤﻀﻴﻔﻴﻦ ﻭﻧﻘﺎﻁ‬
    ‫ﺍﻟﻮﺻﻮﻝ‪.‬ﺗﻮﻓﺮ ﻧﻘﻄﺔ ﺍﻟﻮﺻﻮﻝ ﻣﺠﻤﻮﻋﺔ ﻣﻦ ﺍﻟﺨﻴﺎﺭﺍﺕ ﻟﺒﻨﻴﺔ ﺍﻟﻄﺒﻘﺔ ﺍﻷﻭﻟﻰ ﻟﻠﺨﺪﻣﺔ ﺍﻟﻼﺳﻠﻜﻴﺔ‪ .‬ﺍﻋﺘﻤﺎﺩﺍً ﻋﻠﻰ ﻋﻤﺮ‬
    ‫ﺍﻟﻤﻌﺪﺍﺕﺍﻟﻤﺴﺘﺨﺪﻣﺔ ‪ ،‬ﻳﻤﻜﻦ ﺍﺳﺘﺨﺪﺍﻡ ﻋﺪﺓ ﺃﻧﻮﺍﻉ ﻣﻦ ﺍﻟﺘﺸﻔﻴﺮ ‪ ،‬ﺃﻭ ﻗﺪ ﺗﺨﺘﺎﺭ ﻣﻨﻈﻤﺔ ﻋﺪﻡ ﺍﺳﺘﺨﺪﺍﻡ ﺍﻟﺘﺸﻔﻴﺮ‪.‬‬
    ‫ﻭﻣﻊﺫﻟﻚ ‪ ،‬ﻳﻤﻜﻦ ﺃﻥ ﻳﻌﺮﺽ ﻫﺬﺍ ﺍﻟﻤﻨﻈﻤﺔ ﻝ‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪30‬‬ ‫‪www.theiia.org‬‬


    ‫ﻣﺨﺎﻃﺮﺇﺿﺎﻓﻴﺔ ‪ ،‬ﻭﻫﻲ ﺗﻜﻠﻔﺔ ﻏﻴﺮ ﻣﻜﻠﻔﺔ ﻧﺴﺒﻴﺎً ﻟﺘﺮﻗﻴﺔ ﻣﻜﻮﻧﺎﺕ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻼﺳﻠﻜﻴﺔ ‪ ،‬ﻣﻦ ﺃﺟﻞ ﺯﻳﺎﺩﺓ ﺍﻷﻣﺎﻥ‪.‬‬

    ‫ﻳﻤﻜﻦﺃﻥ ﺗﻜﻮﻥ ﺗﺮﻗﻴﺔ ﺍﻟﻤﻌﺪﺍﺕ ﺃﻭ ﺗﻜﻮﻳﻦ ﻗﺎﻋﺪﺓ ﺍﻟﻤﺴﺘﺨﺪﻣﻴﻦ ﺑﺎﻟﻜﺎﻣﻞ ﻻﺳﺘﺨﺪﺍﻡ ﺑﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﺘﺸﻔﻴﺮ ﺍﻷﺣﺪﺙ‬
    ‫ﻣﻬﻤﺔﻛﺒﻴﺮﺓ ﺟﺪﺍً‪ .‬ﻓﻴﻤﺎ ﻳﻠﻲ ﻗﺎﺉﻤﺔ ﻣﺨﺘﺼﺮﺓ ﺑﺒﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﺘﺸﻔﻴﺮ ﺍﻟﻼﺳﻠﻜﻲ ﺍﻟﻤﺨﺘﻠﻔﺔ ‪ ،‬ﻣﻦ ﺃﻗﻠﻬﺎ ﺗﺸﻔﻴﺮﺍً ﺇﻟﻰ‬
    ‫ﻣﻌﻈﻤﻬﺎ‪.‬‬

    ‫‪( -‬ﺍﻟﺨﺼﻮﺻﻴﺔ ﺍﻟﻤﻜﺎﻓﺉﺔ ﻟﻠﺸﺒﻜﺎﺕ ﺍﻟﺴﻠﻜﻴﺔ) ‪WEP‬ﺑﺮﻭﺗﻮﻛﻮﻝ ﺃﻣﺎﻥ ﻗﺪﻳﻢ ﻳﻮﻓﺮ ﺗﺸﻔﻴﺮﺍً ﺃﺳﺎﺳﻴﺎً‪.‬‬ ‫‪-‬‬
    ‫ﻳﺘﻢﺍﺳﺘﺨﺪﺍﻡ ﻫﺬﺍ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻝ ﻋﺎﺩﺓ ًﻷﻧﻪ ﻗﺪ ﻳﻜﻮﻥ ﺍﻟﺨﻴﺎﺭ ﺍﻟﻮﺣﻴﺪ ﻟﻠﺒﻨﻰ ﺍﻟﺘﺤﺘﻴﺔ ﺍﻷﻗﺪﻡ‪ .‬ﻣﻦ ﻭﺟﻬﺔ‬
    ‫ﻧﻈﺮﺃﻣﻨﻴﺔ ‪ ،‬ﻧﻈﺮﺍً ﻟﺤﺮﻛﺔ ﺍﻟﻤﺮﻭﺭ ﺍﻟﻜﺎﻓﻴﺔ ﻭﺣﺘﻰ ﻗﻮﺓ ﺍﻟﺤﻮﺳﺒﺔ ﺍﻟﻬﺎﻣﺸﻴﺔ ﻋﻠﻰ ﺟﻬﺎﺯ ﻛﻤﺒﻴﻮﺗﺮ ﻣﺤﻤﻮﻝ‬
    ‫ﺃﻭﺟﻬﺎﺯ ﻣﺤﻤﻮﻝ ‪ ،‬ﻳﻤﻜﻦ ﺍﺧﺘﺮﺍﻕ ‪ WEP‬ﺑﺴﻬﻮﻟﺔ ﻭﺣﻞ ﻣﺤﻠﻪ ﺑﺮﻭﺗﻮﻛﻮﻝ ‪ WPA‬ﻣﻦ ﻗﺒﻞ ‪-Fi Alliance‬‬
    ‫‪ Wi‬ﻓﻲ ﻋﺎﻡ ‪.2003‬‬
    ‫‪ Wi-Fi( -‬ﺍﻟﻮﺻﻮﻝ ﺍﻟﻤﺤﻤﻲ ﺑﺘﻘﻨﻴﺔ) ‪WPA‬ﺍﺳﺘﺒﺪﺍﻝ ‪ WEP‬ﻛﺒﺮﻭﺗﻮﻛﻮﻝ ﺃﻣﺎﻥ ﺃﻛﺜﺮ ﺃﻣﺎﻧﺎً ﻟﻠﺸﺒﻜﺎﺕ‬ ‫‪-‬‬
    ‫ﺍﻟﻼﺳﻠﻜﻴﺔ‪.‬ﻣﺜﻞ ‪ ، WEP‬ﻳﺠﺐ ﺍﺳﺘﺨﺪﺍﻡ ‪ WPA‬ﻓﻘﻂ ﺇﺫﺍ ﺗﻄﻠﺒﺘﻪ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﺍﻷﻗﺪﻡ ﻷﻧﻪ ﺿﻌﻴﻒ‬
    ‫ﻭﻳﻮﻓﺮﺗﺸﻔﻴﺮﺍً ﺃﻗﻞ ﻣﻦ ﺃﺳﻼﻓﻪ‪.‬‬
    ‫‪ Wi-Fi 2( -‬ﻭﺻﻮﻝ ﻣﺤﻤﻲ ﺑﺘﻘﻨﻴﺔ) ‪WPA2‬ﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻷﻣﺎﻥ ﺍﻟﻤﻄﻠﻮﺏ ﺣﺎﻟﻴﺎً ﻋﻠﻰ ﺟﻤﻴﻊ ﺍﻷﺟﻬﺰﺓ ﺍﻟﺘﻲ‬ ‫‪-‬‬
    ‫ﺗﻌﺘﺒﺮ‪ Wi-Fi CERTIFIED‬ﻣﻦ ﻗﺒﻞ ‪ ، Wi-Fi Alliance‬ﻣﻤﺎ ﻳﻮﻓﺮ ﺧﻮﺍﺭﺯﻣﻴﺎﺕ ﺗﺸﻔﻴﺮ ﺃﻗﻮﻯ ﻣﻦ‬
    ‫ﺳﺎﺑﻘﺎﺗﻬﺎ‪.‬ﻳﻮﻓﺮ ﺩﺭﺟﺔ ﻣﻦ ﺍﻷﻣﺎﻥ ﻣﻦ ﺍﻟﻮﺻﻮﻝ ﻏﻴﺮ ﺍﻟﻤﺼﺮﺡ ﺑﻪ‪.‬‬
    ‫‪ Wi-Fi 3( -‬ﻭﺻﻮﻝ ﻣﺤﻤﻲ ﺑﺘﻘﻨﻴﺔ) ‪WPA3‬ﻳﻮﻓﺮ ﺗﺸﻔﻴﺮ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻔﺮﺩﻳﺔ ‪ ،‬ﻭﻳﺆﻣﻦ ﺑﻌﺾ ﺃﺟﻬﺰﺓ "‬ ‫‪-‬‬
    ‫ﺇﻧﺘﺮﻧﺖﺍﻷﺷﻴﺎء" )‪ ، (IoT‬ﻭﻳﺤﻤﻲ ﻣﻦ ﺍﻟﻘﻮﺓ ﺍﻟﻐﺎﺷﻤﺔ )ﻧﻬﺞ ﺍﻟﺘﺠﺮﺑﺔ ﻭﺍﻟﺨﻄﺄ( ‪ ،‬ﻭﻫﺠﻤﺎﺕ ﺍﻟﻘﺎﻣﻮﺱ )‬
    ‫ﺑﺎﺳﺘﺨﺪﺍﻡﻛﻠﻤﺎﺕ ﺍﻟﻘﺎﻣﻮﺱ ﻟﺘﺨﻤﻴﻦ ﻛﻠﻤﺎﺕ ﺍﻟﻤﺮﻭﺭ( ‪ ،‬ﻭﻳﻮﻓﺮ ﺃﻋﻠﻰ ﻣﺴﺘﻮﻯ ﺣﺎﻟﻲ ﻣﻦ ﺍﻟﺘﺸﻔﻴﺮ‪.‬‬

    ‫ﺗﻄﺒﻴﻖﺃﻣﺎﻥ ‪DMZ:‬‬
    ‫ﺍﻟﻤﻨﻄﻘﺔﻣﻨﺰﻭﻋﺔ ﺍﻟﺴﻼﺡ )‪ (DMZ‬ﻫﻲ ﺟﺰء ﻣﻦ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻤﻮﺟﻮﺩﺓ ﺑﻴﻦ ﺟﺪﺍﺭﻱ ﻧﺎﺭﻳﺘﻴﻦ ﻭﺗﺤﻤﻲ ﺍﻟﺨﻮﺍﺩﻡ ﺍﻟﺨﺎﺭﺟﻴﺔ‬
    ‫ﻟﻠﻤﺆﺳﺴﺔ‪.‬ﺃﻭﻝ ﺟﺪﺍﺭ ﻧﺎﺭﻱ "ﻣﻮﺍﺟﻪ ﻟﻠﺨﺎﺭﺝ" ﺃﻭ ﺧﺎﺿﻊ ﻟﻺﻧﺘﺮﻧﺖ ‪ ،‬ﻭﻳﺤﻤﻲ ﺃﻧﻈﻤﺔ ‪ .DMZ‬ﻳﺤﺘﻮﻱ ﺟﺪﺍﺭ ﺍﻟﺤﻤﺎﻳﺔ‬
    ‫ﺍﻟﻤﻮﺍﺟﻪﻟﻠﺨﺎﺭﺝ ﻋﻠﻰ ﺗﻌﺮﺽ ﺃﻛﺜﺮ ﻣﻦ ﺟﺪﺍﺭ ﺍﻟﺤﻤﺎﻳﺔ ﺍﻟﺜﺎﻧﻲ ‪ ،‬ﺍﻟﺬﻱ ﻳﺤﻤﻲ ﺍﻟﺸﺒﻜﺔ ﺍﻟﺪﺍﺧﻠﻴﺔ‪ .‬ﻳﻮﺿﺢ ﺍﻟﺸﻜﻞ ‪ 15‬ﻣﺜﺎﻻ ً‬
    ‫ﻋﻠﻰ‪ DMZ‬ﻭﻣﻮﺿﻌﻬﺎ‪.‬‬

    ‫ﺍﻟﺸﻜﻞ‪ :15‬ﻭﺿﻊ ‪ DMZ‬ﺩﺍﺧﻞ ﺷﺒﻜﺔ‬

    ‫ﻭﺍﺟﻬﺔﻭﻳﺐ‬
    ‫ﺍﻟﻤﻨﻄﻘﺔﺍﻟﻤﺠﺮﺩﺓ ﻣﻦ ﺍﻟﺴﻼﺡ‬

    ‫ﻭﺻﻮﻝ‬
    ‫ﺟﺪﺍﺭﺍﻟﺤﻤﺎﻳﺔ‬ ‫ﺑﻮﺍﺑﺔ‬ ‫ﺟﺪﺍﺭﺍﻟﺤﻤﺎﻳﺔ‬ ‫ﻣﺴﺘﺨﺪﻡﺑﻌﻴﺪ‬

    ‫ﺍﻟﺨﻮﺍﺩﻡ‬ ‫ﺍﻟﻤﺼﺪﺭ‪:‬ﻣﻌﻬﺪ ﺍﻟﻤﺮﺍﺟﻌﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪31‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻮﺻﻮﻝﺇﻟﻰ ﺍﻟﺸﺒﻜﺔ ﻋﻦ ﺑﻌﺪ‬

    ‫ﺗﺘﻮﻓﺮﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺧﻴﺎﺭﺍﺕ ﺍﻟﻮﺻﻮﻝ ﻋﻦ ﺑﻌُﺪ ﻟﻠﻤﺆﺳﺴﺎﺕ ‪ ،‬ﻭﺍﻟﺘﻲ ﺗﺤﺪﺩﻫﺎ ﻋﻮﺍﻣﻞ ﻣﺜﻞ ﻣﺘﻄﻠﺒﺎﺕ ﺍﻷﻣﺎﻥ ﻭﺗﻮﻗﻌﺎﺕ‬
    ‫ﺍﻟﻤﺴﺘﺨﺪﻡﻭﺍﻟﻘﺪﺭﺍﺕ ﺍﻟﺘﻘﻨﻴﺔ ﻭﺍﺣﺘﻴﺎﺟﺎﺕ ﺍﻟﻌﻤﻞ‪ .‬ﺇﻥ ﺍﻟﺤﺎﺟﺔ ﺇﻟﻰ ﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ ﺷﺒﻜﺎﺕ ﺍﻟﺸﺮﻛﺎﺕ ﻫﻲ ﻧﺘﻴﺠﺔ ﺃﻥ‬
    ‫ﺍﻟﻘﻮﻯﺍﻟﻌﺎﻣﻠﺔ ﺍﻟﻴﻮﻡ ﺃﺻﺒﺤﺖ ﺃﻛﺜﺮ ﻗﺪﺭﺓ ﻋﻠﻰ ﺍﻟﺤﺮﻛﺔ ؛ ﻟﻠﺒﻘﺎء ﻣﻨﺘﺠﻴﻦ ‪ ،‬ﻳﺤﺘﺎﺝ ﺍﻟﻤﺴﺘﺨﺪﻣﻮﻥ ﺇﻟﻰ ﻭﺻﻮﻝ ﻣﺴﺘﻤﺮ‬
    ‫ﺇﻟﻰﺍﻟﺸﺒﻜﺔ‪ .‬ﻗﺪ ﻳﺘﻄﻠﺐ ﻫﺬﺍ ﺍﺗﺼﺎﻻ ًﻣﻦ ﺷﺒﻜﺔ ﻋﺎﻣﺔ ﻏﻴﺮ ﺁﻣﻨﺔ ‪ ،‬ﻣﺜﻞ ﻧﻘﻄﺔ ﻭﺻﻮﻝ ﻋﺎﻣﺔ‪.‬‬

    ‫ﺗﺘﻄﻠﺐﻏﺎﻟﺒﻴﺔ ﺍﻟﺤﻠﻮﻝ ﺍﻟﺘﻲ ﺗﻨﺸﺮﻫﺎ ﺍﻟﻤﺆﺳﺴﺎﺕ ﺷﻜﻼ ًﻣﻦ ﺃﺷﻜﺎﻝ ﺍﻷﻣﺎﻥ ﻟﻀﻤﺎﻥ ﺃﻥ ﺍﻻﺗﺼﺎﻻﺕ ﻋﻦ ﺑﻌُﺪ ﺁﻣﻨﺔ‪.‬‬
    ‫ﻋﺎﺩﺓﻣﺎ ﺗﻜﻮﻥ ﺿﻮﺍﺑﻂ ﺍﻷﻣﺎﻥ ﻓﻲ ﺷﻜﻞ ﻣﺼﺎﺩﻗﺔ ﻣﺘﻌﺪﺩﺓ ﺍﻟﻌﻮﺍﻣﻞ )‪) (MFA‬ﻳﺸﺎﺭ ﺇﻟﻴﻬﺎ ﺃﺣﻴﺎﻧﺎً ﺑﺎﺳﻢ ﺍﻟﻤﺼﺎﺩﻗﺔ‬
    ‫ﺍﻟﺜﻨﺎﺉﻴﺔ)‪ ((2FA‬ﺃﻭ ﺍﻟﺘﺸﻔﻴﺮ ﺃﻭ ﻛﻠﻴﻬﻤﺎ‪ .‬ﻳﻌﻨﻲ ‪ MFA / 2FA‬ﺃﻧﻪ ﺑﺎﻹﺿﺎﻓﺔ ﺇﻟﻰ ﺇﺩﺧﺎﻝ ﻛﻠﻤﺔ ﻣﺮﻭﺭ ‪ ،‬ﻳﺠﺐ ﻋﻠﻰ‬
    ‫ﺍﻟﻤﺴﺘﺨﺪﻡﺇﺩﺧﺎﻝ ﺭﻣﺰ ﻣﻤﻴﺰ ﺃﻭ ﻣﻔﺘﺎﺡ ﻣﺮﻭﺭ ﻳﺘﻢ ﺗﺤﺪﻳﺜﻪ ﺩﻭﺭﻳﺎً )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﻳﺘﻢ ﺇﺭﺳﺎﻝ ﺭﻗﻢ ﻣﺘﻌﺪﺩ ﺍﻷﺭﻗﺎﻡ‬
    ‫ﻟﻤﺮﺓﻭﺍﺣﺪﺓ ﺃﻭ "ﺭﻣﺰ ﻣﻤﻴﺰ" ﺇﻟﻰ ﺍﻟﻬﺎﺗﻒ ﺍﻟﻤﺤﻤﻮﻝ ﻟﻠﻤﺴﺘﺨﺪﻡ ﺍﻟﺒﻌﻴﺪ ﺍﻟﺬﻱ ﻳﺠﺐ ﺃﻥ ﻳﻜﻮﻥ ﺗﺴﺘﺨﺪﻡ ﻹﻛﻤﺎﻝ ﻭﺻﻮﻝ‬
    ‫ﺍﻟﻤﺴﺘﺨﺪﻡﺇﻟﻰ ﻧﻈﺎﻡ ﺍﻟﻤﺆﺳﺴﺔ(‪.‬‬

    ‫ﺍﻟﻮﺻﻮﻝﻋﻦ ﺑﻌﺪ‪ :‬ﺍﻟﺸﺒﻜﺔ ﺍﻻﻓﺘﺮﺍﺿﻴﺔ ﺍﻟﺨﺎﺻﺔ )‪(VPN‬‬


    ‫ﺗﻘﻮﻡ‪ VPN‬ﺑﺘﻮﺳﻴﻊ ﺷﺒﻜﺔ ﺧﺎﺻﺔ ﻋﺒﺮ ﺷﺒﻜﺔ ﻋﺎﻣﺔ ﻭﺗﻤﻜﻦ ﺍﻟﻤﺴﺘﺨﺪﻣﻴﻦ ﻣﻦ ﺇﺭﺳﺎﻝ ﻭﺍﺳﺘﻘﺒﺎﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻛﻤﺎ ﻟﻮ‬
    ‫ﻛﺎﻧﻮﺍﻣﺘﺼﻠﻴﻦ ﻋﺒﺮ ﺷﺒﻜﺔ ﺧﺎﺻﺔ‪ .‬ﻳﻮﻓﺮ ﻣﺰﺍﻳﺎ ﺍﻟﻮﻇﺎﺉﻒ ﻭﺍﻷﻣﺎﻥ ﻭﺧﺼﺎﺉﺺ ﺍﻹﺩﺍﺭﺓ ﻟﺸﺒﻜﺔ ﺧﺎﺻﺔ‪ .‬ﻳﺠﺐ ﺃﻥ‬
    ‫ﺗﻀﻤﻦﺍﻟﻤﻨﻈﻤﺎﺕ ﺍﻟﺘﺤﻘﻖ ﻣﻦ ﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ ‪ VPN‬ﻭﺍﻟﻤﺼﺎﺩﻗﺔ ﻋﻠﻴﻪ ﻟﻤﻨﻊ ﺍﻟﻮﺻﻮﻝ ﻋﻦ ﺑﻌُﺪ ﻏﻴﺮ ﺍﻟﻤﺼﺮﺡ ﺑﻪ ﺇﻟﻰ‬
    ‫ﺷﺒﻜﺔﺍﻟﻤﺆﺳﺴﺔ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪.(MFA ،‬‬

    ‫ﻳﻔﺘﺮﺽﺍﻟﻮﺻﻮﻝ ﻋﻦ ﺑﻌُﺪ ﺑﻄﺒﻴﻌﺘﻪ ﻭﺟﻮﺩ ﺍﺗﺼﺎﻝ ﻏﻴﺮ ﺁﻣﻦ ﻣﻦ ﺍﻟﻄﺒﻘﺔ ﺍﻟﺜﺎﻧﻴﺔ ﺇﻟﻰ ﺍﻟﺮﺍﺑﻌﺔ‪ .‬ﻋﻨﺪ ﺍﺳﺘﺨﺪﺍﻡ ‪، VPN‬‬
    ‫ﻗﺒﻞﺇﺭﺳﺎﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﺗﻮﻓﺮ ﻃﺒﻘﺔ ﺍﻟﺠﻠﺴﺔ )ﺍﻟﻄﺒﻘﺔ ‪" (5‬ﻧﻔﻘﺎً" ﻣﺸﻔﺮﺍً ﻟﻨﻘﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ‪ .‬ﻳﻌﺪ ﻫﺬﺍ ﺗﺪﺑﻴﺮﺍً ﺃﻣﻨﻴﺎً ﻣﻬﻤ ًﺎ‬
    ‫ﻟﻠﻤﺆﺳﺴﺔ ‪،‬ﻓﻲ ﺣﺎﻟﺔ ﻭﺻﻮﻝ ﻏﻴﺮ ﺍﻟﻤﻮﻇﻒ ﺇﻟﻰ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﻳﺘﻢ ﺗﺸﻔﻴﺮ ﺍﻟﻤﺤﺘﻮﻳﺎﺕ ﺍﻟﻤﻐﻠﻔﺔ ﺑﺎﻟﻜﺎﻣﻞ ‪ ،‬ﻭﻓﻲ ﺑﻌﺾ‬
    ‫ﺍﻟﺤﺎﻻﺕﺣﺘﻰ ﻣﻌﻠﻮﻣﺎﺕ ﺍﻹﺭﺳﺎﻝ‪ .‬ﻳﻄُﻠﻖ ﻋﻠﻰ ﺍﻟﻨﻈﺎﻡ ﺍﻟﺪﺍﺧﻠﻲ ﺍﻟﺬﻱ ﻳﺴﺘﻘﺒﻞ ﻫﺬﻩ ﺍﻻﺗﺼﺎﻻﺕ ﻭﻳﻔﻚ ﺗﺸﻔﻴﺮ‬
    ‫ﺍﻟﻤﺤﺘﻮﻳﺎﺕﻧﻘﻄﺔ ﺍﻟﺘﻮﺍﺟﺪ )‪ .(PoP‬ﻧﻈﺮﺍً ﻟﺪﻭﺭﻫﺎ ‪ ،‬ﻻ ﻳﻨﺒﻐﻲ ﺃﺑﺪﺍً ﺭﺑﻂ ﺧﻮﺍﺩﻡ ‪ PoP‬ﺑﺎﻹﻧﺘﺮﻧﺖ‪ .‬ﺍﻟﻄﺮﻳﻘﺔ ﺍﻷﻛﺜﺮ ﺷﻴﻮﻋﺎً‬
    ‫ﻟﺘﺤﻘﻴﻖﺧﺪﻣﺔ ‪ PoP‬ﻫﻲ ﺍﺳﺘﺨﺪﺍﻡ ‪ VPN‬ﻟﺘﺸﻔﻴﺮ ﺣﺮﻛﺔ ﺍﻟﻤﺮﻭﺭ ﺑﻴﻦ ﺍﻟﻤﻀﻴﻒ ﻭﻧﻘﻄﺔ ﺗﻮﺍﺟﺪ ﺍﻟﺸﺒﻜﺔ ﺍﻟﺪﺍﺧﻠﻴﺔ‪.‬‬

    ‫ﺍﻟﻮﺻﻮﻝﻋﻦ ﺑﻌﺪ‪Virtual Desktop :‬‬


    ‫ﺗﻤﻨﺢﺑﺮﻭﺗﻮﻛﻮﻻﺕ ﺳﻄﺢ ﺍﻟﻤﻜﺘﺐ ﺍﻻﻓﺘﺮﺍﺿﻴﺔ ﻣﺜﻞ ﺑﺮﻭﺗﻮﻛﻮﻝ ﺳﻄﺢ ﺍﻟﻤﻜﺘﺐ ﺍﻟﺒﻌﻴﺪ )‪ (RDP‬ﻣﻦ ‪Microsoft‬‬
    ‫ﻟﻠﻤﺴﺘﺨﺪﻣﻴﻦﻭﺍﺟﻬﺔ ﺭﺳﻮﻣﻴﺔ ﻟﺘﻮﺻﻴﻞ ﻧﻈﺎﻡ )ﻛﻤﺒﻴﻮﺗﺮ( ﺑﺂﺧﺮ ﻋﺒﺮ ﺍﺗﺼﺎﻝ ﺷﺒﻜﺔ‪ .‬ﻳﺘﻤﺜﻞ ﺍﻻﺳﺘﺨﺪﺍﻡ ﺍﻷﺳﺎﺳﻲ‬
    ‫ﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕﺳﻄﺢ ﺍﻟﻤﻜﺘﺐ ﺍﻻﻓﺘﺮﺍﺿﻴﺔ ﻓﻲ ﺗﻮﻓﻴﺮ ﺍﻟﺪﻋﻢ ﺍﻟﻔﻨﻲ ﻭﺇﺩﺍﺭﺓ ﺍﻟﺨﻮﺍﺩﻡ ﺍﻟﺘﻲ ﻻ ﺗﺤﺘﻮﻱ ﻋﻠﻰ ﻟﻮﺣﺔ ﻣﻔﺎﺗﻴﺢ ‪/‬‬
    ‫ﺷﺎﺷﺔﻓﻴﺪﻳﻮ ‪ /‬ﻓﺄﺭﺓ ﻣﺘﺼﻠﺔ ﺑﻬﺎ ‪ ،‬ﻣﻤﺎ ﻳﺴﻤﺢ ﻟﻠﻤﺴﺆﻭﻟﻴﻦ ﺑﺘﺸﻐﻴﻞ ﻭﺻﻴﺎﻧﺔ ﺍﻟﺨﻮﺍﺩﻡ ﻓﻲ ﻣﺮﻛﺰ ﺍﻟﺒﻴﺎﻧﺎﺕ‪.‬‬

    ‫ﻳﺠﺐﺃﻥ ﻳﻜﻮﻥ ﻟﺪﻯ ﻛﻼ ﺍﻟﺠﻬﺎﺯﻳﻦ ﻧﻔﺲ ﺑﺮﻧﺎﻣﺞ ﺑﺮﻭﺗﻮﻛﻮﻝ ﺳﻄﺢ ﺍﻟﻤﻜﺘﺐ ﺍﻟﻈﺎﻫﺮﻱ ﺍﻟﻤﺜﺒﺖ ﻻﺳﺘﺨﺪﺍﻡ ﻫﺬﻩ‬
    ‫ﺍﻟﻮﻇﻴﻔﺔ‪.‬ﻟﻠﻮﺻﻮﻝ ﺇﻟﻰ ﻛﻤﺒﻴﻮﺗﺮ ﺁﺧﺮ ‪ ،‬ﻳﺠﺐ ﺃﻥ ﻳﻜﻮﻥ ﻟﺪﻯ ﺍﻟﻤﺴﺘﺨﺪﻡ ﺍﻟﺒﻌﻴﺪ ﻋﻨﻮﺍﻥ ‪ IP‬ﻭﺍﻟﻘﺪﺭﺓ ﻋﻠﻰ ﺍﻟﻤﺼﺎﺩﻗﺔ )‬
    ‫ﻋﻠﻰﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﺗﺴﺠﻴﻞ ﺍﻟﺪﺧﻮﻝ ‪ ،‬ﺗﻘﺪﻳﻢ ﺭﻣﺰ ﺃﻣﺎﻥ ﻣﻤﻴﺰ(‪ .‬ﻷﻏﺮﺍﺽ ﺃﻣﻨﻴﺔ ‪ ،‬ﻏﺎﻟﺒﺎً ﻣﺎ ﻳﺘﻢ ﺣﻈﺮ ﺍﺗﺼﺎﻻﺕ‬
    ‫ﺑﺮﻧﺎﻣﺞﺑﺮﻭﺗﻮﻛﻮﻝ ﺳﻄﺢ ﺍﻟﻤﻜﺘﺐ ﺍﻻﻓﺘﺮﺍﺿﻲ ﻓﻲ ﺟﺪﺍﺭ ﺍﻟﺤﻤﺎﻳﺔ ﺍﻟﻤﺤﻴﻂ ﺃﻭ ﻓﻲ ‪.DMZ‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪32‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﺪﻓﺎﻉﻋﻦ ﺍﻟﺸﺒﻜﺔ‬
    ‫ﻟﻔﻬﻢﺃﻣﺎﻥ ﺍﻟﺸﺒﻜﺔ ﺑﺸﻜﻞ ﻛﺎﻣﻞ ﻣﻦ ﺣﻴﺚ ﺻﻠﺘﻪ‬
    ‫ﺍﻟﺸﻜﻞ‪ :16‬ﺩﻓﺎﻉ ﻣﺘﻌﺪﺩ ﺍﻟﻄﺒﻘﺎﺕ ﻓﻲ ﺍﻟﻌﻤﻖ‬ ‫ﺑﻤﻜﻮﻧﺎﺕﺍﻟﺸﺒﻜﺔ ﻭﺑﻨﻴﺘﻬﺎ ‪ ،‬ﻳﺠﺐ ﻓﻬﻢ ﻣﻔﻬﻮﻡ ﺍﻟﺪﻓﺎﻉ‬
    ‫ﻃﻠﺐ‬ ‫ﻣﺘﻌﺪﺩﺍﻟﻄﺒﻘﺎﺕ ﺃﻭ ﺍﻟﺪﻓﺎﻉ ﺍﻟﻤﺘﻌﻤﻖ )ﺍﻟﺸﻜﻞ ‪ .(16‬ﻳﺮﻛﺰ‬
    ‫ﻭﺍﻟﺒﻴﺎﻧﺎﺕ‬ ‫ﻫﺬﺍﺍﻟﻤﻔﻬﻮﻡ ﻋﻠﻰ ﻓﺮﺿﻴﺔ ﺃﻧﻪ ﻻ ﻳﻨﺒﻐﻲ ﺃﻥ ﺗﺘﺴﺒﺐ‬
    ‫ﺣﻤﺎﻳﺔ‬ ‫ﻧﻘﻄﺔﻓﺸﻞ ﻭﺍﺣﺪﺓ ﻓﻲ ﺍﻟﺘﻨﺎﺯﻝ ﺍﻟﺘﺎﻡ ﻋﻦ ﺍﻷﻣﺎﻥ‪.‬‬
    ‫ﺃﻣﻦﺍﻟﻤﻀﻴﻒ‬

    ‫ﺷﺒﻜﺔ‬
    ‫ﺣﻤﺎﻳﺔ‬
    ‫ﺑﺪﻧﻲ‬
    ‫ﺣﻤﺎﻳﺔ‬ ‫ﺩﻓﺎﻉﻣﺘﻌﺪﺩ ﺍﻟﻄﺒﻘﺎﺕ ﺃﻭ ﺩﻓﺎﻉ ﻣﺘﻌﻤﻖ‬
    ‫ﺍﻟﺴﻴﺎﺳﺔﻭ‬ ‫ﻳﻀﻤﻦﻫﺬﺍ ﺍﻟﻤﻔﻬﻮﻡ ﻭﺟﻮﺩ ﻃﺒﻘﺎﺕ ﻣﺘﻌﺪﺩﺓ ﻣﻦ ﺍﻟﻀﻮﺍﺑﻂ‬
    ‫ﺇﺟﺮﺍءﺍﺕ‬
    ‫ﻗﺒﻞﺃﻥ ﻳﺘﻤﻜﻦ ﺍﻟﻤﺘﺴﻠﻞ ﺍﻟﻤﺤﺘﻤﻞ ﻣﻦ ﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﺍﻟﺤﺴﺎﺳﺔ‪ .‬ﻋﺎﺩﺓ ‪ ،‬ﺗﻮﺟﺪ ﻃﺒﻘﺎﺕ ﻋﻨﺎﺻﺮ‬
    ‫ﺍﻟﺘﺤﻜﻢﻫﺬﻩ ﻋﺒﺮ ﺍﻟﺸﺒﻜﺔ ﻭﺍﻟﺨﻮﺍﺩﻡ ﻭﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﻗﻮﺍﻋﺪ‬
    ‫ﺍﻟﺒﻴﺎﻧﺎﺕ‪.‬ﻳﻀﻤﻦ ﻫﺬﺍ ﺍﻟﻤﻔﻬﻮﻡ ﺃﻳﻀﺎً ﻭﺟﻮﺩ ﺍﻟﻀﻮﺍﺑﻂ‬
    ‫ﺍﻟﻤﺎﺩﻳﺔﺍﻟﻤﻨﺎﺳﺒﺔ‪ .‬ﻳﺨﻀﻊ ﺍﻟﻤﻔﻬﻮﻡ ﺍﻟﻌﺎﻡ ﻟﻠﺴﻴﺎﺳﺎﺕ‬
    ‫ﺍﻟﻤﺼﺪﺭ‪:‬ﻣﻌﻬﺪ ﺍﻟﻤﺮﺍﺟﻌﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬
    ‫ﻭﺍﻹﺟﺮﺍءﺍﺕﺍﻟﻤﻨﺎﺳﺒﺔ‪.‬‬

    ‫ﻳﺸﺒﻪﻣﻔﻬﻮﻡ ﺍﻟﺪﻓﺎﻉ ﻓﻲ ﺍﻟﻌﻤﻖ ﻛﻴﻔﻴﺔ ﺣﻤﺎﻳﺔ ﺍﻟﻘﻼﻉ ﺧﻼﻝ ﺍﻟﻌﺼﻮﺭ ﺍﻟﻮﺳﻄﻰ ‪ ،‬ﻋﻨﺪﻣﺎ ﻛﺎﻧﺖ ﺍﻟﻀﻮﺍﺑﻂ ﺃﻭ ﺍﻟﺤﻮﺍﺟﺰ‬
    ‫ﺍﻟﻤﺘﻌﺪﺩﺓﺗﺤﻤﻲ ﺟﻮﺍﻫﺮ ﺍﻟﺘﺎﺝ ﻭﻛﺬﻟﻚ ﺍﻟﺴﻜﺎﻥ‪ .‬ﺗﻮﺟﺪ ﻓﻠﺴﻔﺔ ﻣﻤﺎﺛﻠﺔ ﺍﻟﻴﻮﻡ ﻟﺘﺤﺪﻳﺪ ﺍﻟﻀﻮﺍﺑﻂ ﺍﻟﺴﻴﺒﺮﺍﻧﻴﺔ ﻋﺒﺮ‬
    ‫ﻃﺒﻘﺎﺕﻣﺨﺘﻠﻔﺔ ﻣﻦ ﺍﻟﺒﻴﺉﺔ ﺍﻹﻟﻜﺘﺮﻭﻧﻴﺔ‪.‬‬

    ‫ﺍﻹﻧﺘﺮﻧﺖﺧﺎﺭﺝ ﺑﻮﺍﺑﺔ ﺍﻟﻘﻠﻌﺔ‪.‬‬ ‫‪-‬‬


    ‫ﺑﻮﺍﺑﺔﺍﻟﻘﻠﻌﺔ ﻫﻲ ﻗﺎﻋﺪﺓ ﺟﺪﺍﺭ ﺍﻟﺤﻤﺎﻳﺔ )ﺍﻟﺘﻲ ﺗﻮﺍﺟﻪ ﺍﻟﺨﺎﺭﺝ(‪.‬‬ ‫‪-‬‬
    ‫ﺍﻟﺠﺪﺭﺍﻥﻭﺍﻟﺨﻨﺪﻕ ﻭﺍﻟﻔﻨﺎء ﻫﻲ ﺍﻟﻤﻨﻄﻘﺔ ﺍﻟﻤﻨﺰﻭﻋﺔ ﺍﻟﺴﻼﺡ‪.‬‬ ‫‪-‬‬
    ‫ﺃﺑﺮﺍﺝﺍﻟﻤﺮﺍﻗﺒﺔ ﻫﻲ ﻣﻌﺮﻓﺎﺕ ﺍﻷﻣﺎﻥ ‪ IPS /‬ﻭ ‪ DLP‬ﻭﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ‬ ‫‪-‬‬
    ‫ﻭﺑﻮﺍﺑﺎﺕﺍﻟﻮﻳﺐ‪ .‬ﺍﻟﺒﺎﺏ ﺍﻟﺪﺍﺧﻠﻲ ﻟﻠﻘﻠﻌﺔ ﻫﻮ ﺟﺪﺍﺭ ﺍﻟﺤﻤﺎﻳﺔ ﺍﻟﺪﺍﺧﻠﻲ‪.‬‬ ‫‪-‬‬
    ‫ﻏﺮﻑﺍﻟﻘﻠﻌﺔ ﻫﻲ ﺷﺒﻜﺔ ﻣﺠﺰﺃﺓ‪.‬‬ ‫‪-‬‬

    ‫ﺗﺤﺪﻳﺎﺕﺍﻟﺸﺒﻜﺔ ﻭﻣﺨﺎﻃﺮﻫﺎ‬
    ‫ﺗﺤﺘﻮﻱﺍﻟﺸﺒﻜﺎﺕ ﻋﻠﻰ ﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺍﻟﻤﻜﻮﻧﺎﺕ ﻭﺳﻴﻜﻮﻥ ﻟﻜﻞ ﻣﻨﻈﻤﺔ ﺑﻨﻴﺔ ﺷﺒﻜﺔ ﻓﺮﻳﺪﺓ‪ .‬ﻳﻤﻜﻦ ﺃﻥ ﻳﺆﺛﺮ ﻭﺟﻮﺩ ﺷﺒﻜﺔ‬
    ‫ﻓﻌﺎﻟﺔﺑﺸﻜﻞ ﻛﺒﻴﺮ ﻋﻠﻰ ﻋﻤﻠﻴﺎﺕ ﺍﻟﻤﻨﻈﻤﺔ‪ .‬ﺇﻥ ﻓﻬﻢ ﺍﻟﻤﺪﻗﻖ ﺍﻟﺪﺍﺧﻠﻲ ﻟﻬﻴﻜﻞ ﺍﻟﺸﺒﻜﺔ ﻫﻮ ﺍﻟﻤﻔﺘﺎﺡ ﻟﻔﻬﻢ ﺍﻟﻤﺨﺎﻃﺮ‬
    ‫ﻭﺍﻟﺘﺤﺪﻳﺎﺕﺍﻟﻤﺮﺗﺒﻄﺔ ﺑﺎﻟﺸﺒﻜﺎﺕ‪.‬‬

    ‫ﻫﻨﺎﻙﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺍﻟﺘﺤﺪﻳﺎﺕ ‪ /‬ﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﻤﺘﻌﻠﻘﺔ ﺑﺸﺒﻜﺔ ﺍﻟﻤﺆﺳﺴﺔ ﻭﺍﻟﺘﻲ ﻳﺠﺐ ﺃﻥ ﻳﻜﻮﻥ ﺍﻟﻤﺪﻗﻘﻮﻥ ﺍﻟﺪﺍﺧﻠﻴﻮﻥ ﻋﻠﻰ‬
    ‫ﺩﺭﺍﻳﺔﺑﻬﺎ ‪ ،‬ﻭﺍﻟﺘﻲ ﻳﻤﻜﻦ ﺃﻥ ﺗﺸﻤﻞ ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ﻻ ﺍﻟﺤﺼﺮ‪:‬‬

    ‫‪-‬ﺿﻤﺎﻥ ﺍﻟﺘﺤﺪﻳﺪ ﺍﻟﺼﺤﻴﺢ ﻟﺠﻤﻴﻊ ﺍﻟﺨﺪﻣﺎﺕ ﺍﻟﺨﺎﺭﺟﻴﺔ ﺍﻟﺘﻲ ﺗﻘﺪﻣﻬﺎ ﺍﻟﻤﻨﻈﻤﺔ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪33‬‬ ‫‪www.theiia.org‬‬


    ‫ﺿﻤﺎﻥﺃﻣﻦ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻜﺎﻓﻲ‪ .‬ﺍ‬ ‫‪-‬‬
    ‫ﺿﻤﺎﻥﺗﺄﻣﻴﻦ ﻣﻜﻮﻧﺎﺕ ﺍﻟﺸﺒﻜﺔ ﻭﺗﻜﻮﻳﻨﻬﺎ ﻭﻓﻘﺎً ﻟﻠﺴﻴﺎﺳﺎﺕ ﺍﻟﺘﻨﻈﻴﻤﻴﺔ ﺍﻟﺘﻲ ﺗﺘﻤﺎﺷﻰ ﻣﻊ‬
    ‫ﺍﻟﻠﻮﺍﺉﺢﺍﻟﻤﻌﻤﻮﻝ ﺑﻬﺎ ﻭﺃﻓﻀﻞ ﻣﻤﺎﺭﺳﺎﺕ ﺍﻟﺼﻨﺎﻋﺔ‪.‬‬

    ‫ﻣﺮﺍﻗﺒﺔﺍﻟﻮﻳﺐ ﺍﻟﻤﻈﻠﻢ ﺑﺤﺜﺎً ﻋﻦ ﺭﺳﺎﺉﻞ ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ‪ /‬ﻛﻠﻤﺎﺕ ﺍﻟﻤﺮﻭﺭ ﺍﻟﻤﺨﺘﺮﻗﺔ ﻭﺍﻟﺘﺤﻘﻖ‬ ‫ﺍ‬
    ‫ﻣﻦﺗﻐﻴﻴﺮ ﻛﻠﻤﺎﺕ ﺍﻟﻤﺮﻭﺭ ﺑﺸﻜﻞ ﻣﺘﻜﺮﺭ‪.‬‬
    ‫ﺿﻤﺎﻥﻧﺸﺮ ﺑﺮﺍﻣﺞ ﻣﻨﺎﺳﺒﺔ ﻟﻤﻜﺎﻓﺤﺔ ﺍﻟﺒﺮﺍﻣﺞ ﺍﻟﻀﺎﺭﺓ ﻭﺍﻟﺘﺼﻴﺪ ﺍﻻﺣﺘﻴﺎﻟﻲ‪.‬‬ ‫ﺍ‬
    ‫ﺇﺟﺮﺍءﺗﺪﺭﻳﺐ ﺇﻟﺰﺍﻣﻲ ﻟﺘﻮﻋﻴﺔ ﺍﻟﻤﻮﻇﻔﻴﻦ ﺑﺒﺮﺍﻣﺞ ﻣﻜﺎﻓﺤﺔ ﺍﻟﺒﺮﺍﻣﺞ ﺍﻟﻀﺎﺭﺓ ﻭﺍﻟﺘﺼﻴﺪ‪.‬‬ ‫ﺍ‬

    ‫ﺿﻤﺎﻥﺍﻟﻮﺻﻮﻝ ﺍﻟﻤﻨﺎﺳﺐ‪ .‬ﺍ‬ ‫‪-‬‬


    ‫ﺍﻟﺘﺄﻛﺪﻣﻦ ﺗﻘﻴﻴﺪ ﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ ﺍﻟﻤﺤﻮﻻﺕ ﻭﺃﻥ ﺍﻟﻔﻨﻴﻴﻦ ﻳﻘﻮﻣﻮﻥ ﺑﺼﻴﺎﻧﺘﻬﺎ ﻭﺗﺤﺪﻳﺜﻬﺎ ﺑﺸﻜﻞ ﺭﻭﺗﻴﻨﻲ‬
    ‫ﻣﻦﺃﺟﻞ ﺍﻟﻮﻇﺎﺉﻒ‪.‬‬
    ‫ﺿﻤﺎﻥﺗﻘﻴﻴﺪ ﺍﻟﻮﺻﻮﻝ ﺍﻟﻤﺎﺩﻱ ﺇﻟﻰ ﺃﺟﻬﺰﺓ ﺍﻟﺘﻮﺟﻴﻪ‪ .‬ﺗﺘﻤﺘﻊ ﺃﺟﻬﺰﺓ ﺍﻟﺘﻮﺟﻴﻪ ﺩﺍﺉﻤﺎً ﺑﺈﻣﻜﺎﻧﻴﺎﺕ ﻭﺻﻮﻝ‬ ‫ﺍ‬
    ‫ﻋﻦﺑﻌُﺪ ﻟﻸﺟﻬﺰﺓ ﻧﻔﺴﻬﺎ‪ .‬ﻳﺠﺐ ﺗﺄﻣﻴﻨﻬﺎ ﺑﻜﻠﻤﺎﺕ ﻣﺮﻭﺭ ﻗﻮﻳﺔ ﻭﻣﺮﺍﻗﺒﺔ ﻣﺤﺎﻭﻻﺕ ﺗﺴﺠﻴﻞ ﺍﻟﺪﺧﻮﻝ‬
    ‫ﺍﻟﻔﺎﺷﻠﺔ‪.‬‬
    ‫ﺍﻟﺘﺤﻘﻖﻣﻦ ﻣﻄﺎﻟﺒﺔ ﺍﻟﻤﺴﺘﺨﺪﻣﻴﻦ ﺍﻟﺒﻌﻴﺪﻳﻦ ﺑﺎﺳﺘﺨﺪﺍﻡ ﺍﻟﻤﺼﺎﺩﻗﺔ ﺫﺍﺕ ﺍﻟﻌﺎﻣﻠﻴﻦ‪.‬‬ ‫ﺍ‬
    ‫ﺿﻤﺎﻥﺻﻴﺎﻧﺔ ﺍﻟﺘﺼﺤﻴﺢ‪.‬ﺿﻤﺎﻥﻳﺘﻢ ﺗﺜﺒﻴﺖ ﺃﺣﺪﺙ ﺗﺼﺤﻴﺤﺎﺕ ﺍﻷﻣﺎﻥ ﻭﺗﺤﺪﻳﺜﺎﺕ ﺍﻟﺒﺮﺍﻣﺞ ﺍﻟﺜﺎﺑﺘﺔ ﻋﻠﻰ‬ ‫‪-‬‬
    ‫ﻣﻜﻮﻧﺎﺕﺍﻟﺸﺒﻜﺔ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﺟﺪﺭﺍﻥ ﺍﻟﺤﻤﺎﻳﺔ ﻭﺃﺟﻬﺰﺓ ﺍﻟﺘﻮﺟﻴﻪ ﻭﺍﻟﻄﺎﺑﻌﺎﺕ ﻭﻫﻮﺍﺗﻒ ﺑﺮﻭﺗﻮﻛﻮﻝ ﻧﻘﻞ‬
    ‫ﺍﻟﺼﻮﺕﻋﺒﺮ ﺍﻹﻧﺘﺮﻧﺖ )‪.((VoIP‬‬
    ‫ﺿﻤﺎﻥﺍﻹﺩﺍﺭﺓ ﺍﻟﻤﻨﺎﺳﺒﺔ ﻟﻤﺨﺎﻃﺮ ﺷﺒﻜﺔ ﺍﻟﻄﺮﻑ ﺍﻟﺜﺎﻟﺚ‪.‬ﻫﺬﺍ ﻫﻮﻗﺎﺑﻞ ﻟﻠﺘﻄﺒﻴﻖ ﺇﺫﺍ ﺗﻢ ﺍﻻﺳﺘﻌﺎﻧﺔ‬ ‫‪-‬‬
    ‫ﺑﻤﺼﺎﺩﺭﺧﺎﺭﺟﻴﺔ ﻹﺩﺍﺭﺓ ﺍﻟﺸﺒﻜﺔ ‪ ،‬ﻭﺇﺫﺍ ﻛﺎﻥ ﺍﻷﻣﺮ ﻛﺬﻟﻚ ‪ ،‬ﻓﺘﺄﻛﺪ ﻣﻦ ﺃﻥ ﺑﺮﺍﻣﺞ ﺃﻣﺎﻥ ﺍﻟﺒﺎﺉﻊ ﻗﻮﻳﺔ ﻭﻓﻌﺎﻟﺔ‬
    ‫ﻭﻓﻌﺎﻟﺔﻭﻳﻤﻜﻦ ﺍﻟﻮﺻﻮﻝ ﺇﻟﻴﻬﺎ‪.‬‬

    ‫ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‬
    ‫ﻫﻨﺪﺳﺔﺍﻟﺘﻄﺒﻴﻖ‬
    ‫ﺗﺘﻀﻤﻦﺑﻨﻴﺔ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺗﺼﻤﻴﻢ ﻭﺳﻠﻮﻙ ﺗﻄﺒﻴﻘﺎﺕ‬
    ‫ﺍﻟﻤﺆﺳﺴﺔﻭﺗﺮﻛﺰ ﻋﻠﻰ ﺗﻔﺎﻋﻠﻬﺎ ﻣﻊ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻷﺧﺮﻯ ﻭﻣﻊ‬
    ‫ﻣﻮﺍﺭﺩ‬
    ‫ﺍﻟﺒﻴﺎﻧﺎﺕﻭﺍﻟﻤﺴﺘﺨﺪﻣﻴﻦ ﻟﺪﻋﻢ ﺩﻭﺭﺍﺕ ﺍﻷﻋﻤﺎﻝ‬
    ‫ﻟﻤﺰﻳﺪﻣﻦ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺣﻮﻝ ﺍﻟﻀﻮﺍﺑﻂ ﺍﻟﻌﺎﻣﺔ‬ ‫ﻭﺍﻟﻮﻇﺎﺉﻒ‪.‬ﻳﺠﺐ ﺗﺼﻤﻴﻢ ﺑﻨﻴﺔ ﺍﻟﻤﺆﺳﺴﺔ ﺑﻤﺎ ﻳﺘﻤﺎﺷﻰ‬
    ‫ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﺭﺍﺟﻊ ‪" IIA GTAG‬‬ ‫ﻣﻊﻣﺘﻄﻠﺒﺎﺗﻬﺎ ﻭﺍﺳﺘﺮﺍﺗﻴﺠﻴﺔ ﺃﻋﻤﺎﻟﻬﺎ ‪ ،‬ﻭﺃﻥ ﻳﻜﻮﻥ ﻟﺪﻳﻬﺎ‬
    ‫ﻣﺨﺎﻃﺮﻭﺿﻮﺍﺑﻂ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪،‬‬ ‫ﺿﻮﺍﺑﻂﻣﻨﺎﺳﺒﺔ ﻟﻀﻤﺎﻥ ﺍﻻﻛﺘﻤﺎﻝ ﻭﺍﻟﺪﻗﺔ ﻭﺍﻟﺘﻔﻮﻳﺾ‪.‬‬
    ‫ﺍﻹﺻﺪﺍﺭﺍﻟﺜﺎﻧﻲ‪".‬‬

    ‫ﻟﻤﺰﻳﺪﻣﻦ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺣﻮﻝ ﻋﻨﺎﺻﺮ ﺍﻟﺘﺤﻜﻢ ﻓﻲ‬


    ‫ﺍﻟﺘﻄﺒﻴﻖ ‪،‬ﺭﺍﺟﻊ ‪" IIA GTAG‬ﺗﺪﻗﻴﻖ ﻋﻨﺎﺻﺮ‬
    ‫ﺍﻟﺘﺤﻜﻢﻓﻲ ﺍﻟﺘﻄﺒﻴﻖ"‪.‬‬
    ‫ﻳﺠﺐﺃﻥ ﺗﺸﻤﻞ ﺍﻻﻋﺘﺒﺎﺭﺍﺕ ﺍﻟﺘﻔﺎﻋﻞ ﺑﻴﻦ ﺣﺰﻡ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‬
    ‫ﻭﺍﻟﻤﺴﺘﺨﺪﻣﻴﻦ ‪،‬ﻭﺗﻜﺎﻣﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﻭﻛﻴﻔﻴﺔ ﺗﺼﻤﻴﻢ‬
    ‫ﺍﻷﻧﻈﻤﺔﻟﻠﻌﻤﻞ ﻣﻌﺎً‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪34‬‬ ‫‪www.theiia.org‬‬


    ‫ﻣﻊﺍﻟﺸﺒﻜﺔ ﻭﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ‪ .‬ﺩﺍﺧﻞ ﺍﻟﻬﻨﺪﺳﺔ ﺍﻟﻤﻌﻤﺎﺭﻳﺔ ‪ ،‬ﻳﺠﺐ ﺃﻥ ﺗﻜﻮﻥ ﻗﺎﺑﻠﻴﺔ ﺍﻟﺘﻮﺳﻊ ﻭﻗﺪﺭﺓ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻓﻲ‬
    ‫ﺍﻻﻋﺘﺒﺎﺭﺑﺴﺒﺐ ﻧﻤﻮ ﺍﻷﻋﻤﺎﻝ ﺍﻟﻤﺤﺘﻤﻞ ‪ ،‬ﻭﺍﻟﺘﻐﻴﻴﺮ ﻓﻲ ﺍﻷﻭﻟﻮﻳﺎﺕ ﺍﻟﺘﻨﻈﻴﻤﻴﺔ ‪ ،‬ﻭﻋﻮﺍﻣﻞ ﺃﺧﺮﻯ‪ .‬ﻳﺜﻴﺮ ﺍﻟﻨﻈﺮ ﻓﻲ ﻣﺪﻯ‬
    ‫ﺗﻘﻠﺐﺍﻷﻋﻤﺎﻝ ﻣﺸﺎﻛﻞ ﺍﻟﺘﻜﺎﻣﻞ ﺍﻟﻤﺤﺘﻤﻠﺔ ﺃﻭ ﺍﻟﻔﺠﻮﺍﺕ ﻓﻲ ﺍﻟﺘﻐﻄﻴﺔ ﺍﻟﻮﻇﻴﻔﻴﺔ‪ .‬ﻷﻏﺮﺍﺽ ﺍﻟﺘﺨﻄﻴﻂ ‪ ،‬ﻳﻤﻜﻦ ﺗﻄﻮﻳﺮ‬
    ‫ﺍﺳﺘﺮﺍﺗﻴﺠﻴﺎﺕﻟﺘﺤﺪﻳﺪ ﺍﻷﻧﻈﻤﺔ ﺍﻟﺘﻲ ﻗﺪ ﺗﻌﻤﻞ ﺍﻵﻥ ﻭﻟﻜﻨﻬﺎ ﻣﻌﺮﺿﺔ ﻟﻠﺨﻄﺮ ﻟﻠﺤﻔﺎﻅ ﻋﻠﻰ ﻭﺗﻴﺮﺓ ﺍﻟﺘﻐﻴﻴﺮ ﻭﺍﻟﺤﺎﺟﺔ ﺇﻟﻰ‬
    ‫ﺗﻜﺎﻣﻞﺍﻟﺒﻴﺎﻧﺎﺕ ﺃﻭ ﺍﻟﻤﻮﺛﻮﻗﻴﺔ ﺃﻭ ﺍﻟﺘﻮﺍﻓﺮ‪.‬‬

    ‫ﻳﺴﻤﺢﻓﻬﻢ ﺑﻨﻴﺔ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﻤﺆﺳﺴﺔ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﺑﺘﻘﺪﻳﺮ ﻛﻴﻔﻴﺔ ﻣﺤﺎﺫﺍﺓ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﻤﺘﻌﺪﺩﺓ‬
    ‫ﺍﺳﺘﺮﺍﺗﻴﺠﻴﺎًﻹﻧﺠﺎﺯ ﻋﻤﻠﻴﺔ ﺗﺠﺎﺭﻳﺔ‪ .‬ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﻗﺪ ﺗﺠﻤﻊ ﺍﻷﻧﻈﻤﺔ ﺍﻷﺳﺎﺳﻴﺔ ﺍﻟﻘﺎﺉﻤﺔ ﻋﻠﻰ ﺍﻟﺴﺤﺎﺑﺔ ﺑﻴﻦ‬
    ‫ﺗﻘﻨﻴﺎﺕﻣﺘﻌﺪﺩﺓ ﻭﺗﻄﺒﻴﻘﺎﺕ ﺗﻮﻓﺮﻫﺎ ‪ SaaS‬ﻟﺘﻘﺪﻳﻢ ﻋﻤﻠﻴﺔ ﺃﻋﻤﺎﻝ ﻣﺤﺪﺩﺓ‪ .‬ﺳﺘﻘﻮﻡ ﺍﻹﺩﺍﺭﺓ ﺑﻌﺪ ﺫﻟﻚ ﺑﺘﺼﻤﻴﻢ‬
    ‫ﻣﺠﻤﻮﻋﺔﻣﻦ ﺿﻮﺍﺑﻂ ﺍﻟﺘﻄﺒﻴﻖ ‪ ،‬ﻭﺍﻟﻀﻮﺍﺑﻂ ﺍﻟﻌﺎﻣﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﻭﺍﻟﻤﺮﺍﻗﺒﺔ ﺍﻟﻤﺴﺘﻤﺮﺓ ﺍﻟﻜﺎﻓﻴﺔ ﻟﻠﺘﻌﺎﻣﻞ‬
    ‫ﻣﻊﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﻤﺪﺍﺭﺓ ﺩﺍﺧﻞ ﺍﻟﻤﺆﺳﺴﺔ ﻭﺧﺎﺭﺟﻬﺎ )ﻣﻦ ﺍﻟﻤﺤﺘﻤﻞ ﺃﻥ ﻳﻜﻮﻥ ﺫﻟﻚ ﻣﻦ ﻗﺒﻞ ﻣﺰﻭﺩﻱ ﺧﺪﻣﺎﺕ ﺍﻟﻄﺮﻑ‬
    ‫ﺍﻟﺜﺎﻟﺚ(‪.‬‬

    ‫ﺗﻄﺒﻴﻘﺎﺕﺍﻟﻮﻳﺐ ﺃﻭ ﺍﻹﻧﺘﺮﻧﺖ‬
    ‫ﺗﺘﻄﻠﺐﺑﻨﻴﺔ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﻮﻳﺐ ﻋﺎﺩﺓ ًﺧﺎﺩﻡ ﻭﻳﺐ ﻳﻤﻜﻦ ﺍﻟﻮﺻﻮﻝ ﺇﻟﻴﻪ ﻣﻦ ﺍﻹﻧﺘﺮﻧﺖ ‪ ،‬ﻭﺍﻟﺬﻱ ﻳﻮﺟﺪ ﻋﺎﺩﺓ ً‬
    ‫ﻓﻲﺍﻟﻤﻨﻄﻘﺔ ‪ .DMZ‬ﺗﺘﻀﻤﻦ ﻟﻐﺎﺕ ﺍﻟﺒﺮﻣﺠﺔ ﺍﻟﻨﺼﻴﺔ ﺍﻟﻤﺴﺘﺨﺪﻣﺔ ﻓﻲ ﻛﺘﺎﺑﺔ ﺍﻟﺘﻌﻠﻴﻤﺎﺕ ﺍﻟﺒﺮﻣﺠﻴﺔ ﺍﻟﻤﺼﺪﺭ‬
    ‫ﻟﻠﺘﻄﺒﻴﻖ‪ Java‬ﻭ ‪ C‬ﻭ ‪ Python‬ﻭ ‪ Ruby‬ﻭ ‪ PHP‬ﻭﻏﻴﺮﻫﺎ‪ .‬ﺗﺘﻀﻤﻦ ﺃﻣﺜﻠﺔ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﻮﻳﺐ ﻣﻮﺍﻗﻊ ﻣﺜﻞ‬
    ‫‪ www.amazon.com‬ﺃﻭ ‪ .www.rakuten.co.jp‬ﻳﻤﻜﻦ ﻷﻱ ﻣﺴﺘﺨﺪﻡ ﻟﺪﻳﻪ ﺇﻣﻜﺎﻧﻴﺔ ﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ ﺍﻹﻧﺘﺮﻧﺖ‬
    ‫ﺍﻟﻮﺻﻮﻝﺇﻟﻰ ﻫﺬﻩ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‪ .‬ﻋﺎﺩﺓ ًﻣﺎ ﻳﺘﻌﺎﻣﻞ ﺧﺎﺩﻡ ﺍﻟﻮﻳﺐ ﻓﻘﻂ ﻣﻊ ﺍﻟﻮﺍﺟﻬﺔ ﻣﻊ ﺍﻟﻤﺴﺘﺨﺪﻡ ﻋﺒﺮ ﺍﻹﻧﺘﺮﻧﺖ‪.‬‬

    ‫ﻣﻦﻣﻨﻈﻮﺭ ﺍﻟﻬﻨﺪﺳﺔ ﺍﻟﻤﻌﻤﺎﺭﻳﺔ ‪ ،‬ﻋﺎﺩﺓ ﻣﺎ "ﻳﺘﺤﺪﺙ" ﺧﺎﺩﻡ ﺍﻟﻮﻳﺐ ﺇﻟﻰ ﺧﺎﺩﻡ ﺗﻄﺒﻴﻖ ﻳﺆﺩﻱ ﺍﻟﻮﻇﺎﺉﻒ ﺍﻟﺮﺉﻴﺴﻴﺔ‬
    ‫ﻟﻠﺘﻄﺒﻴﻖ‪.‬ﻭﺍﺟﻬﺎﺕ ﺧﺎﺩﻡ ﺍﻟﺘﻄﺒﻴﻖ ﻣﻊ ﻗﺎﻋﺪﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺣﻴﺚ ﻳﺘﻢ ﺗﺨﺰﻳﻦ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﻭﺍﻟﺘﻲ ﻋﺎﺩﺓ ﻣﺎ ﺗﻜﻮﻥ‬
    ‫ﻣﻮﺟﻮﺩﺓﻓﻲ ﺧﺎﺩﻡ ﻗﺎﻋﺪﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ‪ .‬ﺑﻨﺎء ًﻋﻠﻰ ﺍﻟﺘﻄﺒﻴﻖ ‪ ،‬ﻗﺪ ﺗﺤﺘﻮﻱ ﺧﻮﺍﺩﻡ ﻗﺎﻋﺪﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻋﻠﻰ ﻣﻌﻠﻮﻣﺎﺕ ﺣﺴﺎﺳﺔ‬
    ‫ﺃﻭﻣﻬﻤﺔ ﺗﺘﻌﻠﻖ ﺑﺎﻟﺘﻄﺒﻴﻖ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﻣﻌﻠﻮﻣﺎﺕ ﺑﻄﺎﻗﺔ ﺍﻻﺉﺘﻤﺎﻥ ﺃﻭ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﺼﺤﻴﺔ ﺃﻭ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬
    ‫ﺍﻟﺸﺨﺼﻴﺔﻟﻠﻤﺴﺘﺨﺪﻡ( ‪ ،‬ﻭﺑﺎﻟﺘﺎﻟﻲ ﻳﺠﺐ ﺃﻥ ﺗﻜﻮﻥ ﺁﻣﻨﺔ ﻭﻳﺘﻢ ﺍﻟﺘﺤﻜﻢ ﻓﻲ ﺍﻟﻮﺻﻮﻝ ﺇﻟﻴﻬﺎ ﺑﺸﻜﻞ ﻣﻨﺎﺳﺐ‪ .‬ﺗﻮﺟﺪ‬
    ‫ﻗﺎﻋﺪﺓﺍﻟﺒﻴﺎﻧﺎﺕ ﻫﺬﻩ ﻓﻲ ﺍﻟﺸﺒﻜﺔ ﺍﻟﺪﺍﺧﻠﻴﺔ ‪ ،‬ﻭﻻ ﻳﻤﻜﻦ ﺍﻟﻮﺻﻮﻝ ﺇﻟﻴﻬﺎ ﻣﻦ ﺍﻹﻧﺘﺮﻧﺖ ﻷﻏﺮﺍﺽ ﺍﻟﺘﺤﻜﻢ ﻭﺍﻷﻣﺎﻥ‪ .‬ﻳﻤﻜﻦ‬
    ‫ﻓﻘﻂﻟﺨﺎﺩﻡ ﺍﻟﺘﻄﺒﻴﻖ ﺍﻻﺗﺼﺎﻝ ﺑﻘﺎﻋﺪﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﻭﻳﻤﻜﻦ ﻓﻘﻂ ﻟﺨﺎﺩﻡ ﺍﻟﻮﻳﺐ ﺍﻻﺗﺼﺎﻝ ﺑﺨﺎﺩﻡ ﺍﻟﺘﻄﺒﻴﻖ ﻣﻦ ﺧﻼﻝ‬
    ‫ﺍﺗﺼﺎﻝﺁﻣﻦ ‪ ،‬ﻛﻤﺎ ﻫﻮ ﻣﻮﺿﺢ ﻓﻲ ﺍﻟﺸﻜﻞ ‪.17‬‬

    ‫ﺍﻟﺸﻜﻞ‪ :17‬ﻫﻨﺪﺳﺔ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﻮﻳﺐ ﺍﻟﻨﻤﻮﺫﺟﻴﺔ‬

    ‫ﺇﻧﺘﺮﻧﺖ‬

    ‫ﻗﺎﻋﺪﺓﺍﻟﺒﻴﺎﻧﺎﺕ‬ ‫ﻃﻠﺐ‬ ‫ﺍﻟﻮﻳﺐ‬ ‫ﺣﺎﺳﻮﺏ‬


    ‫ﺍﻟﺨﺎﺩﻡ‬ ‫ﺍﻟﺨﺎﺩﻡ‬ ‫ﺍﻟﺨﺎﺩﻡ‬

    ‫ﺑﻴﺎﻧﺎﺕ‬ ‫ﺗﻄﺒﻴﻘﺎﺕﺍﻟﻮﻳﺐ‬
    ‫ﺍﻟﺼﻮﺭ‬ ‫ﺍﻟﻤﺼﺪﺭ‪:‬ﺍﻟﻤﻌﻬﺪ‬
    ‫ﺍﻟﺼﻔﺤﺎﺕ‬ ‫ﻣﻦﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬

    ‫‪35‬‬ ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬ ‫‪www.theiia.org‬‬


    ‫ﻓﻲﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺍﻟﻤﺆﺳﺴﺎﺕ ‪ ،‬ﺳﺘﺘﻀﻤﻦ ﺑﻨﻴﺔ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﻮﻳﺐ ﺃﻳﻀﺎً ﺟﺪﺍﺭ ﺣﻤﺎﻳﺔ ﻟﺘﻄﺒﻴﻖ ﺍﻟﻮﻳﺐ )‪ ، WAF‬ﻛﻤﺎ ﻫﻮ‬
    ‫ﻣﻮﺿﺢﻓﻲ ﺍﻟﺸﻜﻞ ‪ ، (14‬ﻟﺘﺤﺪﻳﺪ ﻭﺍﻛﺘﺸﺎﻑ ﻭﻣﻨﻊ ﻫﺠﻤﺎﺕ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﻮﻳﺐ ﻣﺜﻞ ﺣﻘﻦ ‪ SQL‬ﺃﻭ ﺍﻟﺒﺮﻣﺠﺔ ﺍﻟﻨﺼﻴﺔ‬
    ‫ﻋﺒﺮﺍﻟﻤﻮﺍﻗﻊ )‪ .(XSS‬ﻗﺪ ﺗﻨﺠﺢ ﻣﺜﻞ ﻫﺬﻩ ﺍﻟﻬﺠﻤﺎﺕ ﺇﺫﺍ ﻟﻢ ﻳﺘﻢ ﺗﺮﻣﻴﺰ ﺗﻄﺒﻴﻖ ﺍﻟﻮﻳﺐ ﺍﻟﺬﻱ ﻳﻌﻤﻞ ﻋﻠﻰ ﺧﺎﺩﻡ ﺍﻟﻮﻳﺐ‬
    ‫ﺑﺸﻜﻞﺁﻣﻦ‪ .‬ﺑﺪﻻ ًﻣﻦ ﻣﺮﺍﺟﻌﺔ ﺟﻤﻴﻊ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﻮﻳﺐ ‪ ،‬ﻳﻤﻜﻦ ﻟﻠﻤﺆﺳﺴﺔ ﻧﺸﺮ ‪ WAF‬ﻟﻤﻨﻊ ﻫﺠﻤﺎﺕ ﺗﻄﺒﻴﻘﺎﺕ‬
    ‫ﺍﻟﻮﻳﺐ‪.‬‬

    ‫ﻭﺍﺟﻬﺎﺕﺑﺮﺍﻣﺞ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ )‪ (APIs‬ﻭﺧﺪﻣﺎﺕ ﺍﻟﻮﻳﺐ‬


    ‫ﺗﻌﺪﻭﺍﺟﻬﺎﺕ ﺑﺮﻣﺠﺔ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﺧﺪﻣﺎﺕ ﺍﻟﻮﻳﺐ ﺃﺟﺰﺍء ﻣﻦ ﺍﻟﺘﻌﻠﻴﻤﺎﺕ ﺍﻟﺒﺮﻣﺠﻴﺔ ﻣﺼﻤﻤﺔ ﻟﻠﺘﻔﺎﻋﻞ ﻣﻊ ﺃﺟﺰﺍء ﺃﺧﺮﻯ ﻣﻦ‬
    ‫ﺍﻟﺘﻌﻠﻴﻤﺎﺕﺍﻟﺒﺮﻣﺠﻴﺔ ﻭﻭﺻﻒ ﻛﻴﻔﻴﺔ ﺗﻮﺍﺻﻞ ﺗﻄﺒﻴﻘﻴﻦ‪ .‬ﻳﺴﻤﺢ ﺫﻟﻚ ﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﻤﺆﺳﺴﺔ ﺑﺎﻟﺘﻔﺎﻋﻞ ﻣﻊ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‬
    ‫ﺍﻷﺧﺮﻯﺩﺍﺧﻞ ﺍﻟﻤﻨﻈﻤﺔ ﺃﻭ ﺧﺎﺭﺟﻬﺎ‪ .‬ﻭﻓﻘﺎً ﻟﺬﻟﻚ ‪ ،‬ﺗﻌﺘﻤﺪ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﻮﻳﺐ ﻭﺍﻟﺠﻮﺍّﻝ ﺑﺸﻜﻞ ﻛﺒﻴﺮ ﻋﻠﻰ ﺧﺪﻣﺎﺕ ﺍﻟﻮﻳﺐ‬
    ‫ﻭﻭﺍﺟﻬﺎﺕﺑﺮﻣﺠﺔ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‪ .‬ﺃﺣﺪ ﺍﻟﻔﺮﻭﻕ ﺍﻟﺮﺉﻴﺴﻴﺔ ﺑﻴﻦ ﻭﺍﺟﻬﺔ ﺑﺮﻣﺠﺔ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ )‪ (API‬ﻭﺧﺪﻣﺔ ﺍﻟﻮﻳﺐ ﻫﻮ ﺃﻥ‬
    ‫ﻭﺍﺟﻬﺎﺕﺑﺮﻣﺠﺔ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺗﻌﻤﻞ ﻣﻊ ﻣﺠﻤﻮﻋﺔ ﻣﺘﻨﻮﻋﺔ ﻣﻦ ﺑﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻻﺗﺼﺎﻝ‪ .‬ﻧﻈﺮﺍً ﻷﻥ ﻫﺬﻩ ﺍﻟﻮﺍﺟﻬﺎﺕ ﻳﻤﻜﻦ ﺃﻥ‬
    ‫ﺗﻜﻮﻥﻣﻬﻤﺔ ﻟﻮﻇﺎﺉﻒ ﺍﻷﻋﻤﺎﻝ ﻓﻲ ﺍﻟﻤﺆﺳﺴﺔ ‪ ،‬ﻳﺠﺐ ﻋﻠﻰ ﺍﻟﻤﺆﺳﺴﺔ ﺟﺮﺩ ﺟﻤﻴﻊ ﻭﺍﺟﻬﺎﺕ ﺑﺮﻣﺠﺔ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﺧﺪﻣﺎﺕ‬
    ‫ﺍﻟﻮﻳﺐﺍﻟﻤﺴﺘﺨﺪﻣﺔ‪ .‬ﻳﺠﺐ ﺃﻥ ﺗﻜﻮﻥ ﺍﻻﺳﺘﺨﺪﺍﻣﺎﺕ ﺟﺰءﺍً ﻣﻦ ﻭﺛﺎﺉﻖ ‪ ، API‬ﻭﻳﺠﺐ ﺗﻀﻤﻴﻦ ﻭﺍﺟﻬﺎﺕ ﺑﺮﻣﺠﺔ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‬
    ‫ﻓﻲﻋﻤﻠﻴﺔ ﺇﺩﺍﺭﺓ ﺍﻟﺘﺼﺤﻴﺢ ﻟﻠﻤﺆﺳﺴﺔ‪.‬‬

    ‫ﺍﻟﺘﻄﺒﻴﻘﺎﺕﺍﻟﺪﺍﺧﻠﻴﺔ‬
    ‫ﻳﺘﻢﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﺪﺍﺧﻠﻴﺔ ﺑﺸﻜﻞ ﺃﺳﺎﺳﻲ ﻣﻦ ﺧﻼﻝ ﺍﻟﺸﺒﻜﺔ ﺍﻟﺪﺍﺧﻠﻴﺔ ﻟﻠﻤﺆﺳﺴﺔ ﺃﻭ ﻋﺒﺮ ‪ VPN‬ﺍﻟﺨﺎﺻﺔ‬
    ‫ﺑﻬﻢ‪.‬ﻳﻤﻜﻦ ﻓﻘﻂ ﻟﻠﻤﺴﺘﺨﺪﻣﻴﻦ ﺍﻟﺬﻳﻦ ﻗﺎﻣﻮﺍ ﺑﺘﺴﺠﻴﻞ ﺍﻟﺪﺧﻮﻝ ﺇﻟﻰ ﺍﻟﺸﺒﻜﺔ ﺍﻟﺪﺍﺧﻠﻴﺔ ﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ ﻫﺬﻩ‬
    ‫ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‪.‬ﻓﻲ ﻫﺬﻩ ﺍﻟﺤﺎﻟﺔ ‪ ،‬ﺗﺸﺘﻤﻞ ﺍﻟﺒﻨﻴﺔ ﺍﻟﻨﻤﻮﺫﺟﻴﺔ ﻋﻠﻰ ﺧﺎﺩﻡ ﺗﻄﺒﻴﻖ ﻭﺧﺎﺩﻡ ﻗﺎﻋﺪﺓ ﺑﻴﺎﻧﺎﺕ ﻭﻗﺎﻋﺪﺓ ﺑﻴﺎﻧﺎﺕ‪.‬‬
    ‫ﻋﺎﺩﺓ ًﻣﺎ ﺗﻜﻮﻥ ﺍﻟﺒﻨﻴﺔ ﺃﻗﻞ ﺗﻌﻘﻴﺪﺍً ﻣﻘﺎﺭﻧﺔ ًﺑﺘﻄﺒﻴﻖ ﺍﻟﻮﻳﺐ‪.‬‬

    ‫ﺗﻄﺒﻴﻘﺎﺕﺍﻟﺴﺤﺎﺑﺔ‬
    ‫ﻧﻈﺮﺍًﻟﻠﺘﻮﻓﻴﺮ ﺍﻟﻤﺤﺘﻤﻞ ﻓﻲ ﺍﻟﺘﻜﻠﻔﺔ ﻭﺍﻟﻮﻗﺖ ‪ ،‬ﻓﻀﻼ ًﻋﻦ ﺳﻬﻮﻟﺔ ﺍﻟﺘﻨﻔﻴﺬ ‪ ،‬ﻓﺈﻥ ﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺍﻟﻤﺆﺳﺴﺎﺕ ﻋﻠﻰ‬
    ‫ﺍﺳﺘﻌﺪﺍﺩﻟﻠﺘﺨﻠﻲ ﻋﻦ ﺑﻌﺾ ﻣﻴﺰﺍﺕ ﺍﻟﺘﻄﺒﻴﻖ ﻭﺍﻟﺘﻜﻴﻒ ﻣﻊ ﺍﻟﻤﻴﺰﺍﺕ ﺍﻟﺘﻲ ﺗﻮﻓﺮﻫﺎ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﺴﺤﺎﺑﻴﺔ ﺍﻟﻤﺨﺘﻠﻔﺔ )‬
    ‫ﺭﺍﺟﻊﻗﺴﻢ ﻫﻨﺪﺳﺔ ﺍﻟﺸﺒﻜﺔ ﻟﻠﺤﺼﻮﻝ ﻋﻠﻰ ﺗﻔﺎﺻﻴﻞ ﺣﻮﻝ ﺍﻷﻧﻮﺍﻉ ﺍﻟﻤﺨﺘﻠﻔﺔ ﻟﻨﻤﺎﺫﺝ ﺍﻟﺨﺪﻣﺔ ﺍﻟﺴﺤﺎﺑﻴﺔ (‪ .‬ﻳﺴﻤﺢ ﻫﺬﺍ‬
    ‫ﻟﻠﻤﺆﺳﺴﺎﺕﺑﺎﻟﺘﺨﻠﻲ ﻋﻦ ﺗﻄﻮﻳﺮ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺩﺍﺧﻞ ﺍﻟﺸﺮﻛﺔ ﺃﻭ ﺷﺮﺍء ﺍﻟﺒﺮﺍﻣﺞ ﺍﻟﺠﺎﻫﺰﺓ ﻣﻦ ﺍﻟﺒﺎﺉﻌﻴﻦ‪ .‬ﻓﻲ ﻛﺜﻴﺮ ﻣﻦ‬
    ‫ﺍﻟﺤﺎﻻﺕ ‪،‬ﺗﻜﻮﻥ ﺗﻜﻠﻔﺔ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﺴﺤﺎﺑﻴﺔ ﺃﺭﺧﺺ ﻣﻦ ﺗﻄﻮﻳﺮ ﺗﻄﺒﻴﻖ ﺩﺍﺧﻠﻴﺎً ‪ ،‬ﻭﻟﻜﻦ ﻳﺠﺐ ﻋﻠﻰ ﻛﻞ ﻣﺆﺳﺴﺔ‬
    ‫ﺗﺤﺪﻳﺪﻣﺎ ﺇﺫﺍ ﻛﺎﻧﺖ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﺴﺤﺎﺑﺔ ﺍﻟﻤﺤﺪﺩﺓ ﻳﻤﻜﻨﻬﺎ ﺗﻠﺒﻴﺔ ﺍﻟﻤﺘﻄﻠﺒﺎﺕ ﺍﻟﺘﻨﻈﻴﻤﻴﺔ ﻭﺍﻟﺘﻨﻈﻴﻤﻴﺔ‪.‬‬

    ‫ﻧﻈﺮﺍًﻟﺘﺮﻛﻴﺰﻫﺎ ﻋﻠﻰ ﺧﺪﻣﺎﺕ ﻣﺤﺪﺩﺓ ‪ ،‬ﻏﺎﻟﺒﺎً ﻣﺎ ﺗﻀﻊ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﺴﺤﺎﺑﻴﺔ ﺍﻟﻤﺆﺳﺴﺔ ﻓﻲ ﻭﺿﻊ ﺃﻓﻀﻞ ﻟﺘﻘﻠﻴﻞ‬
    ‫ﺗﻜﺎﻟﻴﻒﺍﻷﺟﻬﺰﺓ ﺍﻟﺪﺍﺧﻠﻴﺔ ﻭﻣﻮﺍﺭﺩ ﺍﻟﺸﺒﻜﺔ ﻣﻘﺎﺑﻞ ﺍﻟﺤﻔﺎﻅ ﻋﻠﻰ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﺍﻟﺤﺎﻟﻴﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪.‬‬
    ‫ﻳﻤﻜﻦﺃﻥ ﻳﻮﻓﺮ ﺍﺳﺘﺨﺪﺍﻡ ﺍﻟﺴﺤﺎﺑﺔ ﺃﻳﻀﺎً ﻟﻠﻤﺆﺳﺴﺔ ﻣﻴﺰﺓ ﺗﻨﺎﻓﺴﻴﺔ ﻋﻠﻰ ﻣﻨﺎﻓﺴﺘﻬﺎ ﻋﻨﺪﻣﺎ ﻳﺘﻌﻠﻖ ﺍﻷﻣﺮ ﺑﻨﺸﺮ‬
    ‫ﺍﻟﺘﻘﻨﻴﺎﺕﺍﻟﻨﺎﺷﺉﺔ‪.‬‬

    ‫ﺗﻄﻮﻳﺮﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﺻﻴﺎﻧﺘﻬﺎ‬
    ‫ﺑﺎﻟﻨﺴﺒﺔﻟﺒﻌﺾ ﺍﻟﻤﻨﻈﻤﺎﺕ ‪ ،‬ﻗﺪ ﻳﻜﻮﻥ ﺗﻄﻮﻳﺮ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻣﻦ ﺍﻟﻜﻔﺎءﺍﺕ ﺍﻷﺳﺎﺳﻴﺔ ﺍﻟﺘﻲ ﺗﺴﺎﻋﺪﻫﻢ ﻋﻠﻰ ﺗﺤﻘﻴﻖ‬
    ‫ﺃﻫﺪﺍﻓﻬﻢﺍﻻﺳﺘﺮﺍﺗﻴﺠﻴﺔ‪ .‬ﻳﺘﻀﻤﻦ ﺗﻄﻮﻳﺮ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺇﻧﺸﺎء ﻭﺩﻣﺞ ﺍﻟﺒﺮﺍﻣﺞ ﺍﻟﺘﻲ ﻳﻤﻜﻦ ﺃﻥ ﺗﺴﻬﻞ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺘﺠﺎﺭﻳﺔ‬
    ‫ﻭﺃﺗﻤﺘﺔﺃﻧﺸﻄﺔ ﺍﻟﺘﺤﻜﻢ ﻭﺯﻳﺎﺩﺓ ﺍﻟﻜﻔﺎءﺓ‪ .‬ﺗﺘﺼﻞ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺑﺸﺒﻜﺔ ﺍﻟﻤﻨﻈﻤﺔ ﻭﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ ﻭﺗﻨﻔﺬ ﻣﻨﻄﻖ ﺍﻷﻋﻤﺎﻝ‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪36‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻤﻘﺼﻮﺩﺑﻬﺬﻩ ﺍﻟﻌﻤﻠﻴﺔ‪ .‬ﻳﻤﻜﻦ ﺃﻥ ﺗﺤﺘﻮﻱ ﺍﻟﺒﺮﺍﻣﺞ ﻋﻠﻰ ﻋﻨﺎﺻﺮ ﺗﺤﻜﻢ ﺗﻄﺒﻴﻖ ﻣﻀﻤﻨﺔ ﻟﻤﻌﺎﻟﺠﺔ ﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﻤﺘﻌﻠﻘﺔ‬
    ‫ﺑﺎﻟﺪﻗﺔﻭﺍﻻﻛﺘﻤﺎﻝ ﻭﺍﻟﺘﺮﺧﻴﺺ‪.‬‬

    ‫ﺗﻢﺗﻄﻮﻳﺮ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﺍﻟﺒﺮﺍﻣﺞ ﺑﺸﻜﻞ ﺗﻘﻠﻴﺪﻱ ﺑﺎﺳﺘﺨﺪﺍﻡ ﻃﺮﻳﻘﺔ ﺇﺩﺍﺭﺓ ﻣﺸﺮﻭﻉ ﺍﻟﺸﻼﻝ‪ .‬ﻃﺮﻳﻘﺔ ﺑﺴﻴﻄﺔ ﻟﻠﺘﻔﻜﻴﺮ ﻓﻲ‬
    ‫ﻃﺮﻳﻘﺔﺍﻟﺸﻼﻝ ﻫﻲ ﺍﻟﻨﻈﺮ ﻓﻲ ﻃﺮﻳﻘﺔ ﺗﻄﻮﻳﺮ ﺍﻹﺳﻜﺎﻥ‪ .‬ﻳﺘﻢ ﺗﺼﻤﻴﻢ ﺍﻟﻤﻨﺰﻝ ﻭﺑﻨﺎﺉﻪ ﻭﻣﻌﺎﻳﻨﺘﻪ ﻗﺒﻞ ﻣﻨﺢ ﺷﻬﺎﺩﺓ‬
    ‫ﺇﺷﻐﺎﻟﻪ‪.‬ﻗﺪ ﻳﻜﻮﻥ ﻫﺬﺍ ﻓﻲ ﺑﻌﺾ ﺍﻷﺣﻴﺎﻥ ﻏﻴﺮ ﻓﻌﺎﻝ‪.‬‬

    ‫ﻳﻤﻜﻦﺃﻥ ﻳﺘﺨﺬ ﺗﻄﻮﻳﺮ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﺍﻟﺒﺮﺍﻣﺞ ﻧﻬﺠﺎً ﺃﻛﺜﺮ ﺗﺪﺭﻳﺠﻴﺎً ‪ ،‬ﻭﺍﻟﺬﻱ ﻳﻤﻜﻦ ﺃﻥ ﻳﻌﺎﻟﺞ ﺍﻟﺘﺄﺧﻴﺮ ﺍﻟﻤﺤﺘﻤﻞ ﻓﻲ‬
    ‫ﺍﻹﻧﺠﺎﺯﺍﺕ‪.‬ﺑﺪﻻ ًﻣﻦ ﺗﻘﺪﻳﻢ ﻣﻨﺘﺞ ﻛﺎﻣﻞ ﺩﻓﻌﺔ ﻭﺍﺣﺪﺓ ‪ ،‬ﻏﺎﻟﺒﺎً ﻣﺎ ﻳﺘﻢ ﺍﺳﺘﺨﺪﺍﻡ ﻃﺮﻳﻘﺔ ﺗﻌُﺮﻑ ﺑﺎﺳﻢ ‪) Agile‬ﺃﻭ ﺗﻄﻮﻳﺮ‬
    ‫ﺍﻟﺒﺮﺍﻣﺞﺍﻟﺘﻜﻴﻔﻴﺔ(‪ .‬ﻣﻊ ﻫﺬﻩ ﺍﻟﻄﺮﻳﻘﺔ ‪ ،‬ﻻ ﻳﺰﺍﻝ ﻫﻨﺎﻙ ﻣﺨﻄﻂ ﻭﻧﺘﻴﺠﺔ ﻧﻬﺎﺉﻴﺔ ﻣﻌﺮﻭﻓﺔ ‪ -‬ﻛﻤﺎ ﻫﻮ ﺍﻟﺤﺎﻝ ﺑﺎﻟﻨﺴﺒﺔ‬
    ‫ﻟﻠﻤﻨﺰﻝ‪ -‬ﻭﻟﻜﻦ ﻳﻤﻜﻦ ﺗﻄﻮﻳﺮ ﺃﻭ ﺑﻨﺎء ﻭﺍﺣﺪ ﻓﻲ ﻭﻗﺖ ﻭﺍﺣﺪ ‪ ،‬ﻓﻴﻤﺎ ﻳﺸﺎﺭ ﺇﻟﻴﻪ ﺑﺎﺳﻢ ﺳﺒﺎﻗﺎﺕ ﺍﻟﺴﺮﻋﺔ‪ .‬ﺑﺎﺳﺘﺨﺪﺍﻡ‬
    ‫ﺗﺸﺒﻴﻪﺑﻨﺎء ﻣﻨﺰﻝ ‪ ،‬ﺳﺘﻜﻮﻥ ﻃﺮﻳﻘﺔ ‪ Agile‬ﻟﺘﻄﻮﻳﺮ ﺍﻟﺒﺮﺍﻣﺞ ﻣﺜﻞ ﺍﺗﺒﺎﻉ ﺍﻟﻤﺨﻄﻂ ‪ ،‬ﻭﺍﻟﺒﻨﺎء ‪ ،‬ﻭﺍﻟﺘﻔﺘﻴﺶ ‪ ،‬ﻭﻣﻨﺢ‬
    ‫ﺇﺷﻐﺎﻝﺍﻟﻤﻨﺰﻝ ﻏﺮﻓﺔ ﻭﺍﺣﺪﺓ ﻓﻲ ﻛﻞ ﻣﺮﺓ ‪ ،‬ﻭﻟﻜﻦ ﺑﺪﻻ ًﻣﻦ ﺫﻟﻚ ﻟﺘﺴﻠﻴﻢ ﻭﺣﺪﺓ ﺃﻭ ﻗﺴﻢ ﻣﻦ ﺗﻄﺒﻴﻖ ﺑﺄﻛﻤﻠﻪ ﺃﻭ ﻣﺸﺮﻭﻉ‪.‬‬

    ‫ﻳﻤﻜﻦﺃﻥ ﺗﻜﻮﻥ ﻃﺮﻳﻘﺔ ‪ Agile‬ﻓﻌﺎﻟﺔ ﻓﻲ ﺗﻄﻮﻳﺮ ﺍﻟﺘﻄﺒﻴﻖ ‪ ،‬ﻧﻈﺮﺍً ﻷﻥ ﻧﻬﺞ ﺍﻟﺸﻼﻝ ﻳﺘﻄﻠﺐ ﺇﻛﻤﺎﻝ ﺟﻤﻴﻊ ﺍﻟﺨﻄﻮﺍﺕ‬
    ‫ﺍﻟﺒﻴﻨﻴﺔﻗﺒﻞ ﺗﺴﻠﻴﻢ ﺍﻟﻤﻨﺘﺞ ﺍﻟﻨﻬﺎﺉﻲ‪.‬‬

    ‫ﺃﻧﺸﺄﺕ‪ ، Agile‬ﺍﻟﺘﻲ ﺗﻢ ﺗﻨﻔﻴﺬﻫﺎ ﺑﺸﻜﻞ ﺻﺤﻴﺢ ‪ ،‬ﻋﻤﻠﻴﺔ ﺗﻄﻮﻳﺮ ﻭﺍﺧﺘﺒﺎﺭ ﺑﺮﻣﺠﻴﺎﺕ ﺟﺪﻳﺪﺓ ﻳﺸﺎﺭ ﺇﻟﻴﻬﺎ ﺑﺎﺳﻢ‬
    ‫‪) DevOps‬ﻣﺠﻤﻮﻋﺔ ﻣﻦ ﺍﻟﻜﻠﻤﺎﺕ ﺍﻟﺘﻄﻮﻳﺮ ﻭﺍﻟﻌﻤﻠﻴﺎﺕ( ﺃﻭ ‪) DevSecOps‬ﺍﻟﺘﻄﻮﻳﺮ ﻭﺍﻷﻣﺎﻥ ﻭﺍﻟﻌﻤﻠﻴﺎﺕ(‪.‬‬
    ‫ﺑﺎﺳﺘﺨﺪﺍﻡﻫﺬﻩ ﺍﻟﻄﺮﻳﻘﺔ ‪ ،‬ﻻ ﺗﺤﺘﺎﺝ ﺍﻟﻤﺆﺳﺴﺔ ﺇﻟﻰ ﻣﻌﺮﻓﺔ ﺍﻟﻤﻨﺘﺞ ﺍﻟﻨﻬﺎﺉﻲ ﻷﻧﻬﺎ ﺗﻌﺘﻤﺪ ﻋﻠﻰ ﺇﺩﺍﺭﺓ ﺍﻟﺒﺮﻧﺎﻣﺞ ﻣﻘﺎﺑﻞ‬
    ‫ﺇﺩﺍﺭﺓﺍﻟﻤﺸﺮﻭﻉ‪ .‬ﻳﻨﺼﺐ ﺍﻟﺘﺮﻛﻴﺰ ﺑﺸﻜﻞ ﺃﻛﺒﺮ ﻋﻠﻰ ﺍﻟﻌﻤﻼء ‪ ،‬ﻭﺑﻨﺎء ﻣﻴﺰﺓ ﻭﺍﺣﺪﺓ ﻓﻲ ﻛﻞ ﻣﺮﺓ‪ .‬ﻗﺪ ﻳﻌﺎﻟﺞ ﻫﺬﺍ ﺍﻹﺣﺒﺎﻃﺎﺕ‬
    ‫ﺍﻟﺘﻲﺗﺄﺗﻲ ﻣﻊ ﺍﻧﺘﻈﺎﺭ ﺗﺴﻠﻴﻤﺎﺕ ﺍﻟﻤﺸﺮﻭﻉ ﺍﻟﻜﺎﻣﻠﺔ‪.‬‬

    ‫ﺑﻐﺾﺍﻟﻨﻈﺮ ﻋﻦ ﻣﻨﻬﺠﻴﺔ ﺇﺩﺍﺭﺓ ﺍﻟﻤﺸﺮﻭﻉ ﺍﻟﺘﻲ ﻳﺘﻢ ﺍﺗﺒﺎﻋﻬﺎ ‪ ،‬ﻳﺠﺐ ﺇﻧﺠﺎﺯ ﺛﻼﺛﺔ ﺃﻧﺸﻄﺔ ﻟﺘﻄﻮﻳﺮ ﺗﻄﺒﻴﻖ ﻣﻮﺛﻮﻕ‪:‬‬

    ‫‪.1‬ﺍﻟﺘﺨﻄﻴﻂ ﻭﺍﻟﺘﺼﻤﻴﻢ ﺍﻻﺳﺘﺮﺍﺗﻴﺠﻲ‪.‬‬


    ‫‪.2‬ﺍﻟﺘﻄﻮﻳﺮ ﻭﺍﻻﺧﺘﺒﺎﺭ‪.‬‬
    ‫‪.3‬ﺍﻟﺘﻨﻔﻴﺬ ﻭﺍﻟﺼﻴﺎﻧﺔ‪.‬‬

    ‫ﺇﻥﻣﻤﺎﺭﺳﺔ ﻧﻬﺞ ﺗﻄﻮﻳﺮ ﺍﻟﺘﻄﺒﻴﻖ ﺍﻟﻤﻨﻀﺒﻂ ﻳﻌﺰﺯ ﻧﻀﺞ ﻗﺪﺭﺓ ﺍﻟﻤﺆﺳﺴﺔ ﻣﻦ ﻧﺸﺎﻁ ﻳﺪﻭﻱ ﻣﺨﺼﺺ ﺇﻟﻰ ﻣﻤﺎﺭﺳﺎﺕ‬
    ‫ﻣﻨﻬﺠﻴﺔﻣﺤﺴﻨّﺔ‪ .‬ﺣﺴﻨﺎً ‪ ،‬ﻳﻤﻜﻦ ﺃﻥ ﻳﻜﻮﻥ ﻟﺘﻄﻮﻳﺮ ﺍﻟﺘﻄﺒﻴﻖ ﺗﺄﺛﻴﺮ ﺇﻳﺠﺎﺑﻲ ﻣﻦ ﺧﻼﻝ‪:‬‬

    ‫ﺗﻌﺰﻳﺰﺍﻟﻤﺸﺎﺭﻛﺔ ﺍﻟﻤﺴﺘﻤﺮﺓ ﻣﻊ ﺍﻟﻌﻼﻗﺎﺕ ﺍﻟﺨﺎﺭﺟﻴﺔ )ﻣﺜﻞ ﺍﻟﻌﻤﻼء ﻭﺍﻟﻤﻮﺭﺩﻳﻦ( ﻭﺍﻟﺪﺍﺧﻠﻴﺔ )ﻣﺜﻞ ﺍﻟﺘﻘﺎﺭﻳﺮ‬ ‫‪-‬‬
    ‫ﺍﻟﻤﺒﺎﺷﺮﺓﻭﻋﺒﺮ ﺍﻟﻤﻨﻈﻤﺎﺕ(‪.‬‬
    ‫ﺗﺤﺪﻳﺪﺳﻼﻣﺔ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﻣﻦ ﺧﻼﻝ ﻗﻮﺍﻋﺪ ﺍﻟﻤﻨﻄﻖ ﻭﺍﻟﻌﻤﻞ ﺍﻟﺘﻲ ﺗﻀﻤﻦ ﺃﻥ ﺍﻟﺒﻴﺎﻧﺎﺕ‬ ‫‪-‬‬
    ‫ﻣﺮﺧﺼﺔﻭﻛﺎﻣﻠﺔ ﻭﺩﻗﻴﻘﺔ‪.‬‬
    ‫ﺿﻤﺎﻥﺗﻮﻓﺮ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺇﺑﻼﻏﻬﺎ ﻓﻲ ﺍﻟﻮﻗﺖ ﺍﻟﻤﻨﺎﺳﺐ ﻻﺗﺨﺎﺫ ﺇﺟﺮﺍءﺍﺕ ﺣﺎﺳﻤﺔ‪.‬‬ ‫‪-‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪37‬‬ ‫‪www.theiia.org‬‬


    ‫ﺳﻴﺴﺎﻋﺪﺍﻟﻨﻬﺞ ﺍﻟﻤﻨﻈﻢ ﻓﻲ ﺗﺴﺮﻳﻊ ﺍﻟﺘﻐﻴﻴﺮ ﺍﻟﺘﺤﻮﻳﻠﻲ ﺑﻄﺮﻳﻘﺔ ﻣﻀﺒﻮﻃﺔ‪:‬‬

    ‫ﺗﺤﻤﻲﺿﻮﺍﺑﻂ ﺍﻟﻮﺻﻮﻝ ﺍﻻﻧﺘﻘﺎﻝ ﻣﻦ ﺍﻟﺘﺼﻤﻴﻢ ﺍﻻﺳﺘﺮﺍﺗﻴﺠﻲ ﻣﻦ ﺧﻼﻝ ﺗﻄﻮﻳﺮ ﺍﻟﺘﻌﻠﻴﻤﺎﺕ ﺍﻟﺒﺮﻣﺠﻴﺔ‬ ‫‪-‬‬
    ‫ﻭﺗﻨﻔﻴﺬﻫﺎ‪.‬‬
    ‫ﺗﻌﻤﻞﺣﻤﺎﻳﺔ ﺍﻟﻜﻮﺩ ﺍﻟﻤﺼﺪﺭﻱ ﻋﻠﻰ ﺗﻘﺪﻡ ﺗﻐﻴﻴﺮﺍﺕ ﺍﻟﺘﻄﺒﻴﻖ ﻛﻤﺎ ﺗﻤﺖ ﺍﻟﻤﻮﺍﻓﻘﺔ ﻋﻠﻴﻬﺎ ﻣﻦ ﻗﺒﻞ ﺍﻹﺩﺍﺭﺓ‪.‬‬ ‫‪-‬‬
    ‫ﻳﻌﻄﻲﺍﻻﺧﺘﺒﺎﺭ ﺍﻟﻘﻮﻱ ﺿﻤﺎﻧﺎً ﺑﺄﻥ ﺍﻟﺘﺼﻤﻴﻢ ﻳﻌﻤﻞ ﺑﻤﻮﺛﻮﻗﻴﺔ ‪ ،‬ﻭﻳﻌﻤﻞ ﺑﺘﻘﻨﻴﺎﺕ ﻣﺘﺮﺍﺑﻄﺔ ‪ ،‬ﻭﻓﻘﺎً‬ ‫‪-‬‬
    ‫ﻟﺘﻮﻗﻌﺎﺕﺍﻹﺩﺍﺭﺓ‪.‬‬
    ‫ﻳﻮﻓﺮﺍﻟﺘﻮﺛﻴﻖ ﻭﺍﻟﺘﺪﺭﻳﺐ ﺍﻻﺳﺘﺨﺪﺍﻡ ﺍﻟﻤﻨﺎﺳﺐ ﻭﺍﻟﻤﺘﺴﻖ ﻟﻠﺘﻄﺒﻴﻖ‪.‬‬ ‫‪-‬‬

    ‫ﺍﻟﺼﻴﺎﻧﺔﺍﻟﻤﺴﺘﻤﺮﺓ ﺗﺤﺎﻓﻆ ﻋﻠﻰ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻣﻨﺎﺳﺒﺔ‬


    ‫ﻟﻠﻐﺮﺽﻭﺗﻀﻤﻦ ﺗﻮﻓﺮ ﺍﻟﻨﻈﺎﻡ ﻭﺃﻣﺎﻧﻪ ﻭﺳﻼﻣﺘﻪ‪.‬‬
    ‫ﻣﻮﺍﺭﺩ‬

    ‫ﻟﻤﺰﻳﺪﻣﻦ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺣﻮﻝ ﺇﺩﺍﺭﺓ ﺍﻟﺘﻐﻴﻴﺮ‬


    ‫ﻓﻴﻤﺎﻳﺘﻌﻠﻖ ﺑﺎﻟﺘﻄﺒﻴﻘﺎﺕ ‪ ،‬ﻳﺮﺟﻰ ﺍﻻﻃﻼﻉ‬ ‫ﺗﻐﻴﻴﺮﺍﺕﻋﻠﻰ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﺍﻟﻀﻮﺍﺑﻂ‬
    ‫ﻋﻠﻰ‪" IIA GTAG‬ﺇﺩﺍﺭﺓ ﺗﻐﻴﻴﺮ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬ ‫ﺳﻮﺍءﺗﻢ ﺗﻄﻮﻳﺮ ﺑﺮﺍﻣﺞ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﺩﺍﺧﻠﻴﺎً ﺃﻭ ﺑﻮﺍﺳﻄﺔ ﺁﺧﺮﻳﻦ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪:‬ﺣﺎﺳﻤﺔ ﻟﻠﻨﺠﺎﺡ ﺍﻟﺘﻨﻈﻴﻤﻲ ‪،‬‬ ‫ﻭﻓﻘﺎًﻟﻤﻮﺍﺻﻔﺎﺕ ﺍﻟﻤﻨﻈﻤﺔ ‪ ،‬ﻓﺈﻥ ﺍﻟﻀﻮﺍﺑﻂ ﺿﺮﻭﺭﻳﺔ ﻟﻀﻤﺎﻥ‬
    ‫ﺍﻹﺻﺪﺍﺭﺍﻟﺜﺎﻟﺚ‪".‬‬
    ‫ﺗﺼﻤﻴﻢﺗﻐﻴﻴﺮﺍﺕ ﺍﻟﺘﻄﺒﻴﻖ ﺑﺸﻜﻞ ﻣﻨﺎﺳﺐ ﻭ‬

    ‫ﻧﻔﺬﺕﺑﺸﻜﻞ ﻓﻌﺎﻝ‪ .‬ﻫﺬﺍ ﻳﺤﻤﻲ ﺑﻴﺉﺔ ﺍﻹﻧﺘﺎﺝ )ﺍﻟﺤﻴﺔ( ﻟﻠﺘﻄﺒﻴﻖ‪.‬‬

    ‫ﻳﺠﺐﺃﻥ ﺗﺘﺒﻊ ﺍﻟﺘﻐﻴﻴﺮﺍﺕ ﺑﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﺘﻐﻴﻴﺮ ﺍﻟﺨﺎﺻﺔ ﺑﺎﻹﺩﺍﺭﺓ‪ .‬ﻳﺠﺐ ﻃﻠﺐ ﻛﻞ ﻣﻨﻬﺎ ﻭﺗﺤﺪﻳﺪ ﻧﻄﺎﻗﻬﺎ ﻭﺍﻟﻤﻮﺍﻓﻘﺔ‬
    ‫ﻋﻠﻴﻬﺎﻣﻦ ﻗﺒﻞ ﻭﻇﻴﻔﺔ ﺍﻟﻌﻤﻞ ﺍﻟﻤﻨﺎﺳﺒﺔ‪ .‬ﻳﺠﺐ ﺗﻘﻴﻴﻢ ﻣﺒﺎﺩﺭﺍﺕ ﺍﻟﺘﻐﻴﻴﺮ ﻣﻦ ﺣﻴﺚ ﺍﻟﻔﺎﺉﺪﺓ ﻭﺍﻷﻭﻟﻮﻳﺔ ﻭﺗﺘﺒﻌﻬﺎ ﺑﺄﻣﺮ‬
    ‫ﺍﻟﺨﺪﻣﺔﺃﻭ ﺭﻗﻢ ﺍﻟﺘﺬﻛﺮﺓ‪ .‬ﻳﺠﺐ ﻣﺮﺍﻋﺎﺓ ﺍﻟﺘﺄﺛﻴﺮ ﻭﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﺘﻲ ﻳﺸﻜﻠﻬﺎ ﺍﻟﺘﻐﻴﻴﺮ ﻋﻨﺪ ﺗﺤﺪﻳﺪ ﻧﻄﺎﻕ ﺟﻬﺪ ﺍﻟﻤﺸﺮﻭﻉ‬
    ‫ﻭﺗﻮﻗﻴﺘﻪ ‪،‬ﻭﻳﺠﺐ ﺗﺨﺼﻴﺺ ﺍﻟﻤﻮﺍﺭﺩ ﺍﻟﻤﻨﺎﺳﺒﺔ ﺫﺍﺕ ﺍﻟﺨﺒﺮﺓ ﻟﺘﻨﻔﻴﺬ ﺍﻟﺘﻐﻴﻴﺮ‪.‬‬

    ‫ﻳﺠﺐﺗﺼﻤﻴﻢ ﻃﻠﺒﺎﺕ ﺍﻟﺘﻐﻴﻴﺮ ﺑﻨﺎء ًﻋﻠﻰ ﻣﺘﻄﻠﺒﺎﺕ ﻣﻮﺛﻘﺔ ﻣﻮﺟﻬﺔ ﻣﻦ ﻗﺒﻞ ﻭﺣﺪﺓ ﺍﻟﻌﻤﻞ ﺍﻟﻤﻨﺎﺳﺒﺔ ‪ ،‬ﻭﻳﺠﺐ ﺃﻥ‬
    ‫ﻳﻜﻮﻥﻫﻨﺎﻙ ﻓﺼﻞ ﻣﻨﺎﺳﺐ ﺑﻴﻦ ﺿﻮﺍﺑﻂ ﺍﻟﻤﻬﺎﻡ ﻃﻮﺍﻝ ﺍﻟﻌﻤﻠﻴﺔ‪ .‬ﻳﺠﺐ ﺍﺗﺒﺎﻉ ﺍﻟﺨﻄﻮﺍﺕ ﺍﻟﻤﺘﺴﻠﺴﻠﺔ ﻓﻲ ﺗﻄﻮﺭ‬
    ‫ﺍﻟﺘﻐﻴﻴﺮﺍﻟﻤﻄﻠﻮﺏ ‪ ،‬ﻛﻤﺎ ﻫﻮ ﻣﻮﺿﺢ ﻓﻲ ﺍﻟﻤﺜﺎﻝ ﻓﻲ ﺍﻟﺸﻜﻞ ‪.18‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪38‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﺸﻜﻞ‪ :18‬ﺧﻄﻮﺍﺕ ﻧﻤﻮﺫﺟﻴﺔ ﻓﻲ ﻋﻤﻠﻴﺔ ﺍﻟﺘﻐﻴﻴﺮ‬

    ‫ﺍﻟﻤﺼﺪﺭ‪:‬ﻣﻌﻬﺪ ﺍﻟﻤﺮﺍﺟﻌﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬

    ‫ﻳﻀﻤﻦﺍﻻﺧﺘﺒﺎﺭ ﺍﻟﻘﻮﻱ ﺟﻮﺩﺓ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﻤﺘﺄﺛﺮﺓ ﺑﺎﻟﺘﻐﻴﻴﺮ‪ .‬ﻳﺠﺐ ﺗﻄﻮﻳﺮ ﺍﻟﺘﻐﻴﻴﺮﺍﺕ ﻭﺍﺧﺘﺒﺎﺭﻫﺎ ﻓﻲ ﺑﻴﺉﺎﺕ ﻏﻴﺮ‬
    ‫ﺇﻧﺘﺎﺟﻴﺔ ‪،‬ﻣﺜﻞ ﺑﻴﺉﺔ ﺍﻟﺘﻄﻮﻳﺮ ﺃﻭ ﺍﻻﺧﺘﺒﺎﺭ )‪ DEV‬ﻭ ‪ (TEST‬ﺃﻭﻻ ًﺑﻮﺍﺳﻄﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺛﻢ ﺗﻘﺪﻳﻤﻬﺎ ﺇﻟﻰ ﻭﺣﺪﺓ‬
    ‫ﺍﻷﻋﻤﺎﻝﻻﺧﺘﺒﺎﺭ ﺍﻟﻘﺒﻮﻝ‪ .‬ﻳﺘﻢ ﺗﻄﻮﻳﺮ ﺧﻄﺔ ﺍﺧﺘﺒﺎﺭ ﻗﺒﻮﻝ ﺍﻟﻤﺴﺘﺨﺪﻡ ﻣﻦ ﻗﺒﻞ ﺍﻟﻤﺴﺘﺨﺪﻣﻴﻦ ﺍﻟﻨﻬﺎﺉﻴﻴﻦ ﺍﻟﺬﻳﻦ ﻟﺪﻳﻬﻢ‬
    ‫ﺧﺒﺮﺓﻓﻲ ﺍﻟﻌﻤﻠﻴﺔ ﺍﻟﺘﻲ ﻳﺘﻢ ﺍﺧﺘﺒﺎﺭﻫﺎ ‪ ،‬ﻭﻳﺠﺐ ﻋﻠﻴﻬﻢ ﺗﺤﺪﻳﺪ ﺍﻷﻧﺸﻄﺔ ﺃﻭ ﺍﻟﻮﻇﺎﺉﻒ ﺍﻟﺘﺠﺎﺭﻳﺔ ﺍﻟﺮﺉﻴﺴﻴﺔ ﺍﻟﺘﻲ ﺗﺘﺄﺛﺮ‬
    ‫ﺑﺎﻟﺘﻐﻴﻴﺮ‪.‬ﻳﻤﻜﻦ ﺃﻥ ﺗﺴﺎﻫﻢ ﻫﺬﻩ ﺍﻟﻌﻮﺍﻣﻞ ﻓﻲ ﺗﻄﻮﻳﺮ ﺧﻄﺔ ﻓﻌﺎﻟﺔ ﻻﺧﺘﺒﺎﺭ ﻗﺒﻮﻝ ﺍﻟﻤﺴﺘﺨﺪﻡ‪:‬‬

    ‫ﻣﺸﺎﺭﻛﺔﺍﻟﺘﻄﺒﻴﻖ ﻭﻣﻤﺜﻠﻲ ﻭﺣﺪﺓ ﺍﻷﻋﻤﺎﻝ ﻣﻊ ﻣﻌﺮﻓﺔ ﻣﺒﺎﺷﺮﺓ ﺑﺎﻟﺘﻄﺒﻴﻖ ﻭﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻤﺮﺍﺩ ﺍﺧﺘﺒﺎﺭﻫﺎ‪.‬‬ ‫‪-‬‬

    ‫ﺃﻫﺪﺍﻑﻣﺤﺪﺩﺓ ﺑﻮﺿﻮﺡ ﻭﺳﻴﻨﺎﺭﻳﻮﻫﺎﺕ ﺍﻻﺧﺘﺒﺎﺭ ﺍﻟﺘﻲ ﺗﻌﺘﻤﺪ ﻋﻠﻰ ﺍﻷﺣﺪﺍﺙ ﺑﻨﺎء ًﻋﻠﻰ ﺩﻭﺭﺓ ﻧﺸﺎﻁ ﺍﻷﻋﻤﺎﻝ ‪ ،‬ﺑﻤﺎ ﻓﻲ‬ ‫‪-‬‬
    ‫ﺫﻟﻚﺍﻷﻧﺸﻄﺔ ﻋﺎﻟﻴﺔ ﺍﻟﻤﺨﺎﻃﺮ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﺍﻟﺨﺴﺎﺭﺓ ‪ /‬ﺍﻻﻧﻘﻄﺎﻉ ﺍﻟﻤﺤﺘﻤﻞ ﻟﻺﻳﺮﺍﺩﺍﺕ ﺃﻭ ﺍﻟﻤﺸﻜﻼﺕ ﺍﻟﻘﺎﻧﻮﻧﻴﺔ(‪.‬‬

    ‫ﻣﺠﻤﻮﻋﺔﻣﻦ ﺷﺮﻭﻁ ﺍﻻﺧﺘﺒﺎﺭ ﺍﻟﻤﻄﻠﻮﺑﺔ ﻟﺴﻴﻨﺎﺭﻳﻮ ﺍﻷﻋﻤﺎﻝ ‪ ،‬ﺑﺪﻻ ًﻣﻦ ﺍﻟﺸﺮﻭﻁ ﺍﻟﻤﺴﺘﻨﺪﺓ ﺇﻟﻰ ﺍﺧﺘﻼﻓﺎﺕ‬ ‫‪-‬‬
    ‫ﺍﻟﺒﺮﻧﺎﻣﺞ‪.‬‬
    ‫ﻣﺠﻤﻮﻋﺔﻣﻦ ﻧﺘﺎﺉﺞ ﺍﻻﺧﺘﺒﺎﺭ ﺍﻟﻤﺤﺪﺩﺓ ﻣﺴﺒﻘﺎً ﻟﺨﻄﺔ ﺍﻻﺧﺘﺒﺎﺭ‪.‬‬ ‫‪-‬‬
    ‫ﺗﺘﺒﻊﺍﻟﻌﻴﻮﺏ ﻭﺣﻠﻬﺎ‪.‬‬ ‫‪-‬‬
    ‫ﺍﺗﺒﺎﻉﺗﻘﻨﻴﺎﺕ ﻣﺮﺍﻗﺒﺔ ﺍﻻﺟﺘﻬﺎﺩ ﺑﻌﺪ ﺣﺮﻛﺔ ﺍﻹﻧﺘﺎﺝ )‪ .(PROD‬ﺍﻟﻌﻼﻗﺎﺕ ﺍﻟﻤﺘﺒﺎﺩﻟﺔ ﻭﺍﻟﺘﺄﺛﻴﺮﺍﺕ ﻣﻊ‬ ‫‪-‬‬
    ‫ﺍﻟﺘﻄﺒﻴﻘﺎﺕﺍﻷﺧﺮﻯ‪.‬‬ ‫‪-‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪39‬‬ ‫‪www.theiia.org‬‬


    ‫ﻓﻲﻧﻬﺎﻳﺔ ﺍﻟﻤﻄﺎﻑ ‪ ،‬ﺗﻀﻤﻦ ﺇﺩﺍﺭﺓ ﺍﻟﻤﻨﻈﻤﺔ ﺍﻟﻤﺴﺘﻮﻯ ﺍﻟﻤﻨﺎﺳﺐ ﻣﻦ ﺍﻟﻮﺛﺎﺉﻖ ﻭﺗﻔﻮﺽ ﺍﻟﺘﻐﻴﻴﺮ ﺍﻟﺬﻱ ﻳﺆﺛﺮ ﻋﻠﻰ‬
    ‫ﺑﻴﺉﺔﺇﻧﺘﺎﺝ ﺍﻟﺘﻄﺒﻴﻖ ﻋﻠﻰ ﺃﺳﺎﺱ ﻧﺘﺎﺉﺞ ﺍﻻﺧﺘﺒﺎﺭ‪ .‬ﺛﻢ ﻳﻨﺘﻘﻞ ﻛﻮﺩ ﺍﻟﻤﺼﺪﺭ ﺍﻟﻤﻌﺘﻤﺪ ﺇﻟﻰ ﺍﻹﻧﺘﺎﺝ ﻣﻦ ﺧﻼﻝ ﻭﻇﻴﻔﺔ‬
    ‫ﻣﺴﺘﻘﻠﺔﻣﻦ ﺑﻴﺉﺔ ﺍﻟﺘﺪﺭﻳﺞ ﺍﻟﺘﻲ ﺗﺤﺎﻛﻲ ﻧﺸﺎﻁ ﺍﻹﻧﺘﺎﺝ‪ .‬ﻳﺠﺐ ﻗﺒﻮﻝ ﺍﻟﺘﻐﻴﻴﺮ ﺭﺳﻤﻴﺎً ﻣﻦ ﻗﺒﻞ ﻃﺎﻟﺐ ﻭﺣﺪﺓ ﺍﻷﻋﻤﺎﻝ‬
    ‫ﻣﻊﻣﺮﺍﻋﺎﺓ ﺍﻟﻌﻨﺎﻳﺔ ﺍﻟﻮﺍﺟﺒﺔ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﻗﺪ ﺗﺘﻀﻤﻦ ﻣﺮﺍﻗﺒﺔ ﺍﻟﻌﻨﺎﻳﺔ ﺍﻟﺘﺤﻘﻖ ﻣﻦ ﺻﺤﺔ ﺳﻠﺴﻠﺔ ﻣﻦ ﺩﻭﺭﺍﺕ‬
    ‫ﺍﻟﻤﻌﺎﻟﺠﺔﺍﻟﻤﺘﺘﺎﻟﻴﺔ ﺩﻭﻥ ﺃﺧﻄﺎء(‪.‬‬

    ‫ﻳﻮﺿﺢﺍﻟﺸﻜﻞ ‪ 19‬ﺗﺼﻮﻳﺮﺍً ﺑﺴﻴﻄﺎً ﻟﺘﺮﺣﻴﻞ ﺍﻟﺘﻐﻴﻴﺮ ﺍﻟﻤﻘﺘﺮﺡ ﻣﻦ ﺧﻼﻝ ﺍﻟﺒﻴﺉﺎﺕ ﺍﻟﻤﻨﺎﺳﺒﺔ‪.‬‬

    ‫ﺍﻟﺸﻜﻞ‪ :19‬ﻣﺜﺎﻝ ﻋﻠﻰ ﺗﺮﺣﻴﻞ ﺗﻐﻴﻴﺮ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬

    ‫ﻣﻠﺤﻮﻇﺔ‪:‬ﻳﺠﺐ ﻓﺼﻞ ﺍﻟﺘﺮﺣﻴﻞ ﻋﺒﺮ ﻛﻞ ﻣﻦ ﻫﺬﻩ ﺍﻟﺒﻴﺉﺎﺕ ﺑﺸﻜﻞ ﺻﺤﻴﺢ‪ .‬ﺍﻟﻤﺼﺪﺭ‪ :‬ﻣﻌﻬﺪ ﺍﻟﻤﺮﺍﺟﻌﻴﻦ‬
    ‫ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬

    ‫ﻋﺎﺩﺓ ًﻣﺎ ﻳﻘﺘﺼﺮ ﻣﺴﺘﺨﺪﻣﻮ ﺍﻷﻋﻤﺎﻝ ﻋﻠﻰ ﺑﻴﺉﺔ ﺍﻹﻧﺘﺎﺝ ﺍﻟﺨﺎﺻﺔ ﺑﻬﻢ ﻋﺒﺮ ﺍﻹﻧﺘﺮﻧﺖ ؛ ﺍﻟﻤﺒﺮﻣﺠﻮﻥ ﻭﺍﻟﻤﻄﻮﺭﻭﻥ‬
    ‫ﻣﻘﻴﺪﻭﻥﺑﺒﻴﺉﺔ ﺍﻻﺧﺘﺒﺎﺭ ﺍﻟﺨﺎﺻﺔ ﺑﻬﻢ‪ .‬ﻳﺠﺐ ﺇﺟﺮﺍء ﺍﻻﻧﺘﻘﺎﻝ ﺇﻟﻰ ﺑﻴﺉﺎﺕ ﺍﻹﻧﺘﺎﺝ ﺑﺸﻜﻞ ﻣﺴﺘﻘﻞ ﻟﻀﻤﺎﻥ ﺍﻟﺘﺤﻜﻢ‬
    ‫ﻓﻲﺍﻹﺻﺪﺍﺭ‪.‬‬

    ‫ﻳﺠﺐﺃﻥ ﺗﻜﻮﻥ ﺍﻟﺘﻐﻴﻴﺮﺍﺕ ﺍﻟﻄﺎﺭﺉﺔ ﻗﻠﻴﻠﺔ ﻭﻻ ﺗﺰﺍﻝ ﺗﺘﻄﻠﺐ ﻧﻔﺲ ﺍﻟﻤﺴﺘﻮﻯ ﻣﻦ ﺍﻟﺘﻮﺛﻴﻖ ﻭﺍﻻﺧﺘﺒﺎﺭ‪ .‬ﻓﻲ ﺑﻌﺾ‬
    ‫ﺍﻟﺤﺎﻻﺕ ‪،‬ﻳﻤﻜﻦ ﺍﻟﺤﺼﻮﻝ ﻋﻠﻰ ﺍﻟﻤﻮﺍﻓﻘﺔ ﻋﻠﻰ ﺇﺟﺮﺍء ﺗﻐﻴﻴﺮ ﻃﺎﺭﺉ ﻓﻲ ﺍﻹﻧﺘﺎﺝ ﺑﻌﺪ ﻭﻗﻮﻉ ﺍﻟﺤﺪﺙ ‪ ،‬ﻭﻟﻜﻦ ﺿﻤﻦ ﺇﻃﺎﺭ‬
    ‫ﺯﻣﻨﻲﻣﻌﻘﻮﻝ ﻭﻣﺤﺪﺩ ﺭﺳﻤﻴﺎً )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﻳﻮﻣﻲ ﻋﻤﻞ(‪.‬‬

    ‫ﺗﻄﺒﻴﻘﺎﺕﺍﻟﺘﺤﺪﻳﺎﺕ ﻭﺍﻟﻤﺨﺎﻃﺮ‬
    ‫ﺍﻟﺘﻄﺒﻴﻘﺎﺕﺍﻟﻌﺎﻣﻠﺔ ﻭﺍﻟﻔﻌﺎﻟﺔ ﻫﻲ ﻣﻔﺘﺎﺡ ﻧﺠﺎﺡ ﻛﻞ ﻣﺆﺳﺴﺔ‪ .‬ﻳﺠﺐ ﺃﻥ ﻳﻜﻮﻥ ﺗﺼﻤﻴﻢ ﻭﺻﻴﺎﻧﺔ ﺑﻨﻴﺔ ﺍﻟﺘﻄﺒﻴﻖ ‪،‬‬
    ‫ﻭﺗﻄﻮﻳﺮﺗﻄﺒﻴﻘﺎﺕ ﺟﺪﻳﺪﺓ ‪ ،‬ﻭﺇﺩﺧﺎﻝ ﺗﻐﻴﻴﺮﺍﺕ ﻋﻠﻰ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﺤﺎﻟﻴﺔ ﻋﻤﻠﻴﺎﺕ ﻓﻌﺎﻟﺔ ﻭﻓﻌﺎﻟﺔ ﻣﻤﻠﻮﻛﺔ ﻟﻺﺩﺍﺭﺓ‬
    ‫ﻭﻣﻔﻬﻮﻣﺔﻣﻦ ﻗﺒﻞ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪ .‬ﻳﻤﻜﻦ ﺃﻥ ﺗﻜﻮﻥ ﺿﻮﺍﺑﻂ ﺍﻟﺘﺸﻐﻴﻞ ﺑﺸﻜﻞ ﻣﻨﺎﺳﺐ ﻋﺒﺮ ﻫﺬﻩ ﺍﻟﻮﻇﺎﺉﻒ‬
    ‫ﻫﻲﺍﻟﻔﺮﻕ ﺑﻴﻦ ﺍﻟﻌﻤﻠﻴﺔ ﺍﻟﻔﻌﺎﻟﺔ ﺃﻭ ﻏﻴﺮ ﺍﻟﻔﻌﺎﻟﺔ‪.‬‬

    ‫ﻓﻴﻤﺎﻳﺘﻌﻠﻖ ﺑﻬﻴﻜﻞ ﺍﻟﺘﻄﺒﻴﻖ ‪ ،‬ﻳﺠﺐ ﺃﻥ ﻳﻜﻮﻥ ﻟﺪﻯ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﻧﻈﺮﺓ ﺷﺎﻣﻠﺔ ﻟﻤﻘﺪﻣﻲ ﺧﺪﻣﺎﺕ ﺍﻟﻄﺮﻑ‬
    ‫ﺍﻟﺜﺎﻟﺚ ‪،‬ﻭﻣﺨﺎﻃﺮ ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﺴﺤﺎﺑﻴﺔ ‪ ،‬ﻭﺍﻟﻀﻮﺍﺑﻂ ﺍﻟﻤﻨﺎﺳﺒﺔ ﺍﻟﺘﻲ ﺗﻌﺘﺒﺮ ﻣﻬﻤﺔ ﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺘﺠﺎﺭﻳﺔ‬
    ‫ﻭﺍﻟﺘﺴﻠﻴﻢ‪.‬‬

    ‫ﻫﻨﺎﻙﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺍﻟﺘﺤﺪﻳﺎﺕ ‪ /‬ﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﻤﺘﻌﻠﻘﺔ ﺑﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﻤﺆﺳﺴﺔ ﺍﻟﺘﻲ ﻳﺠﺐ ﺃﻥ ﻳﻜﻮﻥ ﺍﻟﻤﺪﻗﻘﻮﻥ ﺍﻟﺪﺍﺧﻠﻴﻮﻥ ﻋﻠﻰ‬
    ‫ﺩﺭﺍﻳﺔﺑﻬﺎ ‪ ،‬ﻭﺍﻟﺘﻲ ﻳﻤﻜﻦ ﺃﻥ ﺗﺸﻤﻞ ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ﻻ ﺍﻟﺤﺼﺮ‪:‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪40‬‬ ‫‪www.theiia.org‬‬


    ‫ﺗﺨﻄﻴﻂﻏﻴﺮ ﻭﺍﺿﺢ ‪ /‬ﺃﻃﺮ ﺯﻣﻨﻴﺔ ﻣﺘﺴﺎﺭﻋﺔ‪.‬ﻋﻨﺪﻣﺎ ﺗﻔﺸﻞ ﺟﻬﻮﺩ ﺗﻄﻮﻳﺮ ﺍﻟﺘﻄﺒﻴﻖ ‪ ،‬ﻏﺎﻟﺒﺎً ﻣﺎ ﻳﻜﻮﻥ ﺫﻟﻚ‬ ‫‪-‬‬
    ‫ﺑﺴﺒﺐﺍﻟﺘﺨﻄﻴﻂ ﻏﻴﺮ ﺍﻟﻮﺍﺿﺢ ﻭ ‪ /‬ﺃﻭ ﺍﻹﻃﺎﺭ ﺍﻟﺰﻣﻨﻲ ﺍﻟﻤﺘﺴﺎﺭﻉ ﺍﻟﺬﻱ ﻳﺆﺩﻱ ﺇﻟﻰ ﻋﺪﻡ ﻛﻔﺎﻳﺔ ﺍﻟﺘﺼﻤﻴﻢ‪ .‬ﺇﺫﺍ‬
    ‫ﺯﺍﺩﺗﻮﺍﺗﺮ ﺍﻟﺘﻐﻴﻴﺮ ‪ ،‬ﻓﻘﺪ ﺗﻘﻮﻡ ﻓﺮﻕ ﺍﻟﺘﻄﻮﻳﺮ ﺑﺘﺴﺮﻳﻊ ﺍﻟﺘﻨﻔﻴﺬ ﺧﺎﺭﺝ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﻤﻮﺛﻘﺔ ﻭﺩﻭﻥ ﺇﻋﻄﺎء‬
    ‫ﺍﻷﻭﻟﻮﻳﺔﻟﻠﻬﻨﺪﺳﺔ ﺍﻻﺳﺘﺮﺍﺗﻴﺠﻴﺔ ﻭﺍﻟﺘﺨﻄﻴﻂ‪.‬‬

    ‫ﺗﻌﺪﺩﻣﻘﺪﻣﻲ ﺍﻟﺨﺪﻣﺎﺕ‪.‬ﻗﺪ ﻳﺆﺩﻱ ﺍﻟﻌﻤﻞ ﻣﻊ ﺍﻟﻌﺪﻳﺪ ﻣﻦ ﻣﺰﻭﺩﻱ ﺧﺪﻣﺔ ﺍﻟﺒﺮﺍﻣﺞ ﺇﻟﻰ ﺗﻌﻘﻴﺪ ﺇﺩﺍﺭﺓ‬ ‫‪-‬‬
    ‫ﺍﻟﺒﻴﺎﻧﺎﺕﺑﺸﻜﻞ ﺃﻛﺒﺮ ﺣﻴﺚ ﺗﺘﺪﻓﻖ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻣﻦ ﺗﻄﺒﻴﻖ ﺇﻟﻰ ﺁﺧﺮ‪.‬‬

    ‫ﻳﺘﻢﺗﺼﻨﻴﻒ ﻋﻮﺍﻣﻞ ﺍﻟﺨﻄﺮ ﺍﻟﺘﺎﻟﻴﺔ ‪ ،‬ﺍﻟﻤﺘﻌﻠﻘﺔ ﺑﺘﻐﻴﻴﺮﺍﺕ ﺍﻟﺘﻄﺒﻴﻖ ‪ ،‬ﺇﻟﻰ ﺛﻼﺛﺔ ﺃﺳﺒﺎﺏ ﺟﺬﺭﻳﺔ‪ :‬ﺍﻟﻤﻨﻬﺠﻴﺔ ﻏﻴﺮ‬
    ‫ﺍﻟﺮﺳﻤﻴﺔ ‪،‬ﻭﺍﻟﻤﻨﻄﻖ ﻏﻴﺮ ﺍﻟﺼﺤﻴﺢ ‪ ،‬ﻭﺯﻳﺎﺩﺓ ﺍﻟﺘﻘﻠﺐ‪ .‬ﻗﺪ ﺗﺆﺩﻱ ﻣﻌﺎﻟﺠﺔ ﺍﻟﺴﺒﺐ ﺍﻟﺠﺬﺭﻱ ﺇﻟﻰ ﺗﺼﺤﻴﺢ ﺍﺳﺘﺜﻨﺎءﺍﺕ‬
    ‫ﺍﻷﻋﺮﺍﺽﻭﺗﻌﺰﻳﺰ ﺍﻟﻌﻼﺝ‪:‬‬

    ‫ﻣﻨﻬﺠﻴﺔﻏﻴﺮ ﺭﺳﻤﻴﺔ ‪ /‬ﺗﻐﻴﻴﺮﺍﺕ ﻣﺨﺼﺼﺔ‬


    ‫ﺗﻮﻗﻌﺎﺕﻋﺎﺉﺪ ﺍﻻﺳﺘﺜﻤﺎﺭ ﻏﻴﺮ ﺍﻟﻮﺍﻗﻌﻴﺔ ﺗﻤﻨﻊ ﺗﻘﺪﻳﻢ ﺍﻷﻓﻜﺎﺭ ﺍﻟﻨﺎﺷﺉﺔ‪.‬‬ ‫‪-‬‬
    ‫ﻣﺘﻄﻠﺒﺎﺕﻧﻈﺎﻡ ﻏﺎﻣﻀﺔ‪.‬‬ ‫‪-‬‬
    ‫ﺗﻢﺗﻄﺒﻴﻖ ﺍﻟﺘﻐﻴﻴﺮﺍﺕ ﻋﻠﻰ ﺍﻹﺻﺪﺍﺭ ﺍﻟﺨﺎﻃﺊ ﻣﻦ ﺍﻟﺘﻌﻠﻴﻤﺎﺕ‬ ‫‪-‬‬
    ‫ﺍﻟﺒﺮﻣﺠﻴﺔﺍﻟﻤﺼﺪﺭ‪ .‬ﺗﻐﻴﻴﺮﺍﺕ ﻣﺘﻜﺮﺭﺓ ﻟﻨﻔﺲ ﺍﻟﺒﺮﻧﺎﻣﺞ ‪/‬‬ ‫‪-‬‬
    ‫ﺍﻟﺘﻄﺒﻴﻖ‪.‬ﺍﻟﺘﺄﺧﻴﺮ ﻓﻲ ﺗﺴﻠﻴﻢ ﺍﻟﺤﻞ‪.‬‬ ‫‪-‬‬
    ‫ﻟﻢﻳﺘﻢ ﺍﻟﻨﻈﺮ ﻓﻲ ﺍﻟﻌﻼﻗﺎﺕ ﺍﻟﺒﻴﻨﻴﺔ ﺃﺛﻨﺎء ﺗﻐﻴﻴﺮ ﻃﺎﺭﺉ‪ .‬ﻋﺪﻡ ﻣﺸﺎﺭﻛﺔ‬ ‫‪-‬‬
    ‫ﺍﻟﻤﺴﺘﺨﺪﻡﺃﺛﻨﺎء ﺍﻻﺧﺘﺒﺎﺭ‪.‬‬ ‫‪-‬‬
    ‫ﻋﺪﻡﻣﺮﺍﺟﻌﺔ ﺍﻟﻤﺴﺘﺨﺪﻡ ﻭﺍﻻﺟﺘﻬﺎﺩ ﺑﻌﺪ ﺗﻄﺒﻴﻖ ﺍﻟﺘﻐﻴﻴﺮ‪.‬‬ ‫‪-‬‬

    ‫ﻣﻨﻄﻖﻏﻴﺮ ﺻﺤﻴﺢ ‪ /‬ﺿﻌﻴﻒ ﻣﺼﻤﻢ ﻓﻲ ﺍﻟﺒﺮﺍﻣﺞ‬


    ‫ﺍﻟﺘﻄﺒﻴﻘﺎﺕﺍﻟﻤﻬﻤﺔ ﻟﻸﻋﻤﺎﻝ ﺍﻟﺘﻲ ﻳﺘﻢ ﺗﻐﻴﻴﺮﻫﺎ ﺩﺍﺧﻠﻴﺎً ﻛﺈﺻﻼﺡ ﻣﺆﻗﺖ‪.‬‬ ‫‪-‬‬
    ‫ﺗﻢﺇﺩﺧﺎﻝ ﺃﺧﻄﺎء ﻛﻨﺘﻴﺠﺔ ﻟﺘﻘﺪﻳﻢ ﺗﻐﻴﻴﺮ ﺑﻨﺎء ًﻋﻠﻰ ﻓﻬﻢ ﻏﻴﺮ ﻣﻜﺘﻤﻞ ﻟﻠﺤﻞ‪.‬‬ ‫‪-‬‬

    ‫ﻭﺻﻮﻝﻏﻴﺮ ﻣﻘﻴﺪ ﺇﻟﻰ ﺷﻔﺮﺓ ﺍﻟﻤﺼﺪﺭ‪ .‬ﻋﺪﻡ ﻭﺟﻮﺩ‬ ‫‪-‬‬


    ‫ﺃﺩﻭﺍﺕﺍﻟﺘﺤﻜﻢ ﻓﻲ ﺍﻟﺘﻐﻴﻴﺮ ﻭﺍﻟﻤﺮﺍﻗﺒﺔ‪ .‬ﺍﺧﺘﺒﺎﺭ ﻏﻴﺮ‬ ‫‪-‬‬
    ‫ﻛﺎﻑ‪.‬‬ ‫‪-‬‬

    ‫ﺯﻳﺎﺩﺓﺗﻘﻠﺒﺎﺕ ﺍﻟﺘﻄﺒﻴﻖ‬
    ‫ﺗﺰﺍﻳﺪﻭﺗﻴﺮﺓ ﺍﻟﺘﻐﻴﻴﺮﺍﺕ ﻭﺍﻻﻧﻘﻄﺎﻋﺎﺕ ﻓﻲ ﺍﻟﺨﺪﻣﺔ ﺑﺴﺒﺐ ﺍﻟﺼﻴﺎﻧﺔ )ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﺘﻲ ﺗﺘﻐﻴﺮ ﻛﻞ‬ ‫‪-‬‬
    ‫ﺃﺳﺒﻮﻉ(‪.‬‬
    ‫ﺗﺰﺍﻳﺪﺣﺠﻢ ﺍﻟﺘﻐﻴﻴﺮﺍﺕ )ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﺘﻲ ﺗﺘﻄﻠﺐ ﺃﻛﺒﺮ ﻗﺪﺭ ﻣﻦ ﺍﻟﺼﻴﺎﻧﺔ(‪ .‬ﺯﻳﺎﺩﺓ ﻛﻤﻴﺔ‬ ‫‪-‬‬
    ‫ﺍﻟﺘﻘﺎﺭﻳﺮﺍﻟﺮﺉﻴﺴﻴﺔ ﻭﺍﻟﺘﻐﻴﻴﺮﺍﺕ ﺍﻟﺘﻲ ﺗﻢ ﺇﺟﺮﺍﺅﻫﺎ ﻋﻠﻰ ﺍﻟﺘﻘﺎﺭﻳﺮ ﺍﻟﺮﺉﻴﺴﻴﺔ‪ .‬ﻋﺪﺩ ﺍﻟﺘﻐﻴﻴﺮﺍﺕ‬ ‫‪-‬‬
    ‫ﺍﻟﻄﺎﺭﺉﺔﺍﻟﺘﻲ ﺗﺤﺪﺙ‪.‬‬ ‫‪-‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪41‬‬ ‫‪www.theiia.org‬‬


    ‫ﻣﻮﺿﻮﻋﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻹﺿﺎﻓﻴﺔ ﻭﺍﻟﻨﺎﺷﺉﺔ‬

    ‫ﺳﻴﻨﺎﻗﺶﻫﺬﺍ ﺍﻟﻘﺴﻢ ﺑﻌﺾ ﻣﻮﺿﻮﻋﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻷﺳﺎﺳﻴﺔ ﻭﺍﻟﻨﺎﺷﺉﺔ ﻋﻠﻰ ﻣﺴﺘﻮﻯ ﻋﺎﻝ‪ ٍ.‬ﻣﻦ‬
    ‫ﺍﻟﻤﻬﻢﺃﻥ ﻧﻔﻬﻢ ﺃﻥ ﻫﺬﻩ ﺍﻟﻤﻮﺿﻮﻋﺎﺕ ﺍﻹﺿﺎﻓﻴﺔ ﺩﻳﻨﺎﻣﻴﻜﻴﺔ ﻭﻟﻴﺴﺖ ﺛﺎﺑﺘﺔ ‪ ،‬ﻭﺃﻥ ﺍﻟﻘﺎﺉﻤﺔ ﻟﻴﺴﺖ ﺷﺎﻣﻠﺔ‪ .‬ﻛﺎﻧﺖ‬
    ‫ﺍﻟﻤﻮﺿﻮﻋﺎﺕﺍﻟﺘﻲ ﺗﻤﺖ ﺗﻐﻄﻴﺘﻬﺎ ﻓﻲ ﺍﻷﻗﺴﺎﻡ ﺍﻟﺴﺎﺑﻘﺔ ﺗﻌﺘﺒﺮ ﺫﺍﺕ ﻳﻮﻡ ﻣﻮﺿﻮﻋﺎﺕ ﺗﻘﻨﻴﺔ ﻣﻌﻠﻮﻣﺎﺕ ﻧﺎﺷﺉﺔ‬
    ‫ﻭﺃﺻﺒﺤﺖﻣﻊ ﻣﺮﻭﺭ ﺍﻟﻮﻗﺖ ﻣﻮﺟﻮﺩﺓ ﻓﻲ ﻛﻞ ﻣﻜﺎﻥ ﻭﺃﺳﺎﺳﻴﺔ ﻟﻠﻤﺆﺳﺴﺎﺕ‪ .‬ﺍﻷﻣﺮ ﻧﻔﺴﻪ ﻳﻨﻄﺒﻖ ﻋﻠﻰ ﺍﻟﻌﺪﻳﺪ ﻣﻦ‬
    ‫ﺍﻟﻤﻮﺿﻮﻋﺎﺕﻓﻲ ﻫﺬﺍ ﺍﻟﻘﺴﻢ ؛ ﻗﺪ ﺗﺼﺒﺢ ﻳﻮﻣﺎً ﻣﺎ ﻋﻤﻠﻴﺎﺕ ﺷﺎﺉﻌﺔ ﻟﺠﻤﻴﻊ ﺍﻟﻤﻨﻈﻤﺎﺕ‪.‬‬

    ‫ﻣﻊﻇﻬﻮﺭ ﻣﻮﺿﻮﻋﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﺠﺪﻳﺪﺓ ﻭﺗﻄﻮﺭ ﺍﻟﻤﻮﺿﻮﻋﺎﺕ ﺍﻟﺤﺎﻟﻴﺔ ‪ ،‬ﻳﻈﻞ ﺍﻟﺒﻘﺎء ﻋﻠﻰ ﺍﻃﻼﻉ ﻭﺗﻄﺒﻴﻖ‬
    ‫ﺍﻟﺸﻜﻮﻙﺍﻟﻤﻬﻨﻴﺔ ﺃﻣﺮﺍً ﺑﺎﻟﻎ ﺍﻷﻫﻤﻴﺔ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﺍﻟﺬﻳﻦ ﻳﺴﻌﻮﻥ ﺟﺎﻫﺪﻳﻦ ﻟﻠﺒﻘﺎء ﻋﻠﻰ ﺻﻠﺔ ﻭﻣﺘﻮﺍﻓﻘﺔ ﻣﻊ ﻣﻌﻬﺪ‬
    ‫ﺍﻟﻤﺪﻗﻘﻴﻦﺍﻟﺪﺍﺧﻠﻴﻴﻦ )‪.(IIA‬ﺍﻟﻤﻌﺎﻳﻴﺮ ﺍﻟﺪﻭﻟﻴﺔ ﻟﻠﻤﻤﺎﺭﺳﺔ ﺍﻟﻤﻬﻨﻴﺔ ﻟﻠﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ‪.‬‬

    ‫ﺇﺩﺍﺭﺓﺍﻟﺒﻴﺎﻧﺎﺕ‬
    ‫ﻓﻲﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺍﻟﻤﺆﺳﺴﺎﺕ ‪ ،‬ﻳﺘﻢ ﺗﻄﻮﻳﺮ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺃﻭ ﺍﻟﺤﺼﻮﻝ ﻋﻠﻴﻬﺎ ‪ /‬ﺍﺳﺘﺨﺪﺍﻣﻬﺎ ﻓﻲ ﺻﻮﺍﻣﻊ ‪ ،‬ﻭﻗﺪ ﻳﻜﻮﻥ ﻣﻦ‬
    ‫ﺍﻟﺼﻌﺐﺍﻟﺘﺤﻘﻖ ﻣﻦ ﺳﻼﻣﺔ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻤﺴﺘﺨﺪﻣﺔ ﻭﺍﻟﻤﻨﺘﺠﺔ ﺑﻮﺍﺳﻄﺔ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‪ .‬ﻳﻌﺘﻤﺪ ﺗﻜﺎﻣﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻋﻠﻰ‬
    ‫ﺍﻟﻌﺪﻳﺪﻣﻦ ﺍﻟﻤﺘﻐﻴﺮﺍﺕ ‪ ،‬ﻣﺜﻞ ﻣﺼﺪﺭ )ﻣﺼﺎﺩﺭ( ﺇﺩﺧﺎﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻓﻲ ﺍﻟﺘﻄﺒﻴﻖ ‪ ،‬ﻭﺍﻟﻤﻨﻄﻖ ﺍﻟﺬﻱ ﻳﺴﺘﺨﺪﻣﻪ ﺍﻟﺘﻄﺒﻴﻖ‬
    ‫ﻹﻧﺘﺎﺝﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﻭﺩﻗﺔ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﺘﻲ ﻳﻨﺘﺠﻬﺎ ﺍﻟﺘﻄﺒﻴﻖ‪.‬‬

    ‫ﺃﺣﺪﺃﺳﺒﺎﺏ ﻋﺪﻡ ﻛﻔﺎﻳﺔ ﺟﻮﺩﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻫﻮ ﺃﻥ ﺍﻟﻤﻨﻈﻤﺎﺕ ﻏﺎﻟﺒﺎً ﻣﺎ ﺗﺠﻤﻊ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺃﻭ ﺗﺤﺼﻞ ﻋﻠﻴﻬﺎ ﻣﻦ ﻣﺼﺎﺩﺭ‬
    ‫ﻣﺨﺘﻠﻔﺔ‪.‬ﻧﻈﺮﺍً ﻷﻥ ﻫﺬﻩ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻳﺘﻢ ﺇﺩﺧﺎﻟﻬﺎ ﺇﻟﻰ ﺗﻄﺒﻴﻘﺎﺕ ﻣﺨﺘﻠﻔﺔ ﻟﻠﻤﺆﺳﺴﺔ ﺑﻤﺮﻭﺭ ﺍﻟﻮﻗﺖ ‪ ،‬ﻧﻈﺮﺍً ﻟﻠﺤﺠﻢ‬
    ‫ﺍﻟﻬﺎﺉﻞ ‪،‬ﻳﻤﻜﻦ ﺃﻥ ﺗﺘﺪﻫﻮﺭ ﺍﻟﺠﻮﺩﺓ‪ .‬ﺑﺎﻹﺿﺎﻓﺔ ﺇﻟﻰ ﺫﻟﻚ ‪ ،‬ﺇﺫﺍ ﻛﺎﻥ ﺗﻨﺴﻴﻖ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﺘﻲ ﺗﻢ ﺟﻤﻌﻬﺎ ﻣﺨﺘﻠﻔﺎً ﻟﻜﻞ‬
    ‫ﻃﺮﻳﻘﺔﺟﻤﻊ ‪ ،‬ﻓﻘﺪ ﻳﺘﻢ ﺍﺧﺘﺮﺍﻕ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻨﺎﺗﺠﺔ‪ .‬ﻣﻦ ﺍﻟﻤﻬﻢ ﺃﻥ ﻳﻜﻮﻥ ﻟﺪﻳﻚ ﻋﻨﺎﺻﺮ ﺗﺤﻜﻢ ﻓﻲ ﺍﻟﻮﺍﺟﻬﺔ ﺍﻷﻣﺎﻣﻴﺔ‬
    ‫ﻟﻀﻤﺎﻥﺗﻨﺴﻴﻖ ﻣﻮﺣﺪ‪.‬‬

    ‫ﺗﺘﻀﻤﻦﺃﻣﺜﻠﺔ ﻣﺸﻜﻼﺕ ﺇﺩﺧﺎﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻣﺎ ﻳﻠﻲ‪:‬‬

    ‫ﺃﺧﻄﺎءﺇﺩﺧﺎﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ‪.‬‬ ‫‪-‬‬


    ‫ﺗﻢﺗﺨﺰﻳﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺑﺸﻜﻞ ﻏﻴﺮ ﺩﻗﻴﻖ ﺩﺍﺧﻞ‬ ‫‪-‬‬
    ‫ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‪.‬ﺗﻨﺴﻴﻖ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻏﻴﺮ ﺻﺤﻴﺢ‪.‬‬ ‫‪-‬‬

    ‫ﺑﻤﺠﺮﺩﺩﻣﺞ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ )ﺍﻟﺘﻲ ﺭﺑﻤﺎ ﺗﻢ ﺗﻄﻮﻳﺮﻫﺎ ﻓﻲ ﺻﻮﺍﻣﻊ( ﻓﻲ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺘﺠﺎﺭﻳﺔ ﺍﻟﺮﺉﻴﺴﻴﺔ ‪ ،‬ﻳﺼﺒﺢ‬
    ‫ﺍﻟﻤﺴﺘﺨﺪﻣﻮﻥﻣﻌﺘﻤﺪﻳﻦ ﻋﻠﻰ ﻫﺬﻩ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﻋﻠﻰ ﺍﻟﺮﻏﻢ ﻣﻦ ﺃﻥ ﻫﺬﻩ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻗﺪ ﻻ ﺗﻜﻮﻥ ﻣﻮﺛﻮﻗﺔ‬
    ‫ﻓﻲﺑﻌﺾ ﺍﻟﺤﺎﻻﺕ‪.‬‬

    ‫ﻗﺪﺗﻜﻠﻒ ﺍﻟﺠﻮﺩﺓ ﺍﻟﺴﻴﺉﺔ ﺍﻟﻤﺤﺘﻤﻠﺔ ﻭﻧﻘﺺ ﺍﻟﻨﺰﺍﻫﺔ ﻭﻋﺪﻡ ﻗﺪﺭﺓ ﺍﻟﻤﺆﺳﺴﺎﺕ ﻋﻠﻰ ﺍﻻﻋﺘﻤﺎﺩ ﻋﻠﻰ ﺑﻴﺎﻧﺎﺗﻬﺎ ﻣﻼﻳﻴﻦ‬
    ‫ﺍﻟﺪﻭﻻﺭﺍﺕ‪.‬ﺗﺸﻴﺮ ﺍﻟﺘﻘﺪﻳﺮﺍﺕ ﺍﻷﺧﻴﺮﺓ ﺇﻟﻰ ﺃﻥ ﻣﻨﻈﻤﺔ ﻣﺘﻮﺳﻄﺔ ﻗﺪ ﺗﺘﻌﺮﺽ ﻟﺨﺴﺎﺉﺮ ﻗﺪﺭﻫﺎ ‪ 15‬ﺩﻭﻻﺭﺍً‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪42‬‬ ‫‪www.theiia.org‬‬


    ‫ﻣﻠﻴﻮﻥﺩﻭﻻﺭ ﺳﻨﻮﻳﺎً ﻋﻠﻰ ﺃﺳﺎﺱ ﺟﻮﺩﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﺮﺩﻳﺉﺔ ‪ ،‬ﻭﻗﺪ ﻳﺘﻜﺒﺪ ﺍﻻﻗﺘﺼﺎﺩ ﺍﻷﻣﺮﻳﻜﻲ ﺧﺴﺎﺉﺮ ﺗﺘﺠﺎﻭﺯ ‪ 3‬ﺗﺮﻳﻠﻴﻮﻥ‬
    ‫ﺩﻭﻻﺭﺳﻨﻮﻳﺎً‪2.‬‬

    ‫ﻳﻤﻜﻦﺃﻥ ﺗﻌﺘﻤﺪ ﺍﻟﺘﺤﺪﻳﺎﺕ ﻭﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﻤﺮﺗﺒﻄﺔ ﺑﺈﺩﺍﺭﺓ ﺑﻴﺎﻧﺎﺕ ﺍﻟﻤﺆﺳﺴﺔ ﺃﻳﻀﺎً ﻋﻠﻰ ﺛﻘﺎﻓﺔ ﺍﻟﻤﻨﻈﻤﺔ ﻭﻫﻴﻜﻠﻬﺎ )‬
    ‫ﻋﻮﺍﻣﻞﻣﺜﻞ ﻣﺎ ﺇﺫﺍ ﻛﺎﻧﺖ ﻻ ﻣﺮﻛﺰﻳﺔ ﻣﻘﺎﺑﻞ ﻣﺮﻛﺰﻳﺔ(‪ .‬ﻭﻛﻠﻤﺎ ﺯﺍﺩ ﻋﻤﻞ ﺍﻷﻗﺴﺎﻡ ﺍﻟﻔﺮﺩﻳﺔ ﻟﻠﻤﺆﺳﺴﺔ ﻓﻲ ﺻﻮﺍﻣﻊ ‪،‬‬
    ‫ﺯﺍﺩﺕﺻﻌﻮﺑﺔ ﻭﺟﻮﺩ ﺍﺳﺘﺮﺍﺗﻴﺠﻴﺔ ﻓﻌﺎﻟﺔ ﻹﺩﺍﺭﺓ ﺑﻴﺎﻧﺎﺕ ﺍﻟﻤﺆﺳﺴﺔ‪.‬‬

    ‫ﺗﺸﻤﻞﺍﻟﻌﻮﺍﻣﻞ ﺍﻷﺧﺮﻯ ﺍﻟﺘﻲ ﻳﻤﻜﻦ ﺃﻥ ﺗﺆﺛﺮ ﻋﻠﻰ ﺇﺩﺍﺭﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ﻻ ﺍﻟﺤﺼﺮ‪:‬‬

    ‫ﺑﻴﺎﻧﺎﺕﻏﻴﺮ ﺩﻗﻴﻘﺔ ﺃﻭ ﻏﻴﺮ ﻛﺎﻣﻠﺔ ﻭﺟﺮﺩ ﺃﺻﻮﻝ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪ .‬ﻋﺪﻡ ﻭﺟﻮﺩ‬ ‫‪-‬‬
    ‫ﺳﻴﺎﺳﺎﺕﺇﺩﺍﺭﺓ ﺑﻴﺎﻧﺎﺕ ﺍﻟﻤﺆﺳﺴﺔ‪.‬‬ ‫‪-‬‬
    ‫ﻻﻳﻮﺟﺪ ﻓﺮﺩ ﻣﺴﺆﻭﻝ ﺃﻭ ﻗﺎﺩﺭ ﻋﻠﻰ ﺍﻟﺘﻌﺎﻣﻞ ﻣﻊ ﺑﻨﻴﺔ ﺑﻴﺎﻧﺎﺕ ﺍﻟﻤﺆﺳﺴﺔ ﺍﻟﺨﺎﺻﺔ ﺑﺎﻟﻤﺆﺳﺴﺔ‪.‬‬ ‫‪-‬‬

    ‫ﺿﻌﻒﻣﺼﺎﺩﺭ ﺍﻟﺒﻴﺎﻧﺎﺕ‪.‬‬ ‫‪-‬‬


    ‫ﻋﺪﻡﻭﺟﻮﺩ ﺇﺟﺮﺍءﺍﺕ ﻟﺘﺤﺪﻳﺪ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻭﺍﻷﻧﻈﻤﺔ ﺍﻟﺘﻲ ﺑﻬﺎ ﻣﺸﻜﻼﺕ ﺗﺘﻌﻠﻖ ﺑﺠﻮﺩﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﻋﺪﻡ‬ ‫‪-‬‬
    ‫ﻭﺟﻮﺩﺇﺟﺮﺍءﺍﺕ ﻟﺒﺪء ﺍﻟﻤﺸﺎﺭﻳﻊ ﺍﻟﺘﻲ ﺗﻌﺎﻟﺞ ﻫﺬﻩ ﺍﻟﻤﺸﻜﻼﺕ‪.‬‬

    ‫ﺗﺸﻤﻞﺍﻟﻨﺘﺎﺉﺞ ﺍﻟﺴﻠﺒﻴﺔ ﺍﻟﻤﺤﺘﻤﻠﺔ ﻣﻦ ﺳﻮء ﺇﺩﺍﺭﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻣﺎ ﻳﻠﻲ‪:‬‬

    ‫ﺍﺳﺘﻴﺎءﺍﻟﻌﻤﻼء ﻋﻨﺪﻣﺎ ﺗﻨﻌﻜﺲ ﺑﻴﺎﻧﺎﺗﻬﻢ ﺑﺸﻜﻞ ﻏﻴﺮ ﺩﻗﻴﻖ ﻓﻲ ﺃﻧﻈﻤﺔ ﻭﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﻤﻨﻈﻤﺔ‪.‬‬ ‫‪-‬‬

    ‫ﺍﻟﻐﺮﺍﻣﺎﺕﻭ ‪ /‬ﺃﻭ ﺍﻟﻌﻘﻮﺑﺎﺕ ﺍﻟﺘﻨﻈﻴﻤﻴﺔ‪.‬‬ ‫‪-‬‬


    ‫ﺧﺮﻭﻗﺎﺕﺍﻟﺒﻴﺎﻧﺎﺕ‪.‬‬ ‫‪-‬‬
    ‫ﺍﻟﺘﺄﺛﻴﺮﺍﻟﻤﺤﺘﻤﻞ ﻋﻠﻰ ﺭﺑﺤﻴﺔ ﺍﻟﻤﻨﻈﻤﺔ‪.‬‬ ‫‪-‬‬

    ‫ﺗﺤﻠﻴﻼﺕﺍﻟﺒﻴﺎﻧﺎﺕ‬

    ‫ﻳﻤﻜﻦﺍﺳﺘﺨﺪﺍﻡ ﺗﺤﻠﻴﻼﺕ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻟﺘﺤﺪﻳﺪ ﺍﻟﻤﺆﺷﺮﺍﺕ‬


    ‫ﺍﻟﺮﺉﻴﺴﻴﺔﺍﻟﺸﺎﺉﻌﺔ ﻟﻤﺴﺎﻋﺪﺓ ﺍﻹﺩﺍﺭﺓ ﻓﻲ ﻣﻌﺮﻓﺔ ﻛﻴﻔﻴﺔ‬
    ‫ﺍﻟﻤﻮﺍﺭﺩ‬
    ‫ﻋﻤﻞﺍﻟﻌﻤﻠﻴﺎﺕ ﻭﺍﻟﻀﻮﺍﺑﻂ ﺑﺸﻜﻞ ﺟﻴﺪ‪ .‬ﻭﺍﻷﻫﻢ ﻣﻦ ﺫﻟﻚ ‪،‬‬
    ‫ﺗﻮﻓﺮ"ﺗﻘﻨﻴﺎﺕ ﺗﺤﻠﻴﻼﺕ ﺍﻟﺒﻴﺎﻧﺎﺕ" ‪GTAG‬‬ ‫ﻗﺪﺗﻈُﻬﺮ ﺍﻟﺘﺤﻠﻴﻼﺕ ﺗﺪﻫﻮﺭﺍً ﻣﺴﺘﻤﺮﺍً ﻓﻲ ﺍﻟﻌﻤﻠﻴﺎﺕ‬
    ‫‪ IIA‬ﻧﻈﺮﺓ ﺛﺎﻗﺒﺔ ﻟﺘﻘﻴﻴﻢ ﻣﺴﺘﻮﻯ ﻧﻀﺞ‬ ‫ﻭﺍﻟﻀﻮﺍﺑﻂﺍﻟﺘﻲ ﻗﺪ ﺗﺪﻓﻊ ﺇﻟﻰ ﺍﺗﺨﺎﺫ ﺇﺟﺮﺍءﺍﺕ ﺗﺼﺤﻴﺤﻴﺔ‬
    ‫ﺍﺳﺘﺨﺪﺍﻡﺗﺤﻠﻴﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﻣﻊ ﺍﻟﺘﺮﻛﻴﺰ‬ ‫ﻋﺎﺟﻠﺔ‪.‬ﻣﻊ ﻧﻀﺞ ﺍﻟﻤﺆﺳﺴﺎﺕ ‪ ،‬ﺗﺆﺛﺮ ﺗﺤﻠﻴﻼﺕ ﺍﻟﺒﻴﺎﻧﺎﺕ‬
    ‫ﻋﻠﻰﺯﻳﺎﺩﺓ ﻣﺴﺘﻮﻳﺎﺕ ﺍﻟﻀﻤﺎﻥ‬ ‫ﺑﺸﺪﺓﻋﻠﻰ ﺍﻟﻄﺮﻳﻘﺔ ﺍﻟﺘﻲ ﻳﻤﻜﻦ ﺑﻬﺎ ﺗﻘﻴﻴﻢ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺫﺍﺕ‬
    ‫ﻭﺍﻟﺨﺪﻣﺎﺕﺍﻷﺧﺮﻯ ﺫﺍﺕ ﺍﻟﻘﻴﻤﺔ ﺍﻟﻤﻀﺎﻓﺔ‪.‬‬ ‫ﺍﻟﺼﻠﺔﻭﺗﺠﻤﻴﻌﻬﺎ ﻻﺗﺨﺎﺫ ﺍﻟﻘﺮﺍﺭ ﻭﻣﺮﺍﻗﺒﺔ ﺍﻟﻤﺨﺎﻃﺮ‬
    ‫ﺍﻟﺮﺉﻴﺴﻴﺔ‪.‬‬

    ‫‪.2‬ﻛﻴﺮﻱ ﻫﻮﻝ ‪" ،‬ﺟﻮﺩﺓ ﺑﻴﺎﻧﺎﺕ ﺍﻟﻌﻤﻴﻞ‪ :‬ﺍﻟﺠﻴﺪ ﻭﺍﻟﺴﻴﺊ ﻭﺍﻟﻘﺒﻴﺢ" ‪ ،‬ﺍﻟﺼﻼﺣﻴﺔ ‪ 5 ،‬ﺳﺒﺘﻤﺒﺮ ‪-data-quality/ .2019‬‬
    ‫‪.https://www.validity.com/blog/customer‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪43‬‬ ‫‪www.theiia.org‬‬


    ‫ﻓﻲﺍﻟﻮﻗﺖ ﻧﻔﺴﻪ ‪ ،‬ﺍﺯﺩﺍﺩﺕ ﺃﻫﻤﻴﺔ ﺗﺤﻠﻴﻼﺕ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺃﻳﻀﺎً ﻛﺄﺳﻠﻮﺏ ﻗﺪ ﻳﻄﺒﻘﻪ ﻧﺸﺎﻁ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﻋﻨﺪ‬
    ‫ﺗﻨﻔﻴﺬﻋﻤﻠﻴﺎﺕ ﺍﻟﺘﺪﻗﻴﻖ‪ .‬ﻳﻤﻜﻦ ﺃﻥ ﻳﻜﻮﻥ ﺑﺮﻧﺎﻣﺞ ﺗﺤﻠﻴﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﺮﺳﻤﻲ ﻣﻔﻴﺪﺍً ﻓﻲ ﺩﻋﻢ ﻭﻇﻴﻔﺔ ﺍﻟﺘﺪﻗﻴﻖ ﻓﻲ ﺃﻥ‬
    ‫ﺗﺼﺒﺢﺃﻛﺜﺮ ﻓﻌﺎﻟﻴﺔ ‪ ،‬ﻭﺃﻛﺜﺮ ﻛﻔﺎءﺓ ‪ ،‬ﻭﻗﺎﺑﻠﺔ ﻟﻠﺘﻄﻮﻳﺮ ﺑﺴﻬﻮﻟﺔ ‪ ،‬ﻭﺗﻘﻠﻴﻞ ﺃﺧﻄﺎء ﺍﻟﺘﺪﻗﻴﻖ ﺑﺸﻜﻞ ﻛﺒﻴﺮ ﻣﻊ ﺗﻮﻓﻴﺮ ﺗﺪﻗﻴﻖ‬
    ‫ﺃﻛﺒﺮﻭﺍﺣﺘﻴﺎﻝﺗﻐﻄﻴﺔ ﺍﻟﻤﺨﺎﻃﺮ‪ .‬ﻳﻤﻜﻦ ﺃﻥ ﺗﻮﻓﺮ ﺑﺮﺍﻣﺞ ﺗﺤﻠﻴﻼﺕ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺗﺪﻗﻴﻘﺎً ﺃﻭ ﻣﺮﺍﻗﺒﺔ ﻣﺴﺘﻤﺮﺓ ﻃﻮﻳﻠﺔ ﺍﻷﺟﻞ‬
    ‫ﺣﻮﻝﺍﻟﻘﻀﺎﻳﺎ ﺍﻟﻘﺎﻧﻮﻧﻴﺔ ﻭﺍﻻﻣﺘﺜﺎﻝ ﺑﺎﻹﺿﺎﻓﺔ ﺇﻟﻰ ﺍﻟﻘﺪﺭﺓ ﻋﻠﻰ ﺇﺟﺮﺍء ﺍﺧﺘﺒﺎﺭ ﺗﺪﻗﻴﻖ ﻣﺨﺼﺺ ‪ ،‬ﻭﻣﺮﺍﺟﻌﺔ ﺍﻷﻋﻤﺎﻝ ‪،‬‬
    ‫ﻭﺍﻟﻤﺴﺎﻋﺪﺓﻓﻲ ﺗﺤﻘﻴﻘﺎﺕ ﺍﻻﺣﺘﻴﺎﻝ ﺍﻟﻤﺤﺘﻤﻠﺔ‪.‬‬

    ‫ﺑﺎﻟﻨﺴﺒﺔﻟﻜﻞ ﻣﻦ ﺍﻷﻋﻤﺎﻝ ﻭﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ‪ ،‬ﻳﻤﻜﻦ ﺃﻥ ﺗﻈﻞ ﺟﻮﺩﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺗﻤﺜﻞ ﺗﺤﺪﻳﺎً‪ .‬ﺃﺛﻨﺎء ﺗﻄﺒﻴﻖ ﺍﻟﺘﺤﻠﻴﻼﺕ ﻋﻠﻰ ﻣﺠﻤﻮﻋﺎﺕ‬
    ‫ﺍﻟﺒﻴﺎﻧﺎﺕﺍﻟﻤﻨﻈﻤﺔ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﺟﺪﺍﻭﻝ ‪ (SQL‬ﻗﺪ ﻳﻜﻮﻥ ﻣﺘﻘﺪﻣﺎً ﻓﻲ ﺑﻌﺾ ﺍﻟﻤﺆﺳﺴﺎﺕ ‪ ،‬ﻓﺈﻥ ﺗﻄﺒﻴﻖ ﺗﺤﻠﻴﻼﺕ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻋﻠﻰ‬
    ‫ﻣﺠﻤﻮﻋﺎﺕﺍﻟﺒﻴﺎﻧﺎﺕ ﻏﻴﺮ ﺍﻟﻤﻨﻈﻤﺔ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﺟﺪﺍﻭﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺃﻭ ﺭﺳﺎﺉﻞ ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ( ﻳﻤﻜﻦ ﺃﻥ ﻳﻜﻮﻥ ﺫﺍ ﺃﻫﻤﻴﺔ‬
    ‫ﺧﺎﺻﺔﻟﻠﻤﺆﺳﺴﺎﺕ ﻷﻧﻪ ﻗﺪ ﻳﻮﻓﺮ ﺭﺅﻯ ﺭﺉﻴﺴﻴﺔ ﺇﺿﺎﻓﻴﺔ‪.‬‬

    ‫ﻭﺳﺎﺉﻞﺍﻟﺘﻮﺍﺻﻞ ﺍﻻﺟﺘﻤﺎﻋﻲ‬

    ‫ﺗﺘﻜﻮﻥﻭﺳﺎﺉﻞ ﺍﻟﺘﻮﺍﺻﻞ ﺍﻻﺟﺘﻤﺎﻋﻲ ﻣﻦ ﻣﺠﻤﻮﻋﺔ ﻣﻦ ﺍﻟﺘﻘﻨﻴﺎﺕ ﻭﺍﻟﻘﻨﻮﺍﺕ ﺍﻟﺘﻲ ﺗﻬﺪﻑ ﺇﻟﻰ ﺗﺸﻜﻴﻞ ﻭﺗﻤﻜﻴﻦ‬
    ‫ﻣﺠﺘﻤﻊﺿﺨﻢ ﻣﻦ ﺍﻟﻤﺸﺎﺭﻛﻴﻦ ﻣﻦ ﺍﻟﺘﻌﺎﻭﻥ ﺑﺸﻜﻞ ﻣﻨﺘﺞ‪ .‬ﺗﺸﻤﻞ ﺃﻣﺜﻠﺔ ﻣﻨﺼﺎﺕ ﻭﻗﻨﻮﺍﺕ ﺍﻟﻮﺳﺎﺉﻂ ﺍﻻﺟﺘﻤﺎﻋﻴﺔ‬
    ‫ﺣﻮﻝﺍﻟﻌﺎﻟﻢ ‪ Facebook‬ﻭ ‪ LinkedIn‬ﻭ ‪ YouTube‬ﻭ ‪ Twitter‬ﻭ ‪ Instagram‬ﻭ ‪ QQ‬ﻭ ‪ Wechat‬ﻭ‬
    ‫‪ WhatsApp‬ﻭﻏﻴﺮﻫﺎ ﺍﻟﻜﺜﻴﺮ‪.‬‬

    ‫ﺗﺘﺮﺍﻭﺡﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﺘﻲ ﺗﻮﺍﺟﻬﻬﺎ ﺍﻟﻤﺆﺳﺴﺎﺕ ﻓﻲ ﻫﺬﺍ ﺍﻟﻤﺠﺎﻝ ﻣﻦ ﻋﺪﻡ ﺗﺒﻨﻲ ﻭﺳﺎﺉﻞ ﺍﻟﺘﻮﺍﺻﻞ ﺍﻻﺟﺘﻤﺎﻋﻲ )ﻋﻠﻰ‬
    ‫ﺳﺒﻴﻞﺍﻟﻤﺜﺎﻝ ‪ ،‬ﺍﻟﻌﻼﻣﺔ ﺍﻟﺘﺠﺎﺭﻳﺔ ‪ /‬ﺍﻟﺼﻮﺭﺓ ‪ ،‬ﻓﻘﺪﺍﻥ ﺍﻟﺘﻔﺎﻋﻞ ﻣﻊ ﺍﻟﻌﻤﻼء( ‪ ،‬ﺍﻹﺿﺮﺍﺭ ﺑﺎﻟﺴﻤﻌﺔ ﻣﻦ ﻧﺸﺮ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬
    ‫ﺍﻟﻤﻀﻠﻠﺔﺃﻭ ﻏﻴﺮ ﺍﻟﺼﺤﻴﺤﺔ ‪ ،‬ﻭﺍﻟﻤﺨﺎﻃﺮ ﺍﻷﻣﻨﻴﺔ ‪ ،‬ﻭﺍﻧﺘﻬﺎﻙ ﻟﻮﺍﺉﺢ ﺍﻟﺨﺼﻮﺻﻴﺔ ‪ /‬ﺍﻟﺴﺮﻳﺔ ‪ ،‬ﻭﻓﻘﺪﺍﻥ ‪ /‬ﺳﺮﻗﺔ‬
    ‫ﺍﻟﻤﺜﻘﻔﻴﻦ‪.‬ﺍﻟﻤﻤﺘﻠﻜﺎﺕ ‪ ،‬ﻭﻓﻀﺢ ﺍﻷﺳﺮﺍﺭ ﺍﻟﺘﺠﺎﺭﻳﺔ‪ .‬ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﻳﻤﻜﻦ ﺃﻥ ﻳﺆﺩﻱ ﺑﻴﺎﻥ ﻣﻬﻴﻦ ﻳﺼﺪﺭ ﻋﻦ ﺃﺣﺪ‬
    ‫ﺍﻟﻤﻨﺎﻓﺴﻴﻦﺇﻟﻰ ﺩﻋﻮﻯ ﻗﻀﺎﺉﻴﺔ ﻣﺤﺘﻤﻠﺔ ﺿﺪ ﺍﻟﻤﻨﻈﻤﺔ ‪ ،‬ﺃﻭ ﻳﻤﻜﻦ ﺗﻔﺴﻴﺮ ﺗﻌﻠﻴﻖ ﺃﺩﻟﻰ ﺑﻪ ﻣﻮﻇﻒ ﻳﺘﻌﻠﻖ ﺑﻤﻮﻇﻒ‬
    ‫ﺁﺧﺮﻋﻠﻰ ﺃﻧﻪ ﻣﻀﺎﻳﻘﺔ ﺗﺆﺩﻱ ﺇﻟﻰ ﺭﻓﻊ ﺩﻋﻮﻯ ﻗﻀﺎﺉﻴﺔ‪ .‬ﻭﻓﻘﺎً ﻟﺬﻟﻚ ‪ ،‬ﻳﺠﺐ ﺃﻥ ﺗﻔﻬﻢ ﺍﻟﻤﻨﻈﻤﺎﺕ ﻭﺟﻮﺩﻫﺎ ﺍﻻﺟﺘﻤﺎﻋﻲ‬
    ‫ﻭﺃﻥﺗﺮﺍﻗﺐ ﻛﻞ ﻗﻨﺎﺓ ﻳﺘﻮﺍﺟﺪﻭﻥ ﻓﻴﻬﺎ‪.‬‬

    ‫ﻳﺠﺐﺃﻥ ﻳﻜﻮﻥ ﻟﺪﻯ ﺍﻟﻤﻨﻈﻤﺎﺕ ﺳﻴﺎﺳﺔ ﻭﺇﺟﺮﺍءﺍﺕ ﺣﻀﻮﺭ ﺍﺟﺘﻤﺎﻋﻲ )ﺭﻗﻤﻲ( ﻓﻴﻤﺎ ﻳﺘﻌﻠﻖ ﺑﻄﺮﻳﻘﺔ ﺇﺩﺍﺭﺓ ﻣﻮﺍﻗﻊ‬
    ‫ﺍﻟﺘﻮﺍﺻﻞﺍﻻﺟﺘﻤﺎﻋﻲ‪ .‬ﻳﺠﺐ ﺃﻥ ﺗﺘﻨﺎﻭﻝ ﺍﻟﺴﻴﺎﺳﺎﺕ ﺃﻳﻀﺎً ﺳﻠﻮﻙ ﺍﻟﻤﻮﻇﻒ ﻓﻴﻤﺎ ﻳﺘﻌﻠﻖ ﺑﻮﺳﺎﺉﻞ ﺍﻟﺘﻮﺍﺻﻞ‬
    ‫ﺍﻻﺟﺘﻤﺎﻋﻲ‪.‬ﻳﺠﺐ ﻋﻠﻰ ﺍﻟﻤﻨﻈﻤﺎﺕ ﺍﻟﺘﺄﻛﺪ ﻣﻦ ﺃﻥ ﺍﻟﻤﻮﻇﻔﻴﻦ ﻋﻠﻰ ﺩﺭﺍﻳﺔ ﺑﻬﺬﻩ ﺍﻟﺴﻴﺎﺳﺎﺕ ‪ ،‬ﺣﻴﺚ ﻳﻤﻜﻦ ﺃﻥ ﻳﻜﻮﻥ‬
    ‫ﻟﺴﻮءﺍﺳﺘﺨﺪﺍﻡ ﻭﺳﺎﺉﻞ ﺍﻟﺘﻮﺍﺻﻞ ﺍﻻﺟﺘﻤﺎﻋﻲ ﺗﺄﺛﻴﺮ ﻛﺒﻴﺮ ﻋﻠﻰ ﺳﻤﻌﺔ ﺍﻟﻜﻴﺎﻥ‪.‬‬

    ‫ﺃﺗﻤﺘﺔﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺮﻭﺑﻮﺗﻴﺔ‬
    ‫ﺗﺸﻴﺮﺃﺗﻤﺘﺔ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺮﻭﺑﻮﺗﻴﺔ )‪ (RPA‬ﺇﻟﻰ ﺍﻟﺒﺮﺍﻣﺞ ﺍﻟﺘﻲ ﻳﻤﻜﻦ ﺑﺮﻣﺠﺘﻬﺎ ﻷﺩﺍء ﺍﻟﻤﻬﺎﻡ ﻋﺒﺮ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ‪ ،‬ﻋﻠﻰ ﻏﺮﺍﺭ‬
    ‫ﺍﻟﻄﺮﻳﻘﺔﺍﻟﺘﻲ ﻳﻘﻮﻡ ﺑﻬﺎ ﺍﻟﺒﺸﺮ‪ .‬ﻳﻤﻜﻦ ﺗﻌﻠﻴﻢ ﺍﻟﺮﻭﺑﻮﺕ ﺍﻵﻟﻲ )ﺍﻟﺮﻭﺑﻮﺕ( ﺳﻴﺮ ﻋﻤﻞ ﺑﺨﻄﻮﺍﺕ ﻭﺗﻄﺒﻴﻘﺎﺕ ﻣﺘﻌﺪﺩﺓ ‪،‬‬
    ‫ﻣﺜﻞﺗﻘﻴﻴﻢ ﺍﻟﻨﻤﺎﺫﺝ ﺍﻟﻤﺴﺘﻠﻤﺔ ‪ ،‬ﻭﺇﺭﺳﺎﻝ ﺭﺳﺎﻟﺔ ﺇﻳﺼﺎﻝ ‪ ،‬ﻭﺍﻟﺘﺤﻘﻖ ﻣﻦ ﺍﻛﺘﻤﺎﻝ ﺍﻟﻨﻤﺎﺫﺝ ‪ ،‬ﻭﺣﻔﻆ ﺍﻟﻨﻤﺎﺫﺝ ﻓﻲ‬
    ‫ﻣﺠﻠﺪﺍﺕ ‪،‬ﻭﺗﺤﺪﻳﺚ ﺟﺪﺍﻭﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺑﺎﺳﻢ ﺍﻟﻨﻤﻮﺫﺝ ‪ ،‬ﻭﺍﻟﺘﺎﺭﻳﺦ ﻗﺪﻡ ‪ ،‬ﻭﻣﺎ ﺇﻟﻰ ﺫﻟﻚ‪ .‬ﺗﻢ ﺗﺼﻤﻴﻢ ﺑﺮﻧﺎﻣﺞ ‪RPA‬‬
    ‫ﻟﺘﻘﻠﻴﻞﺃﻭ ﺃﺗﻤﺘﺔ ﺍﻟﻤﻬﺎﻡ ﺍﻟﺒﺴﻴﻄﺔ ﺍﻟﻤﺘﻜﺮﺭﺓ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪44‬‬ ‫‪www.theiia.org‬‬


    ‫ﻳﺨﺘﻠﻒﺍﺳﺘﺨﺪﺍﻡ ﺗﻘﻨﻴﺔ ‪ RPA‬ﺍﻋﺘﻤﺎﺩﺍً ﻋﻠﻰ ﺍﻟﻨﺘﺎﺉﺞ ﺍﻟﻤﺮﺟﻮﺓ‪ .‬ﻗﺪ ﺗﺨﺘﻠﻒ ﺍﻟﻤﺆﺳﺴﺎﺕ ﺣﺴﺐ ﺍﻻﺳﺘﺨﺪﺍﻡ ﺍﻻﺳﺘﺮﺍﺗﻴﺠﻲ )‬
    ‫ﺍﻷﺗﻤﺘﺔﻓﻲ ﺍﻷﺳﺎﺱ ﻣﻘﺎﺑﻞ ﺍﻷﺗﻤﺘﺔ ﺑﺎﺳﺘﺨﺪﺍﻡ ‪ ، (RPA‬ﻭﻋﺪﺩ ﺍﻷﻧﻈﻤﺔ ﺍﻷﺳﺎﺳﻴﺔ ﺍﻟﻤﺴﺘﺨﺪﻣﺔ )ﻣﻨﺼﺔ ﻭﺍﺣﺪﺓ ﻣﻘﺎﺑﻞ ﻣﻨﺼﺎﺕ‬
    ‫ﻣﺘﻌﺪﺩﺓ( ‪ ،‬ﻭﺃﻧﻮﺍﻉ ﺍﻟﺮﻭﺑﻮﺗﺎﺕ ﺍﻟﻤﺴﺘﺨﺪﻣﺔ )ﻳﺘﻢ ﺑﺪء ﺑﺮﺍﻣﺞ ﺍﻟﺮﻭﺑﻮﺕ ﺍﻟﺨﺎﺿﻌﺔ ﻟﻺﺷﺮﺍﻑ ﺑﻮﺍﺳﻄﺔ ﻣﺴﺘﺨﺪﻡ ﺍﻟﺤﻮﺍﺭ ﺑﻴﻨﻤﺎ ﻳﺘﻢ‬
    ‫ﺗﺸﻐﻴﻞﺑﺮﺍﻣﺞ ﺍﻟﺮﻭﺑﻮﺕ ﻏﻴﺮ ﺍﻟﻤﺮﺍﻗﺒﺔ ﻣﺠﺪﻭﻝ ﻟﻠﺘﺸﻐﻴﻞ ﺗﻠﻘﺎﺉﻴﺎً( ‪ ،‬ﻭﺍﻟﻤﺰﻳﺪ‪.‬‬

    ‫ﻣﺜﻞﺃﻱ ﺍﺑﺘﻜﺎﺭ ﺗﻘﻨﻲ ﺟﺪﻳﺪ ‪ ،‬ﻫﻨﺎﻙ ﻓﻮﺍﺉﺪ ﻭﻣﺨﺎﻃﺮ ﺗﻘﻨﻴﺔ ‪ .RPA‬ﻳﺠﺐ ﻋﻠﻰ ﺍﻟﻤﻨﻈﻤﺎﺕ ﺃﻥ ﺗﺰﻥ ﻛﻞ ﻣﻨﻬﺎ ﻋﻠﻰ ﺣﺪﺓ‬
    ‫ﻗﺒﻞﺍﻟﺸﺮﻭﻉ ﻓﻲ ﺍﺳﺘﺮﺍﺗﻴﺠﻴﺔ ﺃﺗﻤﺘﺔ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺮﻭﺑﻮﺗﻴﺔ‪ .‬ﻗﺪ ﺗﺸﻤﻞ ﺍﻟﻔﻮﺍﺉﺪ ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ﻻ ﺍﻟﺤﺼﺮ‪:‬‬

    ‫ﺗﺤﺴﻴﻦﻣﻌﻨﻮﻳﺎﺕ ﺍﻟﻤﻮﻇﻔﻴﻦ ‪-‬ﻗﺪ ﻳﺘﻢ ﺗﺤﺮﻳﺮ ﺍﻟﻤﻮﻇﻔﻴﻦ ﻣﻦ ﺍﻟﻘﻴﺎﻡ ﺑﻤﻬﺎﻡ ﻣﺘﻜﺮﺭﺓ‪.‬‬ ‫‪-‬‬
    ‫ﺇﻧﺘﺎﺟﻴﺔ‪-‬ﺗﺘﻴﺢ ﺃﺗﻤﺘﺔ ﺍﻟﻤﻬﺎﻡ ﺍﻟﺒﺴﻴﻄﺔ ﻟﻠﻤﻮﻇﻔﻴﻦ ﺯﻳﺎﺩﺓ ﺍﻹﻧﺘﺎﺟﻴﺔ ﻓﻲ ﻣﺠﺎﻻﺕ ﺃﺧﺮﻯ‪.‬‬ ‫‪-‬‬

    ‫ﻣﺼﺪﺍﻗﻴﺔ‪-‬ﻣﻊ ﺍﻟﺒﺮﻣﺠﺔ ﺍﻟﻤﻨﺎﺳﺒﺔ ‪ ،‬ﻗﺪ ﻳﻨﺘﺞ ﻋﻦ ﺗﻘﻨﻴﺔ ‪ RPA‬ﻧﺘﺎﺉﺞ ﺃﻛﺜﺮ ﻣﻮﺛﻮﻗﻴﺔ‪.‬‬ ‫‪-‬‬
    ‫ﺗﻨﺎﺳﻖ‪-‬ﻳﻤﻜﻦ ﺑﺮﻣﺠﺔ ﺍﻟﺮﻭﺑﻮﺗﺎﺕ ﻟﻠﻌﻤﻞ ﺩﻭﻥ ﺗﻮﻗﻒ ﻭﺗﻨﻔﻴﺬ ﻋﻤﻠﻴﺎﺕ ﻗﺎﺑﻠﺔ ﻟﻠﺘﻜﺮﺍﺭ ‪ ،‬ﻣﻤﺎ‬ ‫‪-‬‬
    ‫ﻳﻀﻤﻦﻧﺘﺎﺉﺞ ﻣﺘﺴﻘﺔ ﺑﻤﺮﻭﺭ ﺍﻟﻮﻗﺖ‪.‬‬
    ‫ﺗﻘﻨﻴﺔﻏﻴﺮ ﺟﺮﺍﺣﻴﺔ ‪-‬ﺗﻌﻄﻞ ﺍﻷﻧﻈﻤﺔ ﺍﻟﺤﺎﻟﻴﺔ ﻟﻴﺲ ﻣﺸﻜﻠﺔ‪ .‬ﺍﻣﺘﺜﺎﻝ ‪-‬ﻳﻤﻜﻦ ﺗﻮﺛﻴﻖ ﻣﺴﺎﺭﺍﺕ‬ ‫‪-‬‬
    ‫ﺍﻟﺘﺪﻗﻴﻖﻟﺘﻠﺒﻴﺔ ﺍﻟﻤﺘﻄﻠﺒﺎﺕ ﺍﻟﺘﻨﻈﻴﻤﻴﺔ‪ .‬ﺣﺎﺟﺰ ﺗﻘﻨﻲ ﻣﻨﺨﻔﺾ ‪-‬ﺍﻟﺘﻜﻮﻳﻦ ﺑﺴﻴﻂ ﻧﺴﺒﻴﺎً‪ .‬ﺩﻗﺔ ‪-‬‬ ‫‪-‬‬
    ‫ﺍﻟﺮﻭﺑﻮﺗﺎﺕﺃﻗﻞ ﻋﺮﺿﺔ ﻟﻠﺨﻄﺄ ﺍﻟﺒﺸﺮﻱ‪.‬‬ ‫‪-‬‬
    ‫‪-‬‬

    ‫ﻗﺪﺗﺸﻤﻞ ﺍﻟﻤﺨﺎﻃﺮ ‪ ،‬ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ﻻ ﺍﻟﺤﺼﺮ‪:‬‬

    ‫ﻗﻀﺎﻳﺎﺍﻟﻔﺼﻞ ﻓﻲ ﺍﻟﻮﺍﺟﺒﺎﺕ ‪-‬ﻗﺪ ﻳﻜﻮﻥ ﻟﻠﺮﻭﺑﻮﺗﺎﺕ ﺳﻠﻄﺔ ﻣﻔﺮﻃﺔ‪.‬‬ ‫‪-‬‬


    ‫ﻋﻤﻠﻴﺎﺕﻣﻜﺘﻮﺑﺔ ﺑﺸﻜﻞ ﺳﻲء ‪-‬ﻛﻤﺎ ﻫﻮ ﺍﻟﺤﺎﻝ ﻣﻊ ﺃﻱ ﺑﺮﻧﺎﻣﺞ ﻛﻤﺒﻴﻮﺗﺮ ‪ ،‬ﻳﺠﺐ ﺍﻻﻧﺘﺒﺎﻩ ﺇﻟﻰ ﻣﺎ ﻳﻄﻠﺐ‬ ‫‪-‬‬
    ‫ﻣﻦﺍﻟﺮﻭﺑﻮﺕ ﺍﻟﻘﻴﺎﻡ ﺑﻪ‪.‬‬
    ‫ﻟﻢﻳﺘﻢ ﺗﺤﺴﻴﻦ ﺍﻟﻌﻤﻠﻴﺔ ﺍﻟﺤﺎﻟﻴﺔ ﻗﺒﻞ ﺃﻥ ﻳﺘﻢ ﺗﺸﻐﻴﻠﻬﺎ ﺁﻟﻴﺎً ‪-‬ﺇﺫﺍ ﻛﺎﻧﺖ ﺍﻟﻌﻤﻠﻴﺔ ﻣﻌﻴﺒﺔ ﻗﺒﻞ ﺍﻟﺘﺸﻐﻴﻞ‬ ‫‪-‬‬
    ‫ﺍﻵﻟﻲ ‪،‬ﻓﺈﻥ ﻣﺠﺮﺩ ﻧﻘﻞ ﻧﻔﺲ ﻣﺠﻤﻮﻋﺔ ﺍﻟﻘﻮﺍﻋﺪ ﺇﻟﻰ ﺑﺮﻧﺎﻣﺞ ﺁﻟﻲ ﺳﻴﺴﺘﻤﺮ ﻓﻲ ﺇﻧﺘﺎﺝ ﻧﺘﺎﺉﺞ ﻣﻌﻴﺒﺔ‪.‬‬

    ‫ﺿﻌﻒﻣﺮﺍﻗﺒﺔ ﺍﻟﺮﻭﺑﻮﺗﺎﺕ ﻭﺍﻟﻤﺴﺆﻭﻟﻴﻦ ‪-‬ﻋﻠﻰ ﺍﻟﺮﻏﻢ ﻣﻦ ﺃﻥ ﺍﻟﺮﻭﺑﻮﺗﺎﺕ ﺁﻟﻴﺔ ‪ ،‬ﺇﻻ ﺃﻧﻬﺎ ﺗﺤﺘﺎﺝ ﺇﻟﻰ ﺻﻴﺎﻧﺔ‬ ‫‪-‬‬
    ‫ﻋﺮﺿﻴﺔ ‪،‬ﻭﻳﺠﺐ ﺃﻥ ﻳﻈﻞ ﺍﻟﻤﺴﺆﻭﻟﻮﻥ ﻋﻠﻰ ﻋﻠﻢ ﺑﺎﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺠﺪﻳﺪﺓ ‪ ،‬ﻭﺍﻟﻤﺨﺮﺟﺎﺕ ﺍﻟﻤﺨﺘﺮﻗﺔ ‪ ،‬ﻭﻣﺎ‬
    ‫ﺇﻟﻰﺫﻟﻚ‪.‬‬
    ‫ﻫﺠﻮﻡﺍﻟﻤﻘﻬﻰ ‪-‬ﺃﻱ ﺷﻲء ﻓﻲ ﺑﻴﺉﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻳﺨﻀﻊ ﻟﻘﻀﺎﻳﺎ ﺍﻹﻧﺘﺮﻧﺖ‪ .‬ﺍﻟﺮﻭﺑﻮﺗﺎﺕ ﻟﻴﺴﺖ‬ ‫‪-‬‬
    ‫ﺍﺳﺘﺜﻨﺎء‪.‬‬

    ‫ﺍﻟﺘﻌﻠﻢﺍﻵﻟﻲ ﻭﺍﻟﺬﻛﺎء ﺍﻻﺻﻄﻨﺎﻋﻲ‬


    ‫ﺗﺠﻤﻊﺍﻷﺗﻤﺘﺔ ﺍﻟﻤﻌﺮﻓﻴﺔ ﺑﻴﻦ ﺍﻟﺘﻘﻨﻴﺎﺕ ﺍﻟﻤﺘﻘﺪﻣﺔ ﻣﺜﻞ ﻣﻌﺎﻟﺠﺔ ﺍﻟﻠﻐﺔ ﺍﻟﻄﺒﻴﻌﻴﺔ )‪ (NLP‬ﻭﺍﻟﺬﻛﺎء ﺍﻻﺻﻄﻨﺎﻋﻲ )‪(AI‬‬
    ‫ﻭﺍﻟﺘﻌﻠﻢﺍﻵﻟﻲ )‪ (ML‬ﻭﺗﺤﻠﻴﻼﺕ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻟﺘﻘﻠﻴﺪ ﺍﻷﻧﺸﻄﺔ ﺍﻟﺒﺸﺮﻳﺔ ﻣﺜﻞ ﺍﻻﺳﺘﺪﻻﻝ ﻭﻗﺮﺍءﺓ ﺍﻹﺷﺎﺭﺍﺕ ﺍﻟﻌﺎﻃﻔﻴﺔ‬
    ‫ﻭﺍﻻﺳﺘﺪﻻﻝﻭﺍﻟﻔﺮﺿﻴﺎﺕ ﻭﺍﻟﺘﻮﺍﺻﻞ ﻣﻊ ﺍﻟﺒﺸﺮ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪45‬‬ ‫‪www.theiia.org‬‬


    ‫ﺗﺘﺠﺎﻭﺯﺍﻟﻘﻴﻤﺔ ﺍﻟﻘﺪﺭﺓ ﻋﻠﻰ ﺃﺗﻤﺘﺔ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺘﺠﺎﺭﻳﺔ ؛ ﻗﺪ ﺗﻌﻤﻞ ﺍﻷﺗﻤﺘﺔ ﺍﻟﻤﻌﺮﻓﻴﺔ ﺃﻳﻀﺎً ﻋﻠﻰ ﺯﻳﺎﺩﺓ ﻣﺎ ﻳﻔﻌﻠﻪ‬
    ‫ﺍﻟﺒﺸﺮ ‪،‬ﻣﻤﺎ ﻳﺠﻌﻞ ﺍﻟﻤﻮﻇﻔﻴﻦ ﺃﻛﺜﺮ ﺍﺳﺘﻨﺎﺭﺓ ﻭﺇﻧﺘﺎﺟﻴﺔ‪ .‬ﺿﻤﻦ ﺍﻷﺗﻤﺘﺔ ﺍﻟﻤﻌﺮﻓﻴﺔ ‪ ،‬ﻫﻨﺎﻙ ﻓﺮﻕ ﻣﻬﻢ ﺑﻴﻦ ﺍﻟﺘﻌﻠﻢ‬
    ‫ﻭﺍﻻﺳﺘﺪﻻﻝ‪.‬ﺍﻟﺘﻌﻠﻢ ﻳﺪﻭﺭ ﺣﻮﻝ ﺍﻟﺘﻌﺮﻑ ﻋﻠﻰ ﺍﻷﻧﻤﺎﻁ ﻣﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻏﻴﺮ ﺍﻟﻤﻬﻴﻜﻠﺔ ﻭﺍﻷﺗﻤﺘﺔ ﺍﻟﻤﺮﺗﺒﻄﺔ ﺗﻌﺘﻤﺪ ﻋﻠﻰ‬
    ‫ﺗﻘﻴﻴﻤﺎﺕﺍﻟﺪﻗﺔ‪ .‬ﻓﻲ ﺍﻟﻤﻘﺎﺑﻞ ‪ ،‬ﻳﻌﺘﻤﺪ ﺍﻟﺘﻔﻜﻴﺮ ﺍﻟﻘﺎﺉﻢ ﻋﻠﻰ ﺍﻟﻔﺮﺿﻴﺔ ﻋﻠﻰ ﺗﻘﻴﻴﻤﺎﺕ ﺍﻟﺜﻘﺔ‪.‬‬

    ‫ﺗﺸﻤﻞﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﻤﺘﻌﻠﻘﺔ ﺑﺎﻷﺗﻤﺘﺔ ﺍﻟﻤﻌﺮﻓﻴﺔ ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ﻻ ﺍﻟﺤﺼﺮ‪:‬‬

    ‫ﻳﻤﻜﻦﺗﻔﺴﻴﺮ ﺍﻟﻤﻤﺎﺭﺳﺎﺕ ﺍﻟﺴﻴﺉﺔ ﻋﻠﻰ ﺃﻧﻬﺎ ﻣﻘﺒﻮﻟﺔ ﻣﻦ ﻗﺒﻞ ﺍﻟﺬﻛﺎء‬ ‫‪-‬‬


    ‫ﺍﻻﺻﻄﻨﺎﻋﻲ‪.‬ﻳﻨﻌﻜﺲ ﺳﻮء ﺍﻟﻔﻬﻢ ﻣﻦ ﻗﺒﻞ ﺍﻟﻤﺼﻤﻤﻴﻦ ﻓﻲ ﺍﻟﻨﻈﻢ‪ .‬ﻳﺘﻢ‬ ‫‪-‬‬
    ‫ﺍﺧﺘﺮﺍﻕﺍﻷﻧﻈﻤﺔ ﻭﺍﻻﺳﺘﻴﻼء ﻋﻠﻴﻬﺎ ﻣﻦ ﻗﺒﻞ ﺟﻬﺎﺕ ﺳﻴﺉﺔ‪.‬‬ ‫‪-‬‬
    ‫ﺇﻣﻜﺎﻧﻴﺔﺗﻀﻤﻴﻦ ﺍﻟﺒﺮﺍﻣﺞ ﺍﻟﻀﺎﺭﺓ ﻓﻲ ﻣﺤﺮﻛﺎﺕ ﺍﻟﺘﻌﻠﻢ ‪ ،‬ﻣﻤﺎ ﻗﺪ ﻳﺆﺩﻱ ﺇﻟﻰ ﺗﺤﺮﻳﻒ ﻧﺘﺎﺉﺞ ﺍﻟﺘﻌﻠﻢ ﺍﻵﻟﻲ‬ ‫‪-‬‬
    ‫ﻭﻣﻦﺍﻟﻤﺤﺘﻤﻞ ﺃﻥ ﻳﺆﺛﺮ ﻋﻠﻰ ﺍﻟﻌﻤﻠﻴﺎﺕ‪.‬‬

    ‫ﺇﻧﺘﺮﻧﺖﺍﻷﺷﻴﺎء )‪(IoT‬‬
    ‫ﻳﺴﺘﻤﺮﺍﻟﻀﻐﻂ ﺍﻟﻤﺘﺰﺍﻳﺪ ﻟﺰﻳﺎﺩﺓ ﻛﻔﺎءﺓ ﻭﺟﻮﺩﺓ ﺍﻟﻤﻌﺎﻟﺠﺔ ﺍﻟﺘﺸﻐﻴﻠﻴﺔ ﻓﻲ ﺩﻓﻊ ﺍﻟﺠﻬﻮﺩ ﻟﺘﻌﺰﻳﺰ ﺍﻟﺮﻗﻤﻨﺔ ﻭﺍﻷﺗﻤﺘﺔ‪ .‬ﻣﻦ‬
    ‫ﺧﻼﻝﻫﺬﻩ ﺍﻟﺠﻬﻮﺩ ‪ ،‬ﻇﻬﺮ ﺇﻧﺘﺮﻧﺖ ﺍﻷﺷﻴﺎء )ﺍﻟﺸﻜﻞ ‪ ، 20‬ﺍﻟﺬﻱ ﻳﺸﺎﺭ ﺇﻟﻴﻪ ﺃﺣﻴﺎﻧﺎً ﺑﺎﺳﻢ "ﺍﻷﺟﻬﺰﺓ ﺍﻟﻤﺘﺼﻠﺔ"( ‪ ،‬ﻭﺍﻟﺬﻱ‬
    ‫ﻳﻮﺳﻊﺍﺗﺼﺎﻝ ﺍﻹﻧﺘﺮﻧﺖ ﺇﻟﻰ ﺍﻷﺟﻬﺰﺓ ﺍﻟﻤﺎﺩﻳﺔ ﻭﺍﻷﺷﻴﺎء ﺍﻟﻴﻮﻣﻴﺔ ‪ ،‬ﻣﺜﻞ ﺃﺟﻬﺰﺓ ﺍﻟﺘﻠﻔﺰﻳﻮﻥ ‪ ،‬ﻭﺳﺎﻋﺎﺕ ﺍﻟﻴﺪ ‪،‬‬
    ‫ﻭﺍﻟﺜﻼﺟﺎﺕ ‪،‬ﻭﺃﺟﺮﺍﺱ ﺍﻷﺑﻮﺍﺏ ‪ ،‬ﻭﺍﻟﺘﺮﻣﻮﺳﺘﺎﺕ ‪ ،‬ﻭﺍﻟﺴﻴﺎﺭﺍﺕ ‪ ،‬ﻭ ﺃﻛﺜﺮ ﻣﻦ ﺫﻟﻚ ﺑﻜﺜﻴﺮ‪.‬‬

    ‫ﺍﻟﺸﻜﻞ‪ :20‬ﺇﻧﺘﺮﻧﺖ ﺍﻷﺷﻴﺎء‬

    ‫ﺍﻷﺟﻬﺰﺓﺍﻟﻤﺘﺼﻠﺔ‬

    ‫ﺍﻟﻤﺼﺪﺭ‪:‬ﻣﻌﻬﺪ ﺍﻟﻤﺮﺍﺟﻌﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪46‬‬ ‫‪www.theiia.org‬‬


    ‫ﺑﻴﻨﻤﺎﺗﺘﻮﺍﺻﻞ ﺍﻷﺟﻬﺰﺓ ﻭﺗﺘﻔﺎﻋﻞ ﻣﻊ ﺑﻌﻀﻬﺎ ﺍﻟﺒﻌﺾ ﻋﺒﺮ ﺍﻹﻧﺘﺮﻧﺖ ‪ ،‬ﻳﻤﻜﻦ ﻣﺮﺍﻗﺒﺘﻬﺎ ﻭﺍﻟﺘﺤﻜﻢ ﻓﻴﻬﺎ ﻋﻦ ﺑﻌُﺪ‪ .‬ﺇﻥ‬
    ‫ﻗﺪﺭﺓﺍﻵﻻﺕ ﻭﺍﻷﻧﻈﻤﺔ ﻋﻠﻰ ﺍﻟﺘﻔﺎﻋﻞ ﻭﺗﺒﺎﺩﻝ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺩﻭﻥ ﺗﺪﺧﻞ ﺑﺸﺮﻱ ﺗﺴﺮﻉ ﺍﻟﺠﻬﻮﺩ ﺣﻮﻝ ﺍﻟﺮﻗﻤﻨﺔ ﻭﺍﻷﺗﻤﺘﺔ‪.‬‬

    ‫ﺇﻟﻰﺟﺎﻧﺐ ﺍﻟﻔﻮﺍﺉﺪ ﺍﻟﻜﺒﻴﺮﺓ ﺍﻟﻤﺘﺼﻮﺭﺓ ‪ ،‬ﺳﺘﻨﺸﺄ ﺗﺤﺪﻳﺎﺕ ﺑﻄﺒﻴﻌﺘﻬﺎ ﺑﺴﺒﺐ ﺍﻟﻮﺗﻴﺮﺓ ﺍﻟﺴﺮﻳﻌﺔ ﻟﻠﺘﻐﻴﻴﺮ‪ .‬ﻣﻦ ﻣﻨﻈﻮﺭ‬
    ‫ﺍﻟﻤﺨﺎﻃﺮ ‪،‬ﻧﻈﺮﺍً ﻻﻧﺘﺸﺎﺭ ﺍﻷﺟﻬﺰﺓ ﻭﺍﺗﺼﺎﻟﻬﺎ ‪ ،‬ﻳﻌﺪ ﻣﻜﻮﻥ ﺍﻷﻣﺎﻥ ﺍﻷﺳﺎﺳﻲ ﺃﻣﺮﺍً ﺿﺮﻭﺭﻳﺎً‪ .‬ﻳﺠﺐ ﺃﻥ ﻳﻜﻮﻥ ﻟﺪﻯ‬
    ‫ﺍﻟﻤﺆﺳﺴﺎﺕﻓﻬﻢ ﻟﺠﻤﻴﻊ ﺍﻷﺟﻬﺰﺓ ﺍﻟﻤﺘﺼﻠﺔ ‪ ،‬ﺳﻮﺍء ﻛﺎﻧﺖ ﻣﻤﻠﻮﻛﺔ ﻟﻠﺸﺮﻛﺔ ﺃﻭ ﻣﻤﻠﻮﻛﺔ ﻟﻠﻤﻮﻇﻔﻴﻦ ‪ ،‬ﻭﺃﻥ ﺗﻔﻬﻢ‬
    ‫ﺍﻟﻤﺨﺎﻃﺮﺍﻟﻔﺮﻳﺪﺓ ﺍﻟﻤﺮﺗﺒﻄﺔ ﺑﻜﻞ ﻣﻨﻬﺎ‪.‬‬

    ‫ﺗﺤﺪﻳﺎﺕﻣﻮﺿﻮﻋﺎﺕ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻹﺿﺎﻓﻴﺔ ﻭﺍﻟﻨﺎﺷﺉﺔ‬

    ‫ﺍﻟﺘﻘﻨﻴﺎﺕﺁﺧﺬﺓ ﻓﻲ ﺍﻟﻈﻬﻮﺭ ﻭﺗﺘﻄﻮﺭ ﺑﺸﻜﻞ ﺃﺳﺮﻉ ﻣﻦ ﺃﻱ ﻭﻗﺖ ﻣﻀﻰ‪ .‬ﺑﻐﺾ ﺍﻟﻨﻈﺮ ﻋﻦ ﻣﺴﺘﻮﻯ ﻧﻀﺞ ﺍﻟﻤﺆﺳﺴﺔ‬
    ‫ﺑﺎﺳﺘﺨﺪﺍﻡﺍﻟﺘﻘﻨﻴﺎﺕ ﺍﻟﺘﻲ ﺗﻤﺖ ﻣﺮﺍﺟﻌﺘﻬﺎ ﻓﻲ ﻫﺬﺍ ﺍﻟﻘﺴﻢ ‪ ،‬ﻓﺈﻥ ﻣﻌﺮﻓﺔ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﺑﻬﺎ ﻭﺍﻟﻤﺸﺎﺭﻛﺔ ﺍﻟﻤﺒﻜﺮﺓ‬
    ‫ﻓﻲﺗﻨﻔﻴﺬﻫﺎ ﺃﻣﺮ ﺣﺘﻤﻲ‪ .‬ﻫﺬﺍ ﻳﻤﻜﻦ ﺃﻥ ﻳﺤﺪﺩ ﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﻤﺤﺘﻤﻠﺔ ﺍﻟﺘﻲ ﻗﺪ ﺗﺤﺪﺙ ﻭﺗﺠﻬﻴﺰ ﺍﻟﻤﻨﻈﻤﺔ ﺑﺸﻜﻞ ﺃﻓﻀﻞ‬
    ‫ﻟﻤﻮﺍﺟﻬﺘﻬﺎ‪.‬ﻳﺠﺐ ﻣﺮﺍﻋﺎﺓ ﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺍﻟﻤﺨﺎﻃﺮ ﺑﻤﺎ ﻓﻲ ﺫﻟﻚ ﺍﻟﺘﺸﻐﻴﻞ ﻭﺍﻻﻣﺘﺜﺎﻝ ﻭﺇﻋﺪﺍﺩ ﺍﻟﺘﻘﺎﺭﻳﺮ‪ .‬ﻗﺪ ﺗﺸﻤﻞ‬
    ‫ﺍﻟﺘﺤﺪﻳﺎﺕﻭﺍﻟﻤﺨﺎﻃﺮ ﺍﻷﺧﺮﻯ ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ﻻ ﺍﻟﺤﺼﺮ‪:‬‬

    ‫ﻋﺪﻡﻓﻬﻢ ﺍﻟﺘﻘﻨﻴﺔ ‪ /‬ﺍﻟﻤﻔﻬﻮﻡ ‪ /‬ﺍﻷﺩﺍﺓ‪.‬‬ ‫‪-‬‬


    ‫ﻋﺪﻡﻓﻬﻢ ﺍﻟﺘﻐﻴﻴﺮﺍﺕ ﻓﻲ ﺍﻟﻌﻤﻠﻴﺔ ﺍﻟﻤﺮﺗﺒﻄﺔ ﺑﺎﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ‪ /‬ﺍﻟﻤﻔﻬﻮﻡ ‪ /‬ﺍﻷﺩﺍﺓ‪.‬‬ ‫‪-‬‬
    ‫ﺍﻟﺘﺨﻄﻴﻂﻏﻴﺮ ﺍﻟﻜﺎﻓﻲ ﻟﻠﺘﻨﻔﻴﺬ ﺃﻭ ﺍﻟﺼﻴﺎﻧﺔ ﺃﻭ ﺍﻟﺘﻐﻴﻴﺮﺍﺕ ﻓﻲ ﺍﻟﺘﻘﻨﻴﺔ ‪ /‬ﺍﻟﻤﻔﻬﻮﻡ ‪ /‬ﺍﻷﺩﺍﺓ‪.‬‬ ‫‪-‬‬

    ‫ﻋﺪﻡﺇﺩﺭﺍﺝ ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ‪ /‬ﺍﻟﻤﻔﻬﻮﻡ ‪ /‬ﺍﻷﺩﺍﺓ ﺍﻟﺠﺪﻳﺪﺓ ﻓﻲ ﺗﻘﻴﻴﻢ ﺍﻟﻤﺨﺎﻃﺮ‪.‬‬ ‫‪-‬‬

    ‫ﻣﺎﻳﺘﻢ ﺗﺪﻗﻴﻘﻪ ﻋﺎﺩﺓ ﻻ ﻳﺘﻐﻴﺮ ﻣﻊ ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﺠﺪﻳﺪﺓ ‪ ،‬ﻭﺍﻷﺩﻭﺍﺕ ‪ ،‬ﻭﺍﻷﺗﻤﺘﺔ ‪ ،‬ﻭﻣﺎ ﺇﻟﻰ ﺫﻟﻚ ؛ ﺑﺪﻻ ًﻣﻦ ﺫﻟﻚ ‪ ،‬ﻳﺠﺐ ﻣﺮﺍﻋﺎﺓ‬
    ‫ﻛﻴﻔﻴﺔﺇﺟﺮﺍء ﺍﻟﺘﺪﻗﻴﻖ ﺑﻨﺎء ًﻋﻠﻰ ﺍﻟﺘﻐﻴﻴﺮ ﻓﻲ ﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﻜﺎﻣﻨﺔ ﻭﺍﻟﻤﺘﺒﻘﻴﺔ‪ .‬ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﻻ ﺗﺰﺍﻝ ﺍﻟﻀﻮﺍﺑﻂ ﺍﻟﻌﺎﻣﺔ‬
    ‫ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﺍﻟﻮﺻﻮﻝ ﻭﺍﻟﺘﻐﻴﻴﺮ ﻭﺍﻟﻨﺴﺦ ﺍﻻﺣﺘﻴﺎﻃﻲ( ﻣﻮﺟﻮﺩﺓ ‪ ،‬ﻟﺬﻟﻚ ﻻ ﺗﺰﺍﻝ ﺟﻤﻴﻊ ﺃﻃﺮ‬
    ‫ﺍﻟﺘﺤﻜﻢﺍﻟﺤﺎﻟﻴﺔ ﻗﺎﺑﻠﺔ ﻟﻠﺘﻄﺒﻴﻖ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﻣﺮﻛﺰ ﺃﻣﺎﻥ ﺍﻹﻧﺘﺮﻧﺖ ]‪ [CIS‬ﺃﻭ [‪ Cloud Security Alliance ]CSA‬ﺃﻭ‬
    ‫‪ .(NIST800-53‬ﻻ ﺗﺰﺍﻝ ﻋﻤﻠﻴﺎﺕ ﺍﻟﺘﺪﻗﻴﻖ ﻓﻲ ﺍﻟﻤﻨﺎﻃﻖ ﺍﻟﻨﺎﺷﺉﺔ ﺗﻮﺍﺟﻪ ﻣﺨﺎﻃﺮ ﺗﺸﻐﻴﻠﻴﺔ ‪ ،‬ﻭﺍﻹﺑﻼﻍ ﻋﻦ ﺍﻟﻤﺨﺎﻃﺮ ‪ ،‬ﻓﻀﻼ ًﻋﻦ‬
    ‫ﻣﺨﺎﻃﺮﺍﻻﻣﺘﺜﺎﻝ‪ .‬ﻧﻈﺮﺓ ﺷﺎﻣﻠﺔ ﻋﻠﻰ ﺍﻟﻤﺨﺎﻃﺮ ﺃﻣﺮ ﺃﺳﺎﺳﻲ‪.‬‬

    ‫ﺑﺎﻹﺿﺎﻓﺔﺇﻟﻰ ﻓﻬﻢ ﺍﻟﺘﻘﻨﻴﺎﺕ ﺍﻟﺘﻲ ﺗﺴﺘﺨﺪﻣﻬﺎ ﺍﻟﻤﻨﻈﻤﺔ ‪ ،‬ﻗﺪ ﻳﺴﺘﻔﻴﺪ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﻣﻦ ﺑﻌﺾ ﺍﻟﺘﻘﻨﻴﺎﺕ‬
    ‫ﺍﻟﻨﺎﺷﺉﺔﻻﺳﺘﺨﺪﺍﻣﺎﺗﻬﺎ ﺍﻟﺨﺎﺻﺔ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﺍﺳﺘﺨﺪﺍﻡ ﺗﺤﻠﻴﻼﺕ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺃﻭ ‪ RPA‬ﻟﻠﻤﺴﺎﻋﺪﺓ ﻓﻲ ﻋﻤﻠﻴﺔ‬
    ‫ﺃﺧﺬﺍﻟﻌﻴﻨﺎﺕ ‪ ،‬ﺃﻭ ﻟﺘﻨﻔﻴﺬ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﻤﺴﺘﻤﺮ(‪.‬‬

    ‫ﺧﺎﺗﻤﺔ‬
    ‫ﺗﻘﻮﺩﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﻛﻞ ﻣﺆﺳﺴﺔ ﻓﻲ ﻋﺎﻟﻢ ﺍﻟﻴﻮﻡ‪ .‬ﺳﻴﺤﺘﺎﺝ ﺍﻟﻤﺪﻗﻘﻮﻥ ﺍﻟﺪﺍﺧﻠﻴﻮﻥ ﺇﻟﻰ ﺍﻟﻤﺰﻳﺪ ﻣﻦ ﺍﻷﺩﻭﺍﺕ ﻭﺍﻟﻤﻮﺍﻫﺐ‬
    ‫ﻭﺍﻟﻤﻬﺎﺭﺍﺕﺃﻛﺜﺮ ﻣﻦ ﺃﻱ ﻭﻗﺖ ﻣﻀﻰ ﻟﻴﻈﻠﻮﺍ ﻋﻠﻰ ﺻﻠﺔ ﺑﺎﻟﻤﻮﺿﻮﻉ ‪ ،‬ﻟﻤﻮﺍﺻﻠﺔ ﺗﻘﺪﻳﻢ ﺿﻤﺎﻧﺎﺕ ﻟﻤﻨﻈﻤﺎﺗﻬﻢ ﺑﺄﻥ‬
    ‫ﺍﻷﻧﻈﻤﺔﺗﻌﻤﻞ ﻛﻤﺎ ﻳﻨﺒﻐﻲ ﻭﺃﻥ ﺍﻟﻀﻮﺍﺑﻂ ﻣﻮﺟﻮﺩﺓ‪ .‬ﺍﻻﺳﺎﺳﻴﺎﺕ‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪47‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻤﺮﺍﺟﻌﺔﺍﻟﺪﺍﺧﻠﻴﺔ ‪ -‬ﺍﻟﺘﻘﻴﻴﻤﺎﺕ ﺍﻟﻘﺎﺉﻤﺔ ﻋﻠﻰ ﺍﻟﻤﺨﺎﻃﺮ ﻭﺍﻟﺘﺨﻄﻴﻂ ﻭﺍﻟﺘﻮﺍﺻﻞ ﻭﺍﻟﺘﻌﻠﻢ ﺍﻟﻤﺴﺘﻤﺮ ‪ -‬ﻻ ﺗﻘﻞ ﺃﻫﻤﻴﺔ‬
    ‫ﻋﻦﺃﻱ ﻭﻗﺖ ﻣﻀﻰ‪.‬‬

    ‫ﻳﺠﺐﺃﻥ ﻳﻈﻞ ﺍﻟﻤﺪﻗﻘﻮﻥ ﺍﻟﺪﺍﺧﻠﻴﻮﻥ ﻣﺮﻧﻴﻦ ﻭﺟﺎﻫﺰﻳﻦ ﻟﻠﺘﻐﻴﻴﺮﺍﺕ ﻓﻲ ﻧﻤﺎﺫﺝ ﺍﻷﻋﻤﺎﻝ ﺣﻴﺚ ﺗﺘﺒﻨﻰ ﺍﻟﻤﻨﻈﻤﺎﺕ‬
    ‫ﺍﻟﺘﻄﻮﺭﺍﺕﻓﻲ ﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ‪ .‬ﻳﺠﺐ ﺃﻥ ﻳﻜﻮﻧﻮﺍ ﺃﺫﻛﻴﺎء ﺑﻤﺎ ﻳﻜﻔﻲ ﻟﻠﻨﻤﻮ ﺟﻨﺒﺎً ﺇﻟﻰ ﺟﻨﺐ ﻣﻊ ﺍﻟﻤﻨﻈﻤﺔ ﻭﺗﻌﺰﻳﺰ ﻋﻼﻗﺎﺕ‬
    ‫ﻋﻤﻞﺟﻴﺪﺓ ﻣﻊ ﺯﻣﻼﺉﻬﻢ ﻭﺣﺪﺍﺕ ﺍﻷﻋﻤﺎﻝ ﻭﺍﻹﺩﺍﺭﺍﺕ ﻟﻴﻜﻮﻧﻮﺍ ﺗﻘﺪﻣﻴﻴﻦ ﻓﻲ ﺍﻟﺸﺮﺍﻛﺔ ﻟﻤﻮﺍﺟﻬﺔ ﺍﻟﺘﺤﺪﻳﺎﺕ ﺍﻟﺘﻲ‬
    ‫ﺗﻨﺘﻈﺮﻫﻢ‪.‬ﻟﻠﺒﻘﺎء ﻋﻠﻰ ﺻﻠﺔ ﺑﺎﻟﻤﻮﺿﻮﻉ ‪ ،‬ﻭﻹﺿﺎﻓﺔ ﻗﻴﻤﺔ ‪ ،‬ﻭﻟﺘﻮﻓﻴﺮ ﺍﻟﺤﻤﺎﻳﺔ ﻟﻤﻨﻈﻤﺎﺗﻬﻢ ‪ ،‬ﺳﻴﻜﻮﻥ ﻣﻦ ﺍﻟﻀﺮﻭﺭﻱ ﺃﻥ‬
    ‫ﻳﻮﺍﻛﺐﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﺍﻟﺘﻐﻴﻴﺮ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪48‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻤﻠﺤﻖﺃ‪ .‬ﻣﻌﺎﻳﻴﺮ ﻭﺇﺭﺷﺎﺩﺍﺕ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﺍﻟﺪﻭﻟﻲ ﺫﺍﺕ ﺍﻟﺼﻠﺔ‬

    ‫ﺗﻤﺖﺍﻹﺷﺎﺭﺓ ﺇﻟﻰ ﺍﻟﻤﻮﺍﺭﺩ ﺍﻟﺘﺎﻟﻴﺔ ﻓﻲ ﺩﻟﻴﻞ ﺍﻟﻤﻤﺎﺭﺳﺔ ﻫﺬﺍ‪ .‬ﻟﻤﺰﻳﺪ ﻣﻦ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺣﻮﻝ ﺗﻄﺒﻴﻖ ‪IIA's‬ﺍﻟﻤﻌﺎﻳﻴﺮ‬
    ‫ﺍﻟﺪﻭﻟﻴﺔﻟﻠﻤﻤﺎﺭﺳﺔ ﺍﻟﻤﻬﻨﻴﺔ ﻟﻠﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ‪ ،‬ﻳﺮﺟﻰ ﺍﻟﺮﺟﻮﻉ ﺇﻟﻰ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦﺃﺩﻟﺔ ﺍﻟﺘﻨﻔﻴﺬ‪.‬‬

    ‫ﻣﺪﻭﻧﺔﻟﻘﻮﺍﻋﺪ ﺍﻟﺴﻠﻮﻙ‬

    ‫ﺍﻟﻤﺒﺪﺃ‪ - 4‬ﺍﻟﻜﻔﺎءﺓ‬

    ‫ﺍﻟﻤﻌﺎﻳﻴﺮ‬
    ‫ﻣﻌﻴﺎﺭ‪ - 1100‬ﺍﻻﺳﺘﻘﻼﻝ ﻭﺍﻟﻤﻮﺿﻮﻋﻴﺔ‬

    ‫ﺍﻟﻤﻌﻴﺎﺭ‪ - 1200‬ﺍﻟﻜﻔﺎءﺓ ﻭﺍﻟﻌﻨﺎﻳﺔ ﺍﻟﻤﻬﻨﻴﺔ ﺍﻟﻼﺯﻣﺔ‬

    ‫ﻣﻌﻴﺎﺭ‪ - 1210‬ﺍﻟﻜﻔﺎءﺓ‬

    ‫ﺍﻟﻤﻌﻴﺎﺭ‪ - 2230‬ﺗﺨﺼﻴﺺ ﻣﻮﺍﺭﺩ ﺍﻻﺷﺘﺒﺎﻙ‬

    ‫ﻣﻌﻴﺎﺭ‪ - 2340‬ﺍﻹﺷﺮﺍﻑ ﻋﻠﻰ ﺍﻻﺷﺘﺒﺎﻙ‬

    ‫ﺇﺭﺷﺎﺩ‬
    ‫‪.‬ﺗﺪﻗﻴﻖﺿﻮﺍﺑﻂ ﺍﻟﺘﻄﺒﻴﻖ" ‪GTAG "2009 ،‬‬

    ‫‪.‬ﺗﺪﻗﻴﻖﺣﻮﻛﻤﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ" ‪GTAG "2018 ،‬‬

    ‫‪.‬ﺗﻘﻨﻴﺎﺕﺗﺤﻠﻴﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ" ‪GTAG "2011‬‬

    ‫‪.‬ﺇﺩﺍﺭﺓﺗﻐﻴﻴﺮ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‪ :‬ﺣﺎﺳﻤﺔ ﻟﻠﻨﺠﺎﺡ ﺍﻟﺘﻨﻈﻴﻤﻲ ‪ ،‬ﺍﻹﺻﺪﺍﺭ ﺍﻟﺜﺎﻟﺚ ‪GTAG "2020 "،‬‬

    ‫‪.‬ﻣﺨﺎﻃﺮﻭﺿﻮﺍﺑﻂ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﺍﻹﺻﺪﺍﺭ ﺍﻟﺜﺎﻧﻲ ‪GTAG "2012 "،‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪49‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻤﻠﺤﻖﺏ‪ .‬ﻣﺴﺮﺩ‬
    ‫ﺟﻤﻴﻊﺍﻟﻤﺼﻄﻠﺤﺎﺕ ﺍﻟﻤﺤﺪﺩﺓ ﻫﻨﺎ ﻣﺄﺧﻮﺫﺓ ﻣﻦ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ )‪(IIA‬ﺇﻃﺎﺭ ﺍﻟﻤﻤﺎﺭﺳﺎﺕ ﺍﻟﻤﻬﻨﻴﺔ ﺍﻟﺪﻭﻟﻴﺔ‬
    ‫"ﻣﺴﺮﺩ" ‪ ،‬ﻃﺒﻌﺔ ‪.2017‬‬

    ‫ﺇﺿﺎﻓﺔﻗﻴﻤﺔ ‪-‬ﻳﻀﻴﻒ ﻧﺸﺎﻁ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﻗﻴﻤﺎً ﻟﻠﻤﻨﻈﻤﺔ )ﻭﺃﺻﺤﺎﺏ ﺍﻟﻤﺼﻠﺤﺔ( ﻣﺘﻰ‬
    ‫ﺗﻮﻓﺮﺿﻤﺎﻧﺎﺕ ﻣﻮﺿﻮﻋﻴﺔ ﻭﺫﺍﺕ ﺻﻠﺔ ‪ ،‬ﻭﺗﺴﺎﻫﻢ ﻓﻲ ﻓﻌﺎﻟﻴﺔ ﻭﻛﻔﺎءﺓ ﻋﻤﻠﻴﺎﺕ ﺍﻟﺤﻮﻛﻤﺔ ﻭﺇﺩﺍﺭﺓ ﺍﻟﻤﺨﺎﻃﺮ‬
    ‫ﻭﺍﻟﺮﻗﺎﺑﺔ‪.‬‬
    ‫ﺳﺒﻮﺭﺓ‪ -‬ﺃﻋﻠﻰ ﻫﻴﺉﺔ ﺇﺩﺍﺭﻳﺔ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﻣﺠﻠﺲ ﺇﺩﺍﺭﺓ ‪ ،‬ﺃﻭ ﻣﺠﻠﺲ ﺇﺷﺮﺍﻓﻲ ‪ ،‬ﺃﻭ ﻣﺠﻠﺲ ﺇﺩﺍﺭﺓ‬
    ‫ﻣﻦﺍﻟﻤﺤﺎﻓﻈﻴﻦ ﺃﻭ ﺍﻷﻣﻨﺎء( ﺍﻟﻤﻜﻠﻔﻴﻦ ﺑﻤﺴﺆﻭﻟﻴﺔ ﺗﻮﺟﻴﻪ ﻭ ‪ /‬ﺃﻭ ﺍﻹﺷﺮﺍﻑ ﻋﻠﻰ ﺃﻧﺸﻄﺔ ﺍﻟﻤﻨﻈﻤﺔ ﻭﻣﺴﺎءﻟﺔ‬
    ‫ﺍﻹﺩﺍﺭﺓﺍﻟﻌﻠﻴﺎ‪ .‬ﻋﻠﻰ ﺍﻟﺮﻏﻢ ﻣﻦ ﺃﻥ ﺗﺮﺗﻴﺒﺎﺕ ﺍﻟﺤﻮﻛﻤﺔ ﺗﺨﺘﻠﻒ ﺑﻴﻦ ﺍﻟﻮﻻﻳﺎﺕ ﺍﻟﻘﻀﺎﺉﻴﺔ ﻭﺍﻟﻘﻄﺎﻋﺎﺕ ‪ ،‬ﺇﻻ ﺃﻥ‬
    ‫ﻣﺠﻠﺲﺍﻹﺩﺍﺭﺓ ﻳﺸﻤﻞ ﻋﺎﺩﺓ ًﺃﻋﻀﺎء ﻟﻴﺴﻮﺍ ﺟﺰءﺍً ﻣﻦ ﺍﻹﺩﺍﺭﺓ‪ .‬ﺇﺫﺍ ﻛﺎﻧﺖ ﺍﻟﻠﻮﺣﺔ ﻏﻴﺮ ﻣﻮﺟﻮﺩﺓ ‪ ،‬ﻓﺈﻥ ﻛﻠﻤﺔ‬
    ‫"‪ "board‬ﻓﻲﺍﻟﻤﻌﺎﻳﻴﺮ ﻳﺸﻴﺮ ﺇﻟﻰ ﻣﺠﻤﻮﻋﺔ ﺃﻭ ﺷﺨﺺ ﻣﻜﻠﻒ ﺑﺈﺩﺍﺭﺓ ﺍﻟﻤﻨﻈﻤﺔ‪ .‬ﻋﻼﻭﺓ ﻋﻠﻰ ﺫﻟﻚ ‪" ،‬ﻣﺠﻠﺲ"‬
    ‫ﻓﻲﺍﻟﻤﻌﺎﻳﻴﺮﻗﺪ ﺗﺸﻴﺮ ﺇﻟﻰ ﻟﺠﻨﺔ ﺃﻭ ﻫﻴﺉﺔ ﺃﺧﺮﻯ ﻓﻮﺽ ﺇﻟﻴﻬﺎ ﻣﺠﻠﺲ ﺍﻹﺩﺍﺭﺓ ﻭﻇﺎﺉﻒ ﻣﻌﻴﻨﺔ )ﻋﻠﻰ ﺳﺒﻴﻞ‬
    ‫ﺍﻟﻤﺜﺎﻝ ‪،‬ﻟﺠﻨﺔ ﺍﻟﺘﺪﻗﻴﻖ(‪.‬‬

    ‫ﺍﻟﺮﺉﻴﺲﺍﻟﺘﻨﻔﻴﺬﻱ ﻟﻠﺘﺪﻗﻴﻖ‪ -‬ﻳﺼﻒ ﺩﻭﺭ ﺍﻟﺸﺨﺺ ﻓﻲ ﻣﻨﺼﺐ ﺭﻓﻴﻊ ﻣﺴﺆﻭﻝ ﻋﻨﻪ ﺑﺸﻜﻞ ﻓﻌﺎﻝ‬
    ‫ﺇﺩﺍﺭﺓﻧﺸﺎﻁ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﻭﻓﻘﺎً ﻟﻤﻴﺜﺎﻕ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﻭﺍﻟﻌﻨﺎﺻﺮ ﺍﻹﻟﺰﺍﻣﻴﺔ ﻟﻺﻃﺎﺭ ﺍﻟﺪﻭﻟﻲ ﻟﻠﻤﻤﺎﺭﺳﺎﺕ‬
    ‫ﺍﻟﻤﻬﻨﻴﺔ‪.‬ﺳﻴﻜﻮﻥ ﻟﺪﻯ ﺍﻟﺮﺉﻴﺲ ﺍﻟﺘﻨﻔﻴﺬﻱ ﻟﻠﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﺃﻭ ﻏﻴﺮﻩ ﻣﻤﻦ ﻳﺘﺒﻌﻮﻥ ﺍﻟﺮﺉﻴﺲ ﺍﻟﺘﻨﻔﻴﺬﻱ‬
    ‫ﻟﻠﺘﺪﻗﻴﻖﺍﻟﺸﻬﺎﺩﺍﺕ ﻭﺍﻟﻤﺆﻫﻼﺕ ﺍﻟﻤﻬﻨﻴﺔ ﺍﻟﻤﻨﺎﺳﺒﺔ‪ .‬ﻗﺪ ﻳﺨﺘﻠﻒ ﺍﻟﻤﺴﻤﻰ ﺍﻟﻮﻇﻴﻔﻲ ﻭ ‪ /‬ﺃﻭ ﺍﻟﻤﺴﺆﻭﻟﻴﺎﺕ‬
    ‫ﺍﻟﻤﺤﺪﺩﺓﻟﻠﺮﺉﻴﺲ ﺍﻟﺘﻨﻔﻴﺬﻱ ﻟﻠﺘﺪﻗﻴﻖ ﻋﺒﺮ ﺍﻟﻤﺆﺳﺴﺎﺕ‪.‬‬

    ‫ﺍﺭﺗﺒﺎﻁ‪-‬ﺗﻜﻠﻴﻒ ﺃﻭ ﻣﻬﻤﺔ ﺃﻭ ﻧﺸﺎﻁ ﻣﺮﺍﺟﻌﺔ ﻣﻌﻴﻦ ﻟﻠﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ‪ ،‬ﻣﺜﻞ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ‪،‬‬
    ‫ﻣﺮﺍﺟﻌﺔﺍﻟﺘﻘﻴﻴﻢ ﺍﻟﺬﺍﺗﻲ ﻟﻠﺮﻗﺎﺑﺔ ﺃﻭ ﻓﺤﺺ ﺍﻟﻐﺶ ﺃﻭ ﺍﻻﺳﺘﺸﺎﺭﺍﺕ‪ .‬ﻗﺪ ﺗﺘﻀﻤﻦ ﺍﻟﻤﺸﺎﺭﻛﺔ ﻣﻬﺎﻡ ﺃﻭ ﺃﻧﺸﻄﺔ‬
    ‫ﻣﺘﻌﺪﺩﺓﻣﺼﻤﻤﺔ ﻟﺘﺤﻘﻴﻖ ﻣﺠﻤﻮﻋﺔ ﻣﺤﺪﺩﺓ ﻣﻦ ﺍﻷﻫﺪﺍﻑ ﺫﺍﺕ ﺍﻟﺼﻠﺔ‪.‬‬
    ‫ﺍﺣﺘﻴﺎﻝ‪ -‬ﺃﻱ ﻋﻤﻞ ﻏﻴﺮ ﻗﺎﻧﻮﻧﻲ ﻳﺘﺴﻢ ﺑﺎﻟﺨﺪﺍﻉ ﺃﻭ ﺍﻟﺘﺴﺘﺮ ﺃﻭ ﺍﻧﺘﻬﺎﻙ ﺍﻟﺜﻘﺔ‪ .‬ﻫﺬﻩ ﺍﻷﻋﻤﺎﻝ ﻟﻴﺴﺖ ﻛﺬﻟﻚ‬
    ‫ﺗﻌﺘﻤﺪﻋﻠﻰ ﺍﻟﺘﻬﺪﻳﺪ ﺑﺎﻟﻌﻨﻒ ﺃﻭ ﺍﻟﻘﻮﺓ ﺍﻟﺠﺴﺪﻳﺔ‪ .‬ﻳﺘﻢ ﺍﺭﺗﻜﺎﺏ ﻋﻤﻠﻴﺎﺕ ﺍﻻﺣﺘﻴﺎﻝ ﻣﻦ ﻗﺒﻞ ﺍﻷﻃﺮﺍﻑ‬
    ‫ﻭﺍﻟﻤﻨﻈﻤﺎﺕﻟﻠﺤﺼﻮﻝ ﻋﻠﻰ ﺃﻣﻮﺍﻝ ﺃﻭ ﻣﻤﺘﻠﻜﺎﺕ ﺃﻭ ﺧﺪﻣﺎﺕ ؛ ﻟﺘﺠﻨﺐ ﺍﻟﺪﻓﻊ ﺃﻭ ﻓﻘﺪﺍﻥ ﺍﻟﺨﺪﻣﺎﺕ ؛ ﺃﻭ ﻟﺘﺄﻣﻴﻦ‬
    ‫ﻣﻴﺰﺓﺷﺨﺼﻴﺔ ﺃﻭ ﺗﺠﺎﺭﻳﺔ‪.‬‬
    ‫ﺍﻟﺤﻜﻢ‪ -‬ﻣﺰﻳﺞ ﻣﻦ ﺍﻟﻌﻤﻠﻴﺎﺕ ﻭﺍﻟﻬﻴﺎﻛﻞ ﺍﻟﺘﻲ ﻳﻨﻔﺬﻫﺎ ﻣﺠﻠﺲ ﺍﻹﺩﺍﺭﺓ ﻟﻺﺑﻼﻍ ‪،‬‬
    ‫ﺗﻮﺟﻴﻪﻭﺇﺩﺍﺭﺓ ﻭﻣﺮﺍﻗﺒﺔ ﺃﻧﺸﻄﺔ ﺍﻟﻤﻨﻈﻤﺔ ﻧﺤﻮ ﺗﺤﻘﻴﻖ ﺃﻫﺪﺍﻓﻬﺎ‪.‬‬

    ‫ﺣﻮﻛﻤﺔﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪-‬ﻳﺘﻜﻮﻥ ﻣﻦ ﺍﻟﻘﻴﺎﺩﺓ ﻭﺍﻟﻬﻴﺎﻛﻞ ﺍﻟﺘﻨﻈﻴﻤﻴﺔ ﻭ‬


    ‫ﺍﻟﻌﻤﻠﻴﺎﺕﺍﻟﺘﻲ ﺗﻀﻤﻦ ﺃﻥ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﺍﻟﺨﺎﺻﺔ ﺑﺎﻟﻤﺆﺳﺴﺔ ﺗﺪﻋﻢ ﺍﺳﺘﺮﺍﺗﻴﺠﻴﺎﺕ ﺍﻟﻤﻨﻈﻤﺔ‬
    ‫ﻭﺃﻫﺪﺍﻓﻬﺎ‪.‬‬
    ‫ﻧﺸﺎﻁﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ‪-‬ﻗﺴﻢ ﺃﻭ ﻗﺴﻢ ﺃﻭ ﻓﺮﻳﻖ ﻣﻦ ﺍﻻﺳﺘﺸﺎﺭﻳﻴﻦ ﺃﻭ ﻏﻴﺮﻫﻢ ﻣﻦ ﺍﻟﻤﻤﺎﺭﺳﻴﻦ‬
    ‫ﻳﻮﻓﺮﺿﻤﺎﻧﺎً ﻣﻮﺿﻮﻋﻴﺎً ﻭﻣﺴﺘﻘﻼً ﻭﺧﺪﻣﺎﺕ ﺍﺳﺘﺸﺎﺭﻳﺔ ﻣﺼﻤﻤﺔ ﻹﺿﺎﻓﺔ ﻗﻴﻤﺔ ﻭﺗﺤﺴﻴﻦ ﻋﻤﻠﻴﺎﺕ ﺍﻟﻤﻨﻈﻤﺔ‪.‬‬
    ‫ﻳﺴﺎﻋﺪﻧﺸﺎﻁ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﺍﻟﻤﺆﺳﺴﺔ ﻋﻠﻰ ﺗﺤﻘﻴﻖ ﺃﻫﺪﺍﻓﻬﺎ ﻣﻦ ﺧﻼﻝ ﺗﻘﺪﻳﻢ ﻧﻬﺞ ﻣﻨﻈﻢ ﻭﻣﻨﻀﺒﻂ‬
    ‫ﻟﺘﻘﻴﻴﻢﻭﺗﺤﺴﻴﻦ ﻓﻌﺎﻟﻴﺔ ﻋﻤﻠﻴﺎﺕ ﺍﻟﺤﻮﻛﻤﺔ ﻭﺇﺩﺍﺭﺓ ﺍﻟﻤﺨﺎﻃﺮ ﻭﺍﻟﺮﻗﺎﺑﺔ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪50‬‬ ‫‪www.theiia.org‬‬


    ‫ﻣﺨﺎﻃﺮﺓ‪-‬ﺍﺣﺘﻤﺎﻝ ﻭﻗﻮﻉ ﺣﺪﺙ ﻳﻜﻮﻥ ﻟﻪ ﺗﺄﺛﻴﺮ ﻋﻠﻰ ﺗﺤﻘﻴﻖ‬
    ‫ﺃﻫﺪﺍﻑ‪.‬ﻳﺘﻢ ﻗﻴﺎﺱ ﺍﻟﻤﺨﺎﻃﺮ ﻣﻦ ﺣﻴﺚ ﺍﻟﺘﺄﺛﻴﺮ ﻭﺍﻻﺣﺘﻤﺎﻝ‪.‬‬
    ‫ﺇﺩﺍﺭﺓﺍﻟﻤﺨﺎﻃﺮ ‪-‬ﻋﻤﻠﻴﺔ ﻟﺘﺤﺪﻳﺪ ﺍﻷﺣﺪﺍﺙ ﺃﻭ ﺍﻟﻤﻮﺍﻗﻒ ﺍﻟﻤﺤﺘﻤﻠﺔ ﻭﺗﻘﻴﻴﻤﻬﺎ ﻭﺇﺩﺍﺭﺗﻬﺎ ﻭﺍﻟﺘﺤﻜﻢ ﻓﻴﻬﺎ‬
    ‫ﻟﺘﻘﺪﻳﻢﺗﺄﻛﻴﺪ ﻣﻌﻘﻮﻝ ﻓﻴﻤﺎ ﻳﺘﻌﻠﻖ ﺑﺘﺤﻘﻴﻖ ﺃﻫﺪﺍﻑ ﺍﻟﻤﻨﻈﻤﺔ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪51‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻤﻠﺤﻖﺝ‪ .‬ﺩﻟﻴﻞ ﺍﻻﺧﺘﺼﺎﺭ‬
    ‫ﻫﺬﻩﺍﺧﺘﺼﺎﺭﺍﺕ ﺷﺎﺉﻌﺔ ﺍﻻﺳﺘﺨﺪﺍﻡ ﻓﻲ ﺻﻨﺎﻋﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺗﻈﻬﺮ ﻓﻲ ﻫﺬﺍ ﺍﻟﺪﻟﻴﻞ ﺍﻹﺭﺷﺎﺩﻱ‪.‬‬

    ‫ﺍﻻﺧﺘﺼﺎﺭﺍﺕﺍﻟﺸﺎﺉﻌﺔ ﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬

    ‫ﻣﺎﻳﻤﺜﻠﻪ‬ ‫ﺍﺧﺘﺼﺎﺭ‬

    ‫ﺗﻮﺛﻴﻖﺫﻭ ﻋﺎﻣﻠﻴﻦ‬ ‫‪2FA‬‬


    ‫ﻗﺎﺉﻤﺔﻧﻈﺎﻡ ﺍﻟﺪﺧﻮﻝ‬ ‫‪ACL‬‬
    ‫)ﻣﺎﻳﻜﺮﻭﺳﻮﻓﺖ( ﺍﻟﺪﻟﻴﻞ ﺍﻟﻨﺸﻂ‬ ‫ﺇﻋﻼﻥ‬

    ‫ﺍﻟﺬﻛﺎءﺍﻻﺻﻄﻨﺎﻋﻲ‬ ‫ﻣﻨﻈﻤﺔﺍﻟﻌﻔﻮ ﺍﻟﺪﻭﻟﻴﺔ‬

    ‫ﻧﻘﻄﺔﺩﺧﻮﻝ‬ ‫‪AP‬‬
    ‫ﻭﺍﺟﻬﺔﺗﻄﺒﻴﻖ ﺍﻟﺒﺮﻧﺎﻣﺞ‬ ‫‪API‬‬
    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﺗﺤﻠﻴﻞ ﺍﻟﻌﻨﻮﺍﻥ‬ ‫‪ARP‬‬
    ‫ﻭﺿﻊﺍﻟﻨﻘﻞ ﻏﻴﺮ ﺍﻟﻤﺘﺰﺍﻣﻦ‬ ‫ﻣﺎﻛﻴﻨﺔﺍﻟﺼﺮﺍﻑ ﺍﻵﻟﻲ‬

    ‫ﺧﺪﻣﺎﺕﺃﻣﺎﺯﻭﻥ ﻭﻳﺐ‬ ‫‪AWS‬‬


    ‫ﻋﻤﻞﻟﻌﻤﻞ‬ ‫‪B2B‬‬
    ‫ﻣﻦﺷﺮﻛﺔ ﺇﻟﻰ ﻣﺴﺘﻬﻠﻚ‬ ‫‪B2C‬‬
    ‫ﺍﺟﻠﺐﺟﻬﺎﺯﻙ ﺍﻟﺨﺎﺹ‬ ‫‪BYOD‬‬
    ‫ﺃﺣﻀﺮﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﺨﺎﺻﺔ ﺑﻚ‬ ‫‪BYOT‬‬
    ‫ﻛﺒﻴﺮﻣﺴﺆﻭﻟﻲ ﺍﻟﺒﻴﺎﻧﺎﺕ‬ ‫‪CDO‬‬
    ‫ﺭﺉﻴﺲﻣﻜﺘﺐ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬ ‫ﺭﺉﻴﺲﻗﺴﻢ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬

    ‫ﻣﺮﻛﺰﻷﻣﻦ ﺍﻹﻧﺘﺮﻧﺖ‬ ‫ﺭﺍﺑﻄﺔﺍﻟﺪﻭﻝ ﺍﻟﻤﺴﺘﻘﻠﺔ‬

    ‫ﻛﺒﻴﺮﻣﻮﻇﻔﻲ ﺃﻣﻦ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬ ‫‪CISO‬‬


    ‫ﻛﺒﻴﺮﻣﺴﺆﻭﻟﻲ ﺍﻟﺨﺼﻮﺻﻴﺔ‬ ‫‪CPO‬‬
    ‫ﺍﻟﺮﺉﻴﺲﺍﻟﺘﻨﻔﻴﺬﻱ ﻟﻠﺘﻜﻨﻮﻟﻮﺟﻴﺎ‬ ‫‪CTO‬‬
    ‫ﻗﺎﻋﺪﺓﺍﻟﺒﻴﺎﻧﺎﺕ‬ ‫‪DB‬‬
    ‫ﻣﻨﻊﺗﺴﺮﺏ ﺍﻟﺒﻴﺎﻧﺎﺕ‬ ‫‪DLP‬‬
    ‫ﻣﻨﻄﻘﺔﻣﻨﺰﻭﻋﺔ ﺍﻟﺴﻼﺡ‬ ‫ﺍﻟﻤﻨﻄﻘﺔﺍﻟﻤﺠﺮﺩﺓ ﻣﻦ ﺍﻟﺴﻼﺡ‬

    ‫ﻣﺴﺆﻭﻝﺣﻤﺎﻳﺔ ﺍﻟﺒﻴﺎﻧﺎﺕ‬ ‫‪DPO‬‬


    ‫ﻧﻈﺎﻡﺍﺳﻢ ﺍﻟﻤﺠﺎﻝ‬ ‫‪DNS‬‬
    ‫ﺗﺨﻄﻴﻂﻣﻮﺍﺭﺩ ﺍﻟﻤﺸﺎﺭﻳﻊ‬ ‫ﺗﺨﻄﻴﻂﻣﻮﺍﺭﺩ ﺍﻟﻤﺆﺳﺴﺎﺕ‬

    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻧﻘﻞ ﺍﻟﻤﻠﻔﺎﺕ‬ ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻧﻘﻞ ﺍﻟﻤﻠﻔﺎﺕ‬

    ‫ﻭﺍﺟﻬﺔﺍﻟﻤﺴﺘﺨﺪﻡ ﺍﻟﺮﺳﻮﻣﻴﺔ‬ ‫ﻭﺍﺟﻬﺔﺍﻟﻤﺴﺘﺨﺪﻡ ﺍﻟﺮﺳﻮﻣﻴﺔ‬

    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻧﻘﻞ ﺍﻟﻨﺺ ﺍﻟﺘﺸﻌﺒﻲ‬ ‫‪HTTP‬‬


    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻧﻘﻞ ﺍﻟﻨﺺ ﺍﻟﺘﺸﻌﺒﻲ ﺍﻵﻣﻦ‬ ‫‪HTTPS‬‬

    ‫ﺍﻟﺒﻨﻴﺔﺍﻟﺘﺤﺘﻴﺔ ﻛﺨﺪﻣﺔ‬ ‫‪IaaS‬‬


    ‫ﺇﺩﺍﺭﺓﺍﻟﻬﻮﻳﺔ ﻭﺍﻟﻮﺻﻮﻝ‬ ‫ﺃﻧﺎﺃﻛﻮﻥ‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪52‬‬ ‫‪www.theiia.org‬‬


    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﺍﻟﺘﺤﻜﻢ ﺑﺮﺳﺎﺉﻞ ﺷﺒﻜﺔ ﺍﻻﻧﺘﺮﻧﺖ‬ ‫‪ICMP‬‬
    ‫ﺃﻧﻈﻤﺔﻛﺸﻒ ﺍﻟﺘﺴﻠﻞ‬ ‫‪IDS‬‬
    ‫ﻣﻌﻬﺪﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬ ‫‪)The( IIA‬‬

    ‫ﻣﻨﻊﺗﺴﺮﺏ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬ ‫‪ILP‬‬


    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ ﺭﺳﺎﺉﻞ ﺍﻹﻧﺘﺮﻧﺖ‬ ‫‪IMAP‬‬
    ‫ﺍﻧﺘﺮﻧﺖﺍﻷﺷﻴﺎء‬ ‫ﺇﻧﺘﺮﻧﺖﺍﻷﺷﻴﺎء‬

    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﺇﻧﺘﺮﻧﺖ‬ ‫‪IP‬‬
    ‫ﺗﺒﺎﺩﻝﻓﺮﻉ ﺧﺎﺹ ﻟﺒﺮﻭﺗﻮﻛﻮﻝ ﺍﻹﻧﺘﺮﻧﺖ‬ ‫‪IP PBX‬‬

    ‫ﻧﻈﺎﻡﻣﻨﻊ ﺍﻻﺧﺘﺮﺍﻕ‬ ‫‪IPS‬‬


    ‫ﺃﻣﻦﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻹﻧﺘﺮﻧﺖ‬ ‫‪IPSec‬‬

    ‫ﺃﻣﻦﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬ ‫ﻳﻜﻮﻥ‬
    ‫ﺗﻜﻨﻮﻟﻮﺟﻴﺎﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬ ‫ﻫﻮ‪ -‬ﻫﻲ‬

    ‫ﻣﺆﺷﺮﺍﻷﺩﺍء ﺍﻟﺮﺉﻴﺴﻲ‬ ‫‪KPI‬‬


    ‫ﻣﺆﺷﺮﺍﻟﻤﺨﺎﻃﺮ ﺍﻟﺮﺉﻴﺴﻲ‬ ‫‪KRI‬‬
    ‫ﺷﺒﻜﺔﺍﻟﻤﻨﻄﻘﺔ ﺍﻟﻤﺤﻠﻴﺔ‬ ‫‪LAN‬‬
    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﺍﻟﻮﺻﻮﻝ ﺍﻟﻤﺒﺎﺷﺮ ﺧﻔﻴﻒ ﺍﻟﻮﺯﻥ‬ ‫‪LDAP‬‬
    ‫ﺇﺩﺍﺭﺓﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﻬﺎﺗﻒ ﺍﻟﻤﺘﺤﺮﻙ‬ ‫ﻣﺎﻣﺎ‬
    ‫ﺷﺒﻜﺔﻣﻨﻄﻘﺔ ﺍﻟﻌﺎﺻﻤﺔ‬ ‫ﺭﺟﻞ‬
    ‫ﺇﺩﺍﺭﺓﺍﻷﺟﻬﺰﺓ ﺍﻟﻨﻘﺎﻟﺔ‬ ‫‪MDM‬‬
    ‫ﻣﺼﺎﺩﻗﺔﻣﺘﻌﺪﺩﺓ ﺍﻟﻌﻮﺍﻣﻞ‬ ‫‪MFA‬‬
    ‫ﺍﻟﺘﻌﻠﻢﺍﻻﻟﻲ‬ ‫‪ML‬‬
    ‫ﻭﻛﻴﻞﻧﻘﻞ ﺍﻟﺒﺮﻳﺪ )ﺃﻭ ﺍﻟﺮﺳﺎﺉﻞ(‬ ‫‪MTA‬‬
    ‫ﻣﺴﺘﺨﺪﻡﺍﻟﺒﺮﻳﺪ‬ ‫ﻣﻮ‬
    ‫ﻭﻛﻴﻞﻣﺴﺘﺨﺪﻡ ﺍﻟﺒﺮﻳﺪ‬ ‫‪MUA‬‬
    ‫ﺍﻟﺠﻴﻞﺍﻟﻘﺎﺩﻡ‬ ‫‪NG‬‬
    ‫ﺍﻟﻤﻌﻬﺪﺍﻟﻮﻃﻨﻲ ﻟﻠﻤﻌﺎﻳﻴﺮ ﻭﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ‬ ‫ﻧﻴﺴﺖ‬
    ‫ﻣﻌﺎﻟﺠﺔﺍﻟﻠﻐﺔ ﺍﻟﻄﺒﻴﻌﻴﺔ‬ ‫ﺍﻟﺒﺮﻣﺠﺔﺍﻟﻠﻐﻮﻳﺔ ﺍﻟﻌﺼﺒﻴﺔ‬

    ‫ﻟﻴﺲﻓﻘﻂ ‪SQL‬‬ ‫‪NoSQL‬‬

    ‫ﻣﻌﺎﻟﺠﺔﺍﻟﻤﻌﺎﻣﻼﺕ ﻋﺒﺮ ﺍﻹﻧﺘﺮﻧﺖ‬ ‫‪OLTP‬‬


    ‫ﻧﻈﺎﻡﺍﻟﺘﺸﻐﻴﻞ‬ ‫ﻧﻈﺎﻡﺍﻟﺘﺸﻐﻴﻞ‬

    ‫ﺭﺑﻂﺍﻷﻧﻈﻤﺔ ﺍﻟﻤﻔﺘﻮﺣﺔ‬ ‫‪OSI‬‬


    ‫ﺑﺮﻣﺠﻴﺎﺕﺃﻧﻈﻤﺔ ﺍﻟﺘﺸﻐﻴﻞ‬ ‫‪OSS‬‬
    ‫ﺍﻟﻨﺪﻟﻠﻨﺪ‬ ‫‪P2P‬‬
    ‫ﺍﻟﻤﻨﺼﺔﻛﺨﺪﻣﺔ‬ ‫‪PaaS‬‬
    ‫ﺍﻟﺼﻔﺤﺔﺍﻟﺮﺉﻴﺴﻴﺔ ﺍﻟﺸﺨﺼﻴﺔ )ﻣﻌﺎﻟﺞ ﺍﻟﻨﺺ ﺍﻟﺘﺸﻌﺒﻲ(‬ ‫ﺑﻲﺃﺗﺶ ﺑﻲ‬

    ‫ﻧﻘﻄﺔﺍﻟﻮﺻﻮﻝ‬ ‫‪PoP‬‬
    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻣﻜﺘﺐ ﺍﻟﺒﺮﻳﺪ‬ ‫‪POP‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪53‬‬ ‫‪www.theiia.org‬‬


    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻧﻘﻄﺔ ﺇﻟﻰ ﻧﻘﻄﺔ‬ ‫‪PPP‬‬
    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﺍﻻﺗﺼﺎﻝ ﺍﻟﻨﻔﻘﻲ ﻣﻦ ﻧﻘﻄﺔ ﺇﻟﻰ ﻧﻘﻄﺔ‬ ‫‪PPTP‬‬
    ‫ﺃﻧﻈﻤﺔﺇﺩﺍﺭﺓ ﻗﻮﺍﻋﺪ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻌﻼﺉﻘﻴﺔ‬ ‫‪RDBMS‬‬

    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﺳﻄﺢ ﺍﻟﻤﻜﺘﺐ ﺍﻟﺒﻌﻴﺪ‬ ‫‪RDP‬‬


    ‫ﻃﻠﺐﺍﻗﺘﺮﺍﺡ‬ ‫ﻃﻠﺐﺗﻘﺪﻳﻢ ﺍﻟﻌﺮﻭﺽ‬

    ‫ﻋﺎﺉﺪﺍﻻﺳﺘﺜﻤﺎﺭ‬ ‫ﻋﺎﺉﺪﺍﻻﺳﺘﺜﻤﺎﺭ‬

    ‫ﺃﺗﻤﺘﺔﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺮﻭﺑﻮﺗﻴﺔ‬ ‫‪RPA‬‬


    ‫ﺍﻟﺒﺮﻣﺠﻴﺎﺕﻛﺨﺪﻣﺔ‬ ‫‪SaaS‬‬
    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻧﻘﻞ ﺍﻟﻤﻠﻔﺎﺕ ﺍﻵﻣﻦ‬ ‫‪SFTP‬‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﺍﻷﻣﻨﻴﺔ ﻭﺇﺩﺍﺭﺓ ﺍﻷﺣﺪﺍﺙ‬ ‫ﺳﻴﻢ‬
    ‫ﺍﺗﻔﺎﻗﻴﺔﻣﺴﺘﻮﻯ ﺍﻟﺨﺪﻣﺔ‬ ‫ﺟﻴﺶﺗﺤﺮﻳﺮ ﺍﻟﺴﻮﺩﺍﻥ‬

    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻧﻘﻞ ﺍﻻﻳﻤﻴﻞ ﺍﻟﺒﺴﻴﻂ‬ ‫‪SMTP‬‬


    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﺇﺩﺍﺭﺓ ﺍﻟﺸﺒﻜﺎﺕ ﺍﻟﺒﺴﻴﻄﺔ‬ ‫‪SNMP‬‬
    ‫ﻟﻐﺔﺍﻻﺳﺘﻌﻼﻡ ﺍﻟﻬﻴﻜﻠﻴﺔ‬ ‫‪SQL‬‬
    ‫ﺻﺪﻓﻪﺁﻣﻨﻪ‬ ‫‪SSH‬‬
    ‫ﻃﺒﻘﺔﻣﻘﺒﺲ ﺁﻣﻦ‬ ‫‪SSL‬‬
    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﺍﻟﺘﺤﻜﻢ ﺑﺎﻹﺭﺳﺎﻝ‬ ‫‪TCP‬‬
    ‫ﺃﻣﻦﻃﺒﻘﺔ ﺍﻟﻨﻘﻞ‬ ‫‪TLS‬‬
    ‫ﻭﺍﺟﻬﺎﺕﺍﻟﻤﺴﺘﺨﺪﻡ ﺍﻟﻨﺼﻴﺔ‬ ‫‪TUI‬‬
    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻣﺨﻄﻂ ﺍﻟﻤﺴﺘﺨﺪﻡ‬ ‫‪UDP‬‬
    ‫ﺍﻟﻨﺎﻗﻞﺍﻟﺘﺴﻠﺴﻠﻲ ﺍﻟﻌﺎﻟﻤﻲ‬ ‫‪USB‬‬
    ‫ﺷﺒﻜﺔﺍﻟﻤﻨﻄﻘﺔ ﺍﻟﻤﺤﻠﻴﺔ ﺍﻻﻓﺘﺮﺍﺿﻴﺔ‬ ‫ﺷﺒﻜﺔﻣﺤﻠﻴﺔ ﻇﺎﻫﺮﻳﺔ‬

    ‫ﺁﻟﺔﺍﻓﺘﺮﺍﺿﻴﺔ‬ ‫‪VM‬‬
    ‫ﻣﺮﺍﻗﺐ ‪ /‬ﻣﺪﻳﺮ ﺍﻵﻟﺔ ﺍﻻﻓﺘﺮﺍﺿﻴﺔ‬ ‫‪VMM‬‬
    ‫ﺍﻧﺘﻘﺎﻝﺍﻟﺼﻮﺕ ﻋﺒﺮ ﺑﻮﺗﻮﻛﻮﻝ ﺍﻻﻧﺘﺮﻧﻴﺖ‬ ‫‪VoIP‬‬
    ‫ﺷﺒﻜﺔﺧﺎﺻﺔ ﺍﻓﺘﺮﺍﺿﻴﺔ‬ ‫‪VPN‬‬
    ‫ﺟﺪﺍﺭﺣﻤﺎﻳﺔ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﻮﻳﺐ‬ ‫ﻭﺍﻑ‬
    ‫ﺷﺒﻜﺔﻣﻨﻄﻘﺔ ﻭﺍﺳﻌﺔ‬ ‫ﺷﺒﻜﻪﻋﺎﻟﻤﻴﻪ‬

    ‫ﺍﻟﺨﺼﻮﺻﻴﺔﺍﻟﻤﻜﺎﻓﺉﺔ ﺍﻟﺴﻠﻜﻴﺔ‬ ‫‪WEP‬‬


    ‫ﺍﻟﻮﺻﻮﻝﺍﻟﻤﺤﻤﻲ ﺑﺎﻟﻮﺍﻱ ﻓﺎﻱ‬ ‫‪WPA‬‬
    ‫ﺍﻟﻮﺻﻮﻝﺍﻟﻤﺤﻤﻲ ﺑﺘﻘﻨﻴﺔ ‪Wi-Fi 2‬‬ ‫‪WPA2‬‬
    ‫ﺍﻟﻮﺻﻮﻝﺍﻟﻤﺤﻤﻲ ﺑﺘﻘﻨﻴﺔ ‪Wi-Fi 3‬‬ ‫‪WPA3‬‬
    ‫ﻛﺨﺪﻣﺔ"‪"X‬‬ ‫‪XaaS‬‬
    ‫ﻋﺒﺮﻣﻮﻗﻊ ﺍﻟﺒﺮﻣﺠﺔ‬ ‫‪XSS‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪54‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻤﻠﺤﻖﺩ ﺷﺒﻜﺔ ‪ OSI‬ﺍﻟﻤﻜﻮﻧﺔ ﻣﻦ ﺳﺒﻊ ﻃﺒﻘﺎﺕ‬
    ‫ﻳﻮﻓﺮﺍﻟﻤﻠﺤﻖ ﺗﻔﺎﺻﻴﻞ ﻛﻞ ﻃﺒﻘﺔ ﻣﻦ ﺍﻟﻄﺒﻘﺎﺕ ﺍﻟﺴﺒﻊ ﻟﻨﻤﻮﺫﺝ ﺷﺒﻜﺔ ‪ OSI‬ﺍﻟﻤﻜﻮﻧﺔ ﻣﻦ ﺳﺒﻊ ﻃﺒﻘﺎﺕ ‪ ،‬ﻛﻤﺎ ﻫﻮ‬
    ‫ﻣﻮﺿﺢﻓﻲ ﺍﻟﺸﻜﻞ ‪ 11‬ﻣﻦ ﻫﺬﺍ ﺍﻟﺪﻟﻴﻞ‪.‬‬

    ‫ﻭﺻﻒﺷﺒﻜﺔ ‪ OSI‬ﺍﻟﻤﻜﻮﻧﺔ ﻣﻦ ﺳﺒﻊ ﻃﺒﻘﺎﺕ‬


    ‫ﺍﻟﻄﺒﻘﺔ‪ - 1‬ﺍﻟﻤﺎﺩﻳﺔ‬
    ‫ﻭﻇﻴﻔﺔ‪:‬ﺗﺘﻤﺜﻞ ﻣﻬﻤﺔ ﺍﻟﻄﺒﻘﺔ ﺍﻟﻤﺎﺩﻳﺔ ﻓﻲ ﺗﻮﻓﻴﺮ ﻣﺴﺎﺭ ﻟﻨﻘﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ‪.‬‬
    ‫ﻭﺳﺎﺉﻞﺍﻹﻋﻼﻡ ﺍﻟﺘﻲ ﺗﻨﻔﺬ ﻫﺬﻩ ﺍﻟﻄﺒﻘﺔ‪:‬ﺍﻷﺳﻼﻙ ﺍﻟﻨﺤﺎﺳﻴﺔ ﺃﻭ ﻛﺎﺑﻞ ﺍﻷﻟﻴﺎﻑ ﺍﻟﻀﻮﺉﻴﺔ ﺃﻭ ﻣﻮﺟﺎﺕ ﺍﻟﺮﺍﺩﻳﻮ ﺃﻭ ﺃﻱ ﻃﺮﻳﻘﺔ ﺃﺧﺮﻯ ﻗﺎﺩﺭﺓ ﻋﻠﻰ‬
    ‫ﻧﻘﻞﺍﻟﺒﻴﺎﻧﺎﺕ‪.‬‬

    ‫ﺍﻟﻤﺤﺘﺮﻓﻮﻥﺍﻟﻌﺎﻣﻠﻮﻥ ﻓﻲ ﻫﺬﺍ ﺍﻟﻤﺴﺘﻮﻯ‪:‬ﻣﻬﻨﺪﺱ ﺍﺗﺼﺎﻻﺕ ﺃﻭ ﻓﻨﻲ ﺍﺗﺼﺎﻻﺕ‪.‬‬


    ‫ﻳﻤﻜﻦﺃﻥ ﻳﻜﻮﻥ ﺗﺤﺪﻳﺚ ﺍﻟﻄﺒﻘﺔ ﺍﻟﻤﺎﺩﻳﺔ ﻣﻜﻠﻔﺎً ﻟﻠﻐﺎﻳﺔ‪ .‬ﻳﺘﻢ ﺍﻟﺤﻔﺎﻅ ﻋﻠﻰ ﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺃﺳﺎﻟﻴﺐ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻘﺪﻳﻤﺔ ﻟﻤﻨﻊ ﺍﺳﺘﺒﺪﺍﻝ ﺍﻟﺒﻨﻴﺔ‬
    ‫ﺍﻟﺘﺤﺘﻴﺔﻟﻠﻄﺒﻘﺔ ﺍﻷﻭﻟﻰ‪ .‬ﺗﻮﺟﺪ ﺍﻟﻄﺒﻘﺔ ﺍﻟﻤﺎﺩﻳﺔ ﻓﻲ ﺟﻤﻴﻊ ﺍﻣﺘﺪﺍﺩﺍﺕ ﺍﻟﺸﺒﻜﺔ ﻭﻓﻲ ﺍﻟﻌﻘﺪ ﻧﻔﺴﻬﺎ‪ .‬ﻳﻤﻜﻦ ﺃﻥ ﺗﻮﻓﺮ ﺃﺟﻬﺰﺓ ﺍﻟﺘﻮﺟﻴﻪ ﻭﺃﺟﻬﺰﺓ‬
    ‫ﺍﻟﺘﺤﻮﻳﻞﺍﻟﻘﺪﻳﻤﺔ ﻭﻇﻴﻔﺔ ﻣﺤﺪﻭﺩﺓ ﺣﺘﻰ ﻣﻊ ﺗﺤﺪﻳﺜﺎﺕ ﺍﻟﺒﺮﺍﻣﺞ ﺑﺴﺒﺐ ﻗﻴﻮﺩ ﺍﻟﻄﺒﻘﺔ ﺍﻷﻭﻟﻰ‪ .‬ﻳﻤﻜﻦ ﺃﻥ ﻳﻜﻮﻥ ﻟﺒﻄﺎﻗﺎﺕ ﻭﺍﺟﻬﺔ ﺍﻟﺸﺒﻜﺔ‬
    ‫ﺍﻟﻘﺪﻳﻤﺔ)‪ (NIC‬ﻗﻴﻮﺩ ﻣﻤﺎﺛﻠﺔ‪ .‬ﺗﺤﺎﻓﻆ ﺍﻟﻤﻌﺪﺍﺕ ﺍﻷﺣﺪﺙ ﻋﻠﻰ ﺍﻟﺘﻮﺍﻓﻖ ﻣﻊ ﺍﻹﺻﺪﺍﺭﺍﺕ ﺍﻟﺴﺎﺑﻘﺔ ﻟﻠﺴﻤﺎﺡ ﺑﺘﺸﻐﻴﻞ ﺍﻟﺸﺒﻜﺔ ﻋﻠﻰ ﺍﻟﺒﻨﻴﺔ‬
    ‫ﺍﻟﺘﺤﺘﻴﺔﺍﻟﻘﺪﻳﻤﺔ‪.‬‬

    ‫ﺍﻟﻄﺒﻘﺔ‪ - 2‬ﺍﺭﺗﺒﺎﻁ ﺍﻟﺒﻴﺎﻧﺎﺕ‬

    ‫ﻭﻇﻴﻔﺔ‪:‬ﺗﺘﺤﻜﻢ ﻃﺒﻘﺔ ﺍﺭﺗﺒﺎﻁ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻓﻲ ﺇﺭﺳﺎﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻋﺒﺮ ﻣﺴﺎﺭ ﻣﻌﻴﻦ‪ .‬ﻣﻦ ﺣﻴﺚ ﺍﻟﺸﺒﻜﺔ ‪ ،‬ﻫﺬﺍ ﻫﻮ ﺍﻧﺘﻘﺎﻝ ﺍﻟﻌﻘﺪﺓ ﺇﻟﻰ ﺍﻟﻌﻘﺪﺓ‪.‬‬

    ‫ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕﺍﻟﺘﻲ ﺗﻨﻔﺬ ﻫﺬﻩ ﺍﻟﻄﺒﻘﺔ‪.:‬ﻭﻏﻴﺮﻫﺎ (‪ )ARP‬ﻭﺑﺮﻭﺗﻮﻛﻮﻝ ﺗﺤﻠﻴﻞ ﺍﻟﻌﻨﻮﺍﻥ ‪ Wi-Fi‬ﻭ ‪Ethernet‬‬


    ‫ﺍﻟﻤﺤﺘﺮﻓﻮﻥﺍﻟﻌﺎﻣﻠﻮﻥ ﻓﻲ ﻫﺬﺍ ﺍﻟﻤﺴﺘﻮﻯ‪:‬ﻣﻬﻨﺪﺱ ﺷﺒﻜﺎﺕ ﺃﻭ ﻓﻨﻲ ﺷﺒﻜﺎﺕ‪.‬‬

    ‫ﺗﻌُﻨﻰﻃﺒﻘﺔ ﺍﺭﺗﺒﺎﻁ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺑﺘﻨﻈﻴﻢ ﻋﻤﻠﻴﺎﺕ ﺇﺭﺳﺎﻝ ﺍﻟﻄﺒﻘﺔ ﺍﻷﻭﻟﻰ ﻓﻲ ﺑﻴﺎﻧﺎﺕ ﻗﺎﺑﻠﺔ ﻟﻼﺳﺘﺨﺪﺍﻡ‪ .‬ﺗﺴﺘﺨﺪﻡ ﺑﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﻄﺒﻘﺔ ﺍﻟﺜﺎﻧﻴﺔ‬
    ‫ﺍﻟﻤﺨﺘﻠﻔﺔﻃﺮﻗﺎً ﻣﺨﺘﻠﻔﺔ ﻟﻠﻘﻴﺎﻡ ﺑﺬﻟﻚ‪ .‬ﺗﻘﺴﻢ ﺷﺒﻜﺔ ﺇﻳﺜﺮﻧﺖ )ﺍﻟﺘﻲ ﺗﻢ ﺗﺤﺪﻳﺪﻫﺎ ﺑﻮﺍﺳﻄﺔ ﻣﻌﻴﺎﺭ ﻣﻌﻬﺪ ﻣﻬﻨﺪﺳﻲ ﺍﻟﻜﻬﺮﺑﺎء ﻭﺍﻹﻟﻜﺘﺮﻭﻧﻴﺎﺕ‬
    ‫‪، 802.3‬ﻣﺜﻞ ‪ (IEEE 802.3‬ﺍﻟﻨﺒﻀﺎﺕ ﺍﻟﻜﻬﺮﺑﺎﺉﻴﺔ ﺇﻟﻰ "ﺇﻃﺎﺭﺍﺕ" ﻳﻤﻜﻦ ﺇﺭﺳﺎﻟﻬﺎ ﻭﺍﺳﺘﻼﻣﻬﺎ ﻋﺒﺮ ﺍﺭﺗﺒﺎﻁ ﺍﻟﻄﺒﻘﺔ ﺍﻷﻭﻟﻰ‪ .‬ﺇﺫﺍ ﻟﻢ ﻳﺘﻢ‬
    ‫ﺍﺳﺘﻼﻡﺍﻹﻃﺎﺭﺍﺕ ﻛﻤﺎ ﻫﻲ ‪ ،‬ﻳﻤﻜﻦ ﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﻄﺒﻘﺔ ﺍﻟﺜﺎﻧﻴﺔ ﺗﺼﺤﻴﺢ ﺫﻟﻚ ﻋﻦ ﻃﺮﻳﻖ ﻃﻠﺐ ﺇﻋﺎﺩﺓ ﺍﻹﺭﺳﺎﻝ ﺃﻭ ﻗﺒﻮﻝ ﺍﻷﺧﻄﺎء‪ .‬ﺗﺘﺤﻜﻢ‬
    ‫ﺍﻟﻄﺒﻘﺔ‪ 2‬ﺃﻳﻀﺎً ﻓﻲ ﺳﺮﻋﺔ ﺍﻹﺭﺳﺎﻝ ﻟﻀﻤﺎﻥ ﺧﺪﻣﺔ ﻣﻮﺛﻮﻗﺔ ؛ ﻫﺬﺍ ﻣﺎ ﻳﺴﻤﻰ ﺍﻟﺘﺤﻜﻢ ﻓﻲ ﺍﻟﺘﺪﻓﻖ‪.‬‬

    ‫ﺍﻟﻄﺒﻘﺔ‪ - 3‬ﺍﻟﺸﺒﻜﺔ‬
    ‫ﻭﻇﻴﻔﺔ‪:‬ﺗﻬﺘﻢ ﻃﺒﻘﺔ ﺍﻟﺸﺒﻜﺔ ﺑﻤﻌﺎﻟﺠﺔ ﺃﺟﻬﺰﺓ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﺍﻟﻔﺮﺩﻳﺔ )ﻭﺗﺴﻤﻰ ﺃﻳﻀﺎً ﺍﻟﻤﻀﻴﻔﻴﻦ( ﻭﺗﻮﺟﻴﻪ ﺍﻻﺗﺼﺎﻻﺕ ﻋﻠﻰ ﺍﻟﺸﺒﻜﺎﺕ‬
    ‫ﺍﻟﻤﺤﻠﻴﺔﺍﻟﻤﺨﺘﻠﻔﺔ‪ .‬ﻓﻲ ﺍﻻﺳﺘﺨﺪﺍﻡ ﺍﻟﺸﺎﺉﻊ ‪ ،‬ﺗﻌﺘﺒﺮ ﺍﻟﻌﻘﺪﺓ ﻧﻘﻄﺔ ﻓﻲ ﺍﻟﺸﺒﻜﺔ ‪ ،‬ﻟﻜﻦ ﺍﻟﻤﻀﻴﻒ ﻫﻮ ﻧﻈﺎﻡ ﻳﻌﻤﻞ ﺑﻜﺎﻣﻞ ﻃﺎﻗﺘﻪ )‬
    ‫ﻭﻟﻴﺲﺟﻬﺎﺯ ﺷﺒﻜﺔ ﻣﺜﻞ ﺟﻬﺎﺯ ﺍﻟﺘﻮﺟﻴﻪ ﺃﻭ ﺍﻟﻄﺎﺑﻌﺔ( ﺑﻌﻨﻮﺍﻥ ﻃﺒﻘﺔ ﺍﻟﺸﺒﻜﺔ‪.‬‬
    ‫ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕﺍﻟﺘﻲ ﺗﻨﻔﺬ ﻫﺬﻩ ﺍﻟﻄﺒﻘﺔ‪:‬ﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻹﻧﺘﺮﻧﺖ )‪ ، (IP‬ﻭﺑﺮﻭﺗﻮﻛﻮﻝ ﺭﺳﺎﺉﻞ ﺍﻟﺘﺤﻜﻢ ﻓﻲ ﺍﻹﻧﺘﺮﻧﺖ )‪ ، (ICMP‬ﻭﺃﻣﺎﻥ‬
    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﺍﻹﻧﺘﺮﻧﺖ )‪ ، (IPsec‬ﻭﺗﺒﺎﺩﻝ ﺣﺰﻡ ﺍﻟﻌﻤﻞ ﻋﺒﺮ ﺍﻹﻧﺘﺮﻧﺖ )‪ ، (IPX‬ﻭﻏﻴﺮﻫﺎ‪.‬‬
    ‫ﺍﻟﻤﺤﺘﺮﻓﻮﻥﺍﻟﻌﺎﻣﻠﻮﻥ ﻓﻲ ﻫﺬﺍ ﺍﻟﻤﺴﺘﻮﻯ‪:‬ﻣﻬﻨﺪﺱ ﺷﺒﻜﺎﺕ ﺃﻭ ﻣﺴﺆﻭﻝ ﺷﺒﻜﺔ ﺃﻭ ﻋﺎﻣﻞ ﺗﺸﻔﻴﺮ ﺃﻭ ﻓﺮﻳﻖ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ‬
    ‫ﻟﻠﺸﺒﻜﺔ‪.‬‬
    ‫ﻏﺎﻟﺒﺎًﻣﺎ ﺗﺮﺗﺒﻂ ﻃﺒﻘﺔ ﺍﻟﺸﺒﻜﺔ ﺑﻌﻨﺎﻭﻳﻦ ‪ ، IP‬ﻭﻟﻜﻨﻬﺎ ﻣﻔﻬﻮﻣﺔ ﺑﺸﻜﻞ ﺻﺤﻴﺢ ﻟﻠﻄﺮﻳﻘﺔ ﺍﻟﺘﻲ ﺗﺴﻤﺢ ﺑﻬﺎ ﺑﺎﻟﺘﻮﺟﻴﻪ ﻋﺒﺮ ﺍﻟﺸﺒﻜﺎﺕ )ﺃﻱ ﺷﺒﻜﺔ‬
    ‫ﺍﻹﻧﺘﺮﻧﺖ(‪ .‬ﺗﻢ ﺍﻗﺘﺮﺍﺡ ﻭﻣﺮﺍﺟﻌﺔ ﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺍﻟﻄﺮﻕ ﻟﺘﺤﻘﻴﻖ ﺗﻮﺟﻴﻪ ﺃﻛﺜﺮ ﻛﻔﺎءﺓ‪ .‬ﺗﻌﺘﻤﺪ ﺍﻟﺒﻨﻰ ﺍﻟﻤﺤﻠﻴﺔ ﺍﻟﻤﺨﺘﻠﻔﺔ ﻋﻠﻰ ﺧﺼﺎﺉﺺ ﺍﻟﺘﻮﺟﻴﻪ‬
    ‫ﻟﻠﺒﺮﻭﺗﻮﻛﻮﻻﺕﺍﻟﻤﺴﺘﺨﺪﻣﺔ ﻓﻲ ‪ .Layer3‬ﺗﻌﻤﻞ ﺍﻷﻋﻤﺪﺓ ﺍﻟﺮﺉﻴﺴﻴﺔ ﻟﺘﺒﺪﻳﻞ ﺍﻟﻤﻠﺼﻘﺎﺕ ﻣﺘﻌﺪﺩ ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕ )‪ (MPLS‬ﻋﻠﻰ ﺗﻮﺻﻴﻞ‬
    ‫ﺍﻟﻤﻜﺎﺗﺐﻭﻣﻮﺍﺭﺩ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻤﻘﺴﻤﺔ ﺟﻐﺮﺍﻓﻴﺎً‪ .‬ﻳﺴﺎﻋﺪ ﻓﺼﻞ ‪ VLAN‬ﻋﻠﻰ ﺗﻘﺴﻴﻢ ﺍﻷﻧﻈﻤﺔ ﺍﻟﻤﺨﺘﻠﻔﺔ ﻋﻠﻰ ﺍﻟﺸﺒﻜﺔ ﺗﻘﺮﻳﺒﺎً ﻭﻣﺮﻭﻧﺔ‬
    ‫ﻟﺘﺄﻣﻴﻦﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﺗﺤﻘﻴﻖ ﺍﻟﺘﻮﺍﺯﻥ ﻓﻲ ﺍﺳﺘﺨﺪﺍﻡ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ‪.‬‬

    ‫ﺟﻮﺩﺓﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﺇﺩﺍﺭﺗﻬﺎ ﻭﻣﺨﺎﻃﺮ ﺍﻹﺑﻼﻍ‪:‬ﺗﺸﻴﺮ ﻋﺒﺎﺭﺓ "ﺇﺩﺧﺎﻝ ‪ ،‬ﻗﻤﺎﻣﺔ" ﺇﻟﻰ ﺇﺩﺧﺎﻝ ﺑﻴﺎﻧﺎﺕ ﺳﻴﺉﺔ ﻓﻲ ﺍﻟﻨﻈﺎﻡ ﺳﻴﺆﺩﻱ ﺇﻟﻰ ﺇﺧﺮﺍﺝ ﺑﻴﺎﻧﺎﺕ‬
    ‫ﺳﻴﺉﺔﻣﻦ ﺍﻟﻨﻈﺎﻡ‪ .‬ﻗﺪ ﻳﺆﺩﻱ ﺿﻌﻒ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺃﻭ ﻣﺸﺎﻛﻞ ﺟﻮﺩﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺇﻟﻰ ﺗﻘﺎﺭﻳﺮ ﺇﺩﺍﺭﻳﺔ ﻏﻴﺮ ﺩﻗﻴﻘﺔ ﻭﺍﺗﺨﺎﺫ ﻗﺮﺍﺭﺍﺕ ﺧﺎﻃﺉﺔ‪ .‬ﻳﻤﻜﻦ ﺃﻥ‬
    ‫ﻳﻨﺘﺞﻋﻦ ﻗﻮﺍﻋﺪ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻏﻴﺮ ﺍﻟﻤﺼﻤﻤﺔ ﻟﻀﻤﺎﻥ ﺳﻼﻣﺔ ﺍﻟﺒﻴﺎﻧﺎﺕ‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪55‬‬ ‫‪www.theiia.org‬‬


    ‫ﻓﻲﺑﻴﺎﻧﺎﺕ ﻏﻴﺮ ﻛﺎﻣﻠﺔ ﺃﻭ ﻏﻴﺮ ﺻﺎﻟﺤﺔ‪ .‬ﻣﻦ ﺍﻟﻤﺮﺟﺢ ﺃﻥ ﺗﺆﺩﻱ ﺍﻟﺘﺤﻠﻴﻼﺕ ﺍﻟﺘﻲ ﺗﻌﺘﻤﺪ ﻋﻠﻰ ﺑﻴﺎﻧﺎﺕ ﻏﻴﺮ ﺻﺎﻟﺤﺔ ﺇﻟﻰ ﻧﺘﺎﺉﺞ ﻣﻌﻴﺒﺔ‪ .‬ﻟﺬﻟﻚ ‪ ،‬ﻳﺠﺐ ﺃﻥ ﺗﺄﺧﺬ‬
    ‫ﺗﺤﻠﻴﻼﺕﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻀﺨﻤﺔ ﻓﻲ ﺍﻻﻋﺘﺒﺎﺭ ﻣﺨﺎﻃﺮ ﺟﻮﺩﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻫﺬﻩ‪.‬‬

    ‫ﺑﺎﻹﺿﺎﻓﺔﺇﻟﻰ ﺫﻟﻚ ‪ ،‬ﻓﺈﻥ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﺘﻲ ﻟﻢ ﻳﺘﻢ ﺍﻟﺤﺼﻮﻝ ﻋﻠﻴﻬﺎ ﻭﺗﺤﻠﻴﻠﻬﺎ ﻓﻲ ﺍﻟﻮﻗﺖ ﺍﻟﻤﻨﺎﺳﺐ ﻗﺪ ﺗﺆﺩﻱ ﺃﻳﻀﺎً ﺇﻟﻰ ﻣﺨﺮﺟﺎﺕ ﺗﺤﻠﻴﻠﻴﺔ ﻏﻴﺮ‬
    ‫ﺻﺤﻴﺤﺔﻭﻗﺮﺍﺭﺍﺕ ﺇﺩﺍﺭﻳﺔ ﻣﻌﻴﺒﺔ ﻭﺧﺴﺎﺭﺓ ﻓﻲ ﺍﻹﻳﺮﺍﺩﺍﺕ‪ .‬ﻳﺠﺐ ﺃﻥ ﺗﻜﻮﻥ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﺘﻲ ﻳﺘﻢ ﺍﻟﺤﺼﻮﻝ ﻋﻠﻴﻬﺎ ﻣﻦ ﺟﻬﺎﺕ ﺧﺎﺭﺟﻴﺔ ﻓﻲ‬
    ‫ﺍﻟﻮﻗﺖﺍﻟﻤﻨﺎﺳﺐ ﻭﺩﻗﻴﻘﺔ ﻭﻛﺎﻣﻠﺔ ﻭﻣﻦ ﻣﺼﺪﺭ ﺣﺴﻦ ﺍﻟﺴﻤﻌﺔ‪ .‬ﻗﺪ ﻻ ﺗﻜﻮﻥ ﺑﻴﺎﻧﺎﺕ ﺍﻟﺠﻬﺎﺕ ﺍﻟﺨﺎﺭﺟﻴﺔ ﺫﺍﺕ ﺍﻟﺘﻨﺴﻴﻖ ﻏﻴﺮ ﺍﻟﻤﻨﺎﺳﺐ‬
    ‫ﻣﻨﺎﺳﺒﺔﻟﻠﺘﺤﻠﻴﻞ ﻭﻗﺪ ﺗﺆﺧﺮ ﺍﺗﺨﺎﺫ ﻗﺮﺍﺭﺍﺕ ﺍﻹﺩﺍﺭﺓ‪.‬‬
    ‫ﺑﻌﺪﺍﺳﺘﻼﻡ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﺗﺤﻠﻴﻠﻬﺎ ‪ ،‬ﻗﺪ ﻳﻜﻮﻥ ﻣﻦ ﺍﻟﺼﻌﺐ ﺿﻤﺎﻥ ﺇﺩﺍﺭﺓ ﺍﻟﻤﺴﺘﺨﺪﻣﻴﻦ ﺍﻟﻨﻬﺎﺉﻴﻴﻦ ﻟﻠﺒﻴﺎﻧﺎﺕ ﻭﺣﻤﺎﻳﺘﻬﺎ‪ .‬ﻗﺪ ﻳﺆﺩﻱ ﺍﻻﻓﺘﻘﺎﺭ ﺇﻟﻰ‬
    ‫ﺿﻮﺍﺑﻂﺣﻮﺳﺒﺔ ﺍﻟﻤﺴﺘﺨﺪﻡ ﺍﻟﻨﻬﺎﺉﻲ ﺇﻟﻰ ﻋﺪﻡ ﺩﻗﺔ ﺍﻟﺘﻘﺎﺭﻳﺮ ﻭﺗﺴﺮﺏ ﺍﻟﺒﻴﺎﻧﺎﺕ‪ .‬ﻳﺠﺐ ﻣﺮﺍﺟﻌﺔ ﺗﻘﺎﺭﻳﺮ ﺍﻹﻧﺘﺎﺝ ﻟﻠﻤﺴﺘﺨﺪﻡ ﺍﻟﻨﻬﺎﺉﻲ ﻭﺍﻟﺘﻘﺎﺭﻳﺮ‬
    ‫ﺍﻟﻤﺨﺼﺼﺔﻭﺍﻟﻤﺨﺮﺟﺎﺕ ﺍﻟﺘﺤﻠﻴﻠﻴﺔ ﺍﻟﺘﻨﺒﺆﻳﺔ ﻭﺍﻟﻤﻮﺍﻓﻘﺔ ﻋﻠﻴﻬﺎ ﻟﻠﺤﺪ ﻣﻦ ﻗﺮﺍﺭﺍﺕ ﺍﻹﺩﺍﺭﺓ ﺍﻟﻤﻌﻴﺒﺔ‪ .‬ﻳﺠﺐ ﺃﻥ ﺗﻠﺘﺰﻡ ﺗﻘﺎﺭﻳﺮ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻀﺨﻤﺔ‬
    ‫ﺃﻳﻀﺎًﺑﺴﻴﺎﺳﺎﺕ ﺗﺼﻨﻴﻒ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﺨﺎﺻﺔ ﺑﺎﻟﻤﺆﺳﺴﺔ ﻟﻀﻤﺎﻥ ﻣﺸﺎﺭﻛﺔ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻤﻨﺎﺳﺒﺔ ﻓﻘﻂ ‪ ،‬ﺩﺍﺧﻠﻴﺎً ﻭﺧﺎﺭﺟﻴﺎً‪ .‬ﻗﺪ ﺗﻜﻮﻥ ﺧﻴﺎﺭﺍﺕ‬
    ‫ﺍﻟﺘﻘﺎﺭﻳﺮﻭﻗﻨﻮﺍﺕ ﺍﻟﺘﻮﺯﻳﻊ ﻣﻨﺎﺳﺒﺔ ﻓﻘﻂ ﻟﻠﺒﻴﺎﻧﺎﺕ ﺫﺍﺕ ﺍﻷﺣﺠﺎﻡ ﻭﺍﻷﺷﻜﺎﻝ ﺍﻟﻤﺤﺪﺩﺓ‪ .‬ﻗﺪ ﺗﻮﺍﺟﻪ ﺍﻟﻤﻨﻈﻤﺎﺕ ﻋﻘﺒﺎﺕ ﻋﻨﺪ ﺗﺤﺪﻳﺪ ﺧﻴﺎﺭﺍﺕ‬
    ‫ﺍﻟﺘﻘﺮﻳﺮﻭﺍﻟﻘﻨﻮﺍﺕ ﺍﻟﻤﻨﺎﺳﺒﺔ ﻟﻜﻞ ﻧﺘﻴﺠﺔ ﺗﺤﻠﻴﻠﻴﺔ‪.‬‬

    ‫ﺍﻟﻄﺒﻘﺔ‪ - 4‬ﺍﻟﻨﻘﻞ‬
    ‫ﻭﻇﻴﻔﺔ‪:‬ﺗﻬﺘﻢ ﻃﺒﻘﺔ ﺍﻟﻨﻘﻞ ﺑﻨﻘﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻣﻦ ﻣﻀﻴﻒ ﺇﻟﻰ ﻣﻀﻴﻒ ﻋﻠﻰ ﺷﺒﻜﺔ ﺃﻭ ﻋﺒﺮ ﺷﺒﻜﺎﺕ ﺫﺍﺕ ﺟﻮﺩﺓ ﺧﺪﻣﺔ ﻣﺤﺪﺩﺓ‪.‬‬

    ‫ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕﺍﻟﺘﻲ ﺗﻨﻔﺬ ﻫﺬﻩ ﺍﻟﻄﺒﻘﺔ‪:‬ﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻟﺘﺤﻜﻢ ﻓﻲ ﺍﻹﺭﺳﺎﻝ )‪ ، (TCP‬ﻭﺑﺮﻭﺗﻮﻛﻮﻝ ﻣﺨﻄﻂ ﺑﻴﺎﻧﺎﺕ ﺍﻟﻤﺴﺘﺨﺪﻡ )‪ ، (UDP‬ﻭﻏﻴﺮﻫﺎ‪.‬‬

    ‫ﺍﻟﻤﺤﺘﺮﻓﻮﻥﺍﻟﻌﺎﻣﻠﻮﻥ ﻓﻲ ﻫﺬﺍ ﺍﻟﻤﺴﺘﻮﻯ‪:‬ﻣﻬﻨﺪﺱ ﺷﺒﻜﺎﺕ ﺃﻭ ﻣﺴﺆﻭﻝ ﺷﺒﻜﺔ ﺃﻭ ﻋﺎﻣﻞ ﺗﺸﻔﻴﺮ ﺃﻭ ﻓﺮﻳﻖ ﺍﻟﺒﻨﻴﺔ ﺍﻟﺘﺤﺘﻴﺔ‬
    ‫ﻟﻠﺸﺒﻜﺔ‪.‬‬
    ‫ﺗﻌُﺮﻑﻃﺒﻘﺔ ﺍﻟﻨﻘﻞ ﺑﺸﻜﻞ ﺃﺳﺎﺳﻲ ﺑﺎﻟﺴﻤﺎﺡ ﻟﻤﻀﻴﻔﻲ ﺍﻟﺸﺒﻜﺔ ﺑﺎﺳﺘﺨﺪﺍﻡ ﻭ ‪ /‬ﺃﻭ ﺗﻮﻓﻴﺮ ﺧﺪﻣﺔ ﻣﺘﻌﺪﺩﺓ‪ .‬ﺑﺎﺳﺘﺨﺪﺍﻡ ﻣﺜﺎﻝ ‪ ، TCP‬ﻳﻘﻮﻡ‬
    ‫ﺍﻟﻌﻤﻴﻞﺑﺘﻘﺪﻳﻢ ﻃﻠﺐ ﺇﻟﻰ ﺍﻟﺨﺎﺩﻡ‪ .‬ﻳﺴﺘﻤﻊ ﺍﻟﺨﺎﺩﻡ ﺑﺎﺗﺼﺎﻝ ﻣﻔﺘﻮﺡ ﻋﻠﻰ ﺭﻗﻢ ﻣﻨﻔﺬ ﻣﻌﺮﻭﻑ‪ .‬ﻳﺘﻴﺢ ﺗﺤﺪﻳﺪ ﺭﻗﻢ ﺍﻟﻤﻨﻔﺬ ﻓﻲ ﺍﻟﻄﻠﺐ ﻟﻠﺨﺎﺩﻡ‬
    ‫ﺗﺤﺪﻳﺪﺍﻟﺨﺪﻣﺔ ﺍﻟﻤﻄﻠﻮﺑﺔ‪ .‬ﺛﻢ ﻳﺮﺩ ﺍﻟﺨﺎﺩﻡ ﻋﻠﻰ ﻣﻨﻔﺬ ﺍﻟﻌﻤﻴﻞ ﺍﻟﻤﻨﺎﺳﺐ ‪ ،‬ﻭﺍﻟﺬﻱ ﻳﻤﻜﻦ ﺗﻌﻴﻴﻨﻪ ﺑﺄﻱ ﻋﺪﺩ ﻣﻦ ﺍﻟﻄﺮﻕ ﺍﻋﺘﻤﺎﺩﺍً ﻋﻠﻰ‬
    ‫ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻝ‪.‬ﺗﺤﺪﺩ ﺍﻟﻄﺒﻘﺔ ‪ 4‬ﺧﺪﻣﺎﺕ ﺃﺧﺮﻯ ﻣﺜﻞ ﺍﻟﺘﺤﻜﻢ ﻓﻲ ﺍﻟﺘﺪﻓﻖ ﻟﻀﻤﺎﻥ ﺍﻟﺴﺮﻋﺔ ﺩﻭﻥ ﺇﺭﺑﺎﻙ ﺍﻟﻤﻀﻴﻒ ‪ ،‬ﻭﺗﺼﺤﻴﺢ ﺍﻷﺧﻄﺎء ﻟﺘﺤﺪﻳﺪ‬
    ‫ﻭﺇﻋﺎﺩﺓﺇﺭﺳﺎﻝ ﺍﻟﺤﺰﻡ ﺍﻟﺴﻴﺉﺔ ﻭﻏﻴﺮﻫﺎ‪.‬‬

    ‫ﺍﻟﻄﺒﻘﺔ‪ - 5‬ﺍﻟﺠﻠﺴﺔ‬
    ‫ﻭﻇﻴﻔﺔ‪:‬ﺗﻮﻓﺮ ﻃﺒﻘﺔ ﺍﻟﺠﻠﺴﺔ ﺧﺪﻣﺎﺕ ﻹﺩﺍﺭﺓ ﺍﻻﺗﺼﺎﻻﺕ ﺍﻟﺒﻌﻴﺪﺓ ﻋﻨﺪ ﻣﺴﺘﻮﻳﺎﺕ ﺍﻟﺘﻔﺎﻋﻞ ﺍﻷﺳﺎﺳﻴﺔ ﻟﻠﻐﺎﻳﺔ‪ .‬ﺍﻟﻄﺒﻘﺔ ‪ 5‬ﻣﺴﺆﻭﻟﺔ‬
    ‫ﻋﻦﺗﻤﻜﻴﻦ ﺗﻔﺎﻋﻞ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﻤﺤﻠﻴﺔ ﻭﺍﻟﺒﻌﻴﺪﺓ‪.‬‬
    ‫ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕﺍﻟﺘﻲ ﺗﻨﻔﺬ ﻫﺬﻩ ﺍﻟﻄﺒﻘﺔ‪:‬ﺍﺳﺘﺪﻋﺎءﺍﺕ ﺍﻹﺟﺮﺍءﺍﺕ ﻋﻦ ﺑﻌُﺪ )‪ ، (RPC‬ﻭﺑﺮﻭﺗﻮﻛﻮﻝ ﺟﻠﺴﺔ (‪ ، AppleTalk )ASP‬ﻭﺃﺟﺰﺍء ﻣﻦ ‪، TCP‬‬
    ‫ﻭﻏﻴﺮﻫﺎ‪.‬‬

    ‫ﺍﻟﻤﺤﺘﺮﻓﻮﻥﺍﻟﻌﺎﻣﻠﻮﻥ ﻓﻲ ﻫﺬﺍ ﺍﻟﻤﺴﺘﻮﻯ‪:‬ﻣﺴﺆﻭﻝ ﺍﻟﺸﺒﻜﺔ ﺃﻭ ﻣﻄﻮﺭ ﺍﻟﺘﻄﺒﻴﻖ ﺃﻭ ﻋﺎﻣﻞ ﺍﻟﺘﺸﻔﻴﺮ ﺃﻭ ﻓﺮﻳﻖ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﺸﺒﻜﺔ‪.‬‬

    ‫ﺗﺘﻀﻤﻦﻃﺒﻘﺔ ﺍﻟﺠﻠﺴﺔ ﺑﻌﺾ ﻭﻇﺎﺉﻒ ‪ TCP‬ﺍﻟﺘﻲ ﺗﻮﻓﺮ ﺍﻟﺘﻮﺻﻴﻼﺕ‪ .‬ﻓﻲ ﺍﻟﻤﻘﺎﺑﻞ ‪ ،‬ﻳﻮﻓﺮ ‪ UDP‬ﺧﺪﻣﺔ "ﺑﺪﻭﻥ ﺍﺗﺼﺎﻝ" ﻣﻦ ﺧﻼﻝ ﻣﻌﺎﻣﻠﺔ‬
    ‫ﻛﻞ"ﻣﺨﻄﻂ ﺑﻴﺎﻧﺎﺕ" ‪) UDP‬ﻣﻜﺎﻓﺊ ﻟﺤﺰﻣﺔ ‪ (TCP‬ﻋﻠﻰ ﺃﻧﻪ ﻣﺴﺘﻘﻞ ﻋﻦ ﻣﺨﻄﻄﺎﺕ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻷﺧﺮﻯ‪ .‬ﻳﻤﻜﻦ ﺗﺮﺗﻴﺐ ﺗﺪﻓﻘﺎﺕ ﺣﺰﻡ ‪TCP‬‬
    ‫ﺑﺎﻟﺘﺮﺗﻴﺐﻭﺇﻋﺎﺩﺓ ﺇﺭﺳﺎﻟﻬﺎ ﻓﻲ ﺣﺎﻟﺔ ﺗﻠﻒ ﺃﺣﺪﻫﺎ ﺃﻭ ﻓﻘﺪﻩ‪ .‬ﺗﻘﻮﻡ ﺧﺪﻣﺎﺕ ﺍﻟﻄﺒﻘﺔ ﺍﻟﺨﺎﻣﺴﺔ ﺃﻳﻀﺎً ﺑﺈﻧﺸﺎء ﻭﺗﺘﺒﻊ ﺍﺗﺼﺎﻻﺕ ﻣﺘﻌﺪﺩﺓ ﺑﻴﻦ‬
    ‫ﺍﻟﻤﻀﻴﻔﻴﻦﺑﺎﺳﺘﺨﺪﺍﻡ ﻧﻔﺲ ﺍﻟﺘﻄﺒﻴﻖ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﺗﻨﺰﻳﻞ ﻣﻠﻔﺎﺕ ﻣﺘﻌﺪﺩﺓ ﻓﻲ ﻭﻗﺖ ﻭﺍﺣﺪ ﺑﺎﺳﺘﺨﺪﺍﻡ ﺑﺮﻭﺗﻮﻛﻮﻝ ﻧﻘﻞ ﺍﻟﻤﻠﻔﺎﺕ‬
    ‫]‪ .([FTP‬ﺑﻌﺾ ﺍﻻﺗﺼﺎﻻﺕ ﺣﺴﺎﺳﺔ ﻟﺒﺪء ﻭﺇﻳﻘﺎﻑ ﺃﻭ ﺩﻣﺞ ﺗﺪﻓﻘﺎﺕ ﺑﻴﺎﻧﺎﺕ ﻣﺘﻌﺪﺩﺓ ؛ ﺗﺘﺤﻜﻢ ﻃﺒﻘﺔ ﺍﻟﺠﻠﺴﺔ ﻓﻲ ﺑﺪء ﺍﻟﺨﺪﻣﺎﺕ ﻭﺇﻳﻘﺎﻓﻬﺎ‬
    ‫ﻟﻠﺘﻄﺒﻴﻘﺎﺕﺍﻟﺘﻲ ﺗﺤﺘﺎﺝ ﺇﻟﻰ ﺗﺪﻓﻖ ﺑﻴﺎﻧﺎﺕ ﻣﺘﺤﻜﻢ ﻓﻴﻪ‪ .‬ﺗﺴﻤﺢ ﻫﺬﻩ ﺍﻟﻤﻴﺰﺓ ﺃﻳﻀﺎً ﺑﺎﺳﺘﻌﺎﺩﺓ ﺍﻟﺠﻠﺴﺎﺕ ﺍﻟﻤﺘﻘﻄﻌﺔ‪.‬‬

    ‫ﺍﻟﻄﺒﻘﺔ‪ - 6‬ﺍﻟﻌﺮﺽ‬
    ‫ﻭﻇﻴﻔﺔ‪:‬ﺗﻬﺘﻢ ﻃﺒﻘﺔ ﺍﻟﻌﺮﺽ ﺑﺄﺧﺬ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻣﻦ ﻣﺠﻤﻮﻋﺔ ﻣﺘﻨﻮﻋﺔ ﻣﻦ ﻣﺼﺎﺩﺭ ﻃﺒﻘﺔ ﺍﻟﺘﻄﺒﻴﻖ ﻭﺇﺗﺎﺣﺔ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻟﻠﺘﻄﺒﻴﻘﺎﺕ ﺍﻷﺧﺮﻯ‬
    ‫ﻭﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕﺍﻟﻘﻴﺎﺳﻴﺔ ﻟﻠﺸﺒﻜﺔ‪ .‬ﺗﻤﺜﻞ ﻃﺒﻘﺔ ﺍﻟﻌﺮﺽ ﺧﺮﻭﺟﺎً ﻋﻦ ﺍﻟﻄﺒﻘﺎﺕ ﺍﻟﻤﺮﺗﺒﻄﺔ ﺑﺎﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻤﺘﺤﺮﻛﺔ‪ .‬ﻳﻨﻄﺒﻖ ﺍﻟﻌﺮﺽ ﺍﻟﺘﻘﺪﻳﻤﻲ‬
    ‫ﻋﻠﻰﺍﻟﺒﻴﺎﻧﺎﺕ ﻓﻲ ﺣﺎﻟﺔ ﺍﻟﺴﻜﻮﻥ ﻭﻛﺬﻟﻚ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻤﺘﺤﺮﻛﺔ‪ .‬ﺗﻘﻮﻡ ﻃﺒﻘﺔ ﺍﻟﻌﺮﺽ ﺃﻳﻀﺎً ﺑﺘﻨﺴﻴﻖ ﺗﻐﻠﻴﻒ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻤﻮﺟﻮﺩﺓ ﻓﻲ ﺍﻟﻤﻠﻔﺎﺕ‬
    ‫ﺍﻟﻤﻀﻐﻮﻃﺔﻭﺍﻟﻤﻠﻔﺎﺕ ﺍﻟﻤﺸﻔﺮﺓ ﻭﺍﻟﻤﻠﻔﺎﺕ ﺍﻟﻤﺮﻛﺒﺔ )ﺃﻱ ﺍﻟﻤﻠﻔﺎﺕ ﺍﻟﺘﻲ ﺗﺤﺘﻮﻱ ﻋﻠﻰ ﻣﻠﻔﺎﺕ ﺃﺧﺮﻯ ﻣﺜﻞ ﻣﺮﻓﻘﺎﺕ ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ(‪.‬‬

    ‫ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕﺍﻟﺘﻲ ﺗﻨﻔﺬ ﻫﺬﻩ ﺍﻟﻄﺒﻘﺔ‪.MIME ، ASCII ، Zip :‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪56‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻤﺤﺘﺮﻓﻮﻥﺍﻟﻌﺎﻣﻠﻮﻥ ﻓﻲ ﻫﺬﺍ ﺍﻟﻤﺴﺘﻮﻯ‪:‬ﻣﻄﻮﺭ ﺗﻄﺒﻴﻘﺎﺕ ‪ ،‬ﻓﺮﻳﻖ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﺸﺒﻜﺔ ‪ ،‬ﻋﺎﻣﻞ ﺗﺸﻔﻴﺮ ‪ ،‬ﻣﻬﻨﺪﺱ‬
    ‫ﺍﺗﺼﺎﻻﺕ ‪،‬ﻣﻬﻨﺪﺱ ﺷﺒﻜﺎﺕ ‪ ،‬ﻣﺤﻠﻞ ﺟﻨﺎﺉﻲ ‪ ،‬ﻣﻬﻨﺪﺱ ﺷﺒﻜﺎﺕ‪.‬‬
    ‫ﺗﻬﺘﻢﻃﺒﻘﺔ ﺍﻟﻌﺮﺽ ﺑﺸﻜﻞ ﺃﺳﺎﺳﻲ ﺑﺘﺤﻮﻳﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ‪ .‬ﻳﺘﻢ ﺍﺳﺘﺨﺪﺍﻡ ﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺑﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﺘﻮﺣﻴﺪ ﺍﻟﻘﻴﺎﺳﻲ ﻟﻀﻤﺎﻥ ﺍﻟﺘﺸﻐﻴﻞ‬
    ‫ﺍﻟﺒﻴﻨﻲﺑﻴﻦ ﺍﻷﻧﻈﻤﺔ ﻭﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻣﺜﻞ ‪ ASCII‬ﻭ ‪ .UNICODE‬ﺇﺫﺍ ﻛﺎﻥ ﺍﻟﺘﺤﻮﻳﻞ ﻣﻤﻜﻨﺎً ﺑﻴﻦ ﻣﻌﻴﺎﺭﻳﻦ ﻣﻦ ﻫﺬﺍ ﺍﻟﻘﺒﻴﻞ ‪ ،‬ﻓﺈﻥ ﻃﺒﻘﺔ‬
    ‫ﺍﻟﻌﺮﺽﺗﺆﺩﻱ ﻫﺬﻩ ﺍﻟﻮﻇﻴﻔﺔ ‪ ،‬ﻭﻟﻜﻨﻬﺎ ﺗﺆﺩﻱ ﺃﻳﻀﺎً ﺍﻟﻀﻐﻂ ﻭﺇﻟﻐﺎء ﺍﻟﻀﻐﻂ ﻭﺍﻟﺘﺸﻔﻴﺮ ﻭﻓﻚ ﺍﻟﺘﺸﻔﻴﺮ ‪ ،‬ﻋﻠﻰ ﺍﻟﺮﻏﻢ ﻣﻦ ﺃﻥ ﺟﻤﻴﻊ ﻫﺬﻩ‬
    ‫ﺍﻟﻤﻬﺎﻡﻟﻴﺴﺖ ﺟﺰءﺍً ﺣﺼﺮﻳﺎً ﻣﻦ ﻫﺬﻩ ﺍﻟﻄﺒﻘﺔ‪.‬‬

    ‫ﺍﻟﻄﺒﻘﺔ‪ - 7‬ﺍﻟﺘﻄﺒﻴﻖ‬
    ‫ﻭﻇﻴﻔﺔ‪:‬ﺗﻘﻮﻡ ﺗﻄﺒﻴﻘﺎﺕ ﺃﺧﺮﻯ ﻣﺨﺘﻠﻔﺔ ﺑﺘﻮﻟﻴﺪ ﻭﺍﺳﺘﻬﻼﻙ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻋﻠﻰ ﻫﺬﺍ ﺍﻟﻤﺴﺘﻮﻯ‪ .‬ﻫﺬﻩ ﺍﻟﻄﺒﻘﺔ ﻫﻲ ﺍﻷﻛﺜﺮ ﺗﻨﻮﻋﺎً ‪ ،‬ﻭﻟﻜﻨﻬﺎ ﺃﻳﻀﺎً‬
    ‫ﺍﻷﻛﺜﺮﺷﻴﻮﻋﺎً ﻟﻠﻤﺴﺘﺨﺪﻣﻴﻦ‪ .‬ﺗﻘﻮﻡ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﺘﻲ ﺗﻨﺸﺊ ﺑﻴﺎﻧﺎﺕ ﺍﻟﻤﺴﺘﺨﺪﻡ ﻭﺗﻌﺪﻳﻠﻬﺎ ﺑﺘﻨﻔﻴﺬ ﻃﺒﻘﺔ ﺍﻟﺘﻄﺒﻴﻖ ﺍﻟﺨﺎﺻﺔ ﺑﺎﻟﻤﻜﺪﺱ‪ .‬ﺇﻧﻪ‬
    ‫ﺍﺧﺘﻼﻑﺩﻗﻴﻖ ‪ ،‬ﻟﻜﻦ ﻫﺬﻩ ﺍﻟﻄﺒﻘﺔ ﻟﻴﺴﺖ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﻧﻔﺴﻬﺎ ؛ ﺑﺪﻻ ًﻣﻦ ﺫﻟﻚ ‪ ،‬ﻓﻬﻮ ﻣﻨﺘﺞ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻤﻨﺴﻘﺔ ﻟﺘﻠﻚ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ‪.‬‬

    ‫ﺍﻟﺒﺮﻭﺗﻮﻛﻮﻻﺕﺍﻟﺘﻲ ﺗﻨﻔﺬ ﻫﺬﻩ ﺍﻟﻄﺒﻘﺔ‪:‬ﺑﺮﻭﺗﻮﻛﻮﻝ ﻧﻘﻞ ﺍﻟﻤﻠﻔﺎﺕ )‪ ، (FTP‬ﺑﺮﻭﺗﻮﻛﻮﻝ ﻧﻘﻞ ﺍﻟﻨﺺ ﺍﻟﺘﺸﻌﺒﻲ )‪ ، (HTTP‬ﺑﺮﻭﺗﻮﻛﻮﻝ‬
    ‫ﻧﻘﻞﺍﻟﺒﺮﻳﺪ ﺍﻟﺒﺴﻴﻂ )‪ ، (SMTP‬ﻭﻏﻴﺮﻫﺎ ﺍﻟﻜﺜﻴﺮ‪.‬‬
    ‫ﺍﻟﻤﺤﺘﺮﻓﻮﻥﺍﻟﻌﺎﻣﻠﻮﻥ ﻓﻲ ﻫﺬﺍ ﺍﻟﻤﺴﺘﻮﻯ‪:‬ﻣﻄﻮﺭ ﺗﻄﺒﻴﻘﺎﺕ ‪ ،‬ﻓﺮﻳﻖ ﺗﻄﺒﻴﻘﺎﺕ ﺍﻟﺸﺒﻜﺔ ‪ ،‬ﻋﺎﻣﻞ ﺗﺸﻔﻴﺮ ‪ ،‬ﻣﻬﻨﺪﺱ‬
    ‫ﺍﺗﺼﺎﻻﺕ ‪،‬ﻣﻬﻨﺪﺱ ﺷﺒﻜﺎﺕ ‪ ،‬ﻣﺤﻠﻞ ﺟﻨﺎﺉﻲ ‪ ،‬ﻣﻬﻨﺪﺱ ﺷﺒﻜﺎﺕ‪.‬‬
    ‫ﺗﻌﻤﻞﻃﺒﻘﺔ ﺍﻟﺘﻄﺒﻴﻖ ﻭﻃﺒﻘﺔ ﺍﻟﻌﺮﺽ ﻣﻌﺎً ﻓﻲ ﻣﻌﻈﻢ ﺍﻟﺤﺎﻻﺕ‪ .‬ﺗﺴﺘﺨﺪﻡ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﺘﻲ ﺗﻨﻈﻢ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻓﻲ ﺗﻨﺴﻴﻘﺎﺕ ﻗﻴﺎﺳﻴﺔ‬
    ‫ﻟﻠﺘﺸﻐﻴﻞﺍﻟﺒﻴﻨﻲ ﺗﻨﺴﻴﻘﺎﺕ ﻣﻠﻔﺎﺕ ﻃﺒﻘﺔ ﺍﻟﻌﺮﺽ ﺍﻟﺘﻘﺪﻳﻤﻲ‪ .‬ﻳﺘﻢ ﻓﺘﺢ ﻫﺬﻩ ﺍﻟﺘﻨﺴﻴﻘﺎﺕ ﻟﻠﻤﺴﺘﺨﺪﻡ ﻋﻦ ﻃﺮﻳﻖ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ ﺍﻟﺘﻲ ﺗﺪﺭﻙ‬
    ‫ﻧﻮﻉﺍﻟﻤﻠﻒ ﻫﺬﺍ‪ .‬ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﻳﻘﻮﻡ ﻣﻌﻈﻢ ﺍﻟﻤﺴﺘﺨﺪﻣﻴﻦ ﺗﻠﻘﺎﺉﻴﺎً ﺑﺮﺑﻂ ﺍﻟﺘﻄﺒﻴﻖ ‪ ، MS Word ،‬ﺑﻨﻮﻉ ﺍﻟﻤﻠﻒ "‪ ".docx.‬ﻫﺎﺗﺎﻥ‬
    ‫ﺍﻟﻄﺒﻘﺘﺎﻥﻟﻬﻤﺎ ﻭﻇﺎﺉﻒ ﻣﻤﻴﺰﺓ ‪ ،‬ﻟﻜﻨﻬﻤﺎ ﻳﺨﺘﻠﻔﺎﻥ ﻋﻦ ﻃﺒﻘﺎﺕ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻓﻲ ﺍﻟﺤﺮﻛﺔ ﺑﺪﻗﺔ‪ 2 :‬ﻭ ‪ 3‬ﻭ ‪ 4‬ﻭ ‪.5‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪57‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻤﻠﺤﻖ‪ .E‬ﻧﻤﻮﺫﺝ ﺳﺒﻊ ﻃﺒﻘﺎﺕ ﻓﻲ ﺍﻟﻌﻤﻞ‬
    ‫ﻳﻤﺜﻞﻫﺬﺍ ﺍﻟﻤﺜﺎﻝ ﻣﻀﻴﻔﻴﻦ ﻳﺘﻮﺍﺻﻼﻥ ﻋﺒﺮ ﺷﺒﻜﺘﻴﻦ ﻣﺤﻠﻴﺘﻴﻦ‪) .‬ﻣﻼﺣﻈﺔ‪ :‬ﻫﺬﺍ ﺍﻟﻤﺜﺎﻝ ﻳﺘﺠﺎﻫﻞ ﺗﻌﻘﻴﺪﺍﺕ ﺗﻮﺟﻴﻪ‬
    ‫ﺍﻹﻧﺘﺮﻧﺖ‪(.‬‬

    ‫ﻣﺜﺎﻝﻋﻠﻰ ﺍﺗﺼﺎﻝ ﻣﻀﻴﻔﻴﻦ ﻋﺒﺮ ﺷﺒﻜﺘﻴﻦ ﻣﺤﻠﻴﺘﻴﻦ )‪(LAN‬‬


    ‫ﺍﻟﻄﺒﻘﺔ‪ - 7‬ﺍﻟﺘﻄﺒﻴﻖ‬
    ‫ﺑﻴﺎﻧﺎﺕﺍﻟﻤﺴﺘﺨﺪﻡ )ﺭﺳﻢ ﺑﻴﺎﻧﻲ(‪.‬‬

    ‫ﺍﻟﻄﺒﻘﺔ‪ - 6‬ﺍﻟﻌﺮﺽ‬
    ‫ﺗﻢﺗﻨﺴﻴﻖ ﺍﻟﺮﺳﻢ ﺑﺘﻨﺴﻴﻖ ‪ .JPG‬ﻻ ﻳﺤﺪﺙ ﺗﻐﻠﻴﻒ ؛ ﻫﺬﺍ ﻫﻮ ﺗﺤﻮﻳﻞ ﺍﻟﺼﻮﺭﺓ ﺍﻟﻨﻘﻄﻴﺔ ﺍﻟﻤﻌﺮﻭﺿﺔ ﺇﻟﻰ ﺗﻨﺴﻴﻖ ﺗﺨﺰﻳﻦ‪ .‬ﻳﻤﻜﻦ‬
    ‫ﺗﺨﺰﻳﻨﻬﺎﻓﻲ ﻧﻈﺎﻡ ﻣﻠﻔﺎﺕ ﺃﻭ ﻧﻘﻠﻬﺎ ﻋﺒﺮ ﺍﺗﺼﺎﻝ ﺍﻟﺸﺒﻜﺔ‪.‬‬

    ‫ﺍﻟﻄﺒﻘﺔ‪ - 5‬ﺍﻟﺠﻠﺴﺔ‬
    ‫ﻳﺘﻢﺗﻄﺒﻴﻖ ﺗﺸﻔﻴﺮ (‪ .Secure Socket Layer )SSL‬ﻻ ﻳﺤﺪﺙ ﺗﻐﻠﻴﻒ ؛ ﻫﺬﺍ ﺗﺤﻮﻝ ﺩﺍﺧﻞ ﺟﻠﺴﺔ‪ .‬ﺍﻟﻄﺮﻑ ﺍﻵﺧﺮ ﻳﻌﺮﻑ ﻛﻴﻒ ﻳﻔﻚ‬
    ‫ﺗﺸﻔﻴﺮﻩ‪.‬ﺗﺒﺪﺃ ﻫﺬﻩ ﺍﻟﻄﺒﻘﺔ ﻃﺒﻘﺎﺕ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺃﺛﻨﺎء ﺍﻟﺤﺮﻛﺔ‪.‬‬
    ‫ﺑﺼﺮﻳﺎً ‪،‬ﻳﻤﻜﻦ ﺗﻘﺪﻳﻢ ﺍﻟﻤﺤﺘﻮﻯ ﻛـ >‪ .<DATA‬ﻟﻠﺘﻌﺰﻳﺰ ﺍﻟﺒﺼﺮﻱ ‪ ،‬ﺗﺤﻴﻂ ﺍﻷﻗﻮﺍﺱ ﺑﺎﻟﻤﺤﺘﻮﻯ ﻓﻲ ﻫﺬﺍ ﺍﻟﻤﺴﺘﻮﻯ‪ .‬ﻳﻮﺿﺢ ﺍﻟﻤﺴﺘﻮﻯ‬
    ‫ﺍﻟﺘﺎﻟﻲﻛﻴﻒ ﻳﺘﻢ ﺍﻟﺘﻌﺎﻣﻞ ﻣﻊ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻷﻭﻟﻴﺔ ﻣﻦ ﺍﻟﻤﺴﺘﻮﻳﺎﺕ ﺍﻷﻋﻠﻰ ﻛﻤﺤﺘﻮﻯ‪.‬‬

    ‫ﺍﻟﻄﺒﻘﺔ‪ - 4‬ﺍﻟﻨﻘﻞ‬
    ‫ﺗﺘﻢﺇﺿﺎﻓﺔ ﻣﻌﻠﻮﻣﺎﺕ ﺭﺃﺱ ‪ TCP‬ﻟﺘﺤﺪﻳﺪ ﺍﻟﻤﻨﻔﺬ ﺍﻟﻤﺘﺼﻞ ﺑﺎﻟﻤﻀﻴﻒ ﺍﻟﻤﺴﺘﻠﻢ ﻟﺘﻠﻘﻲ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻤﺸﻔﺮﺓ‪ .‬ﺗﺼﺒﺢ ﺑﻴﺎﻧﺎﺕ ﻃﺒﻘﺔ ﺍﻟﺠﻠﺴﺔ‬
    ‫ﺍﻟﻤﺸﻔﺮﺓﻫﻲ ﺑﻴﺎﻧﺎﺕ ﺍﻟﺤﻤﻮﻟﺔ ﻟﺘﻐﻠﻴﻒ ﺍﻟﻄﺒﻘﺔ ‪.4‬‬
    ‫ﺑﺼﺮﻳﺎً ‪،‬ﻳﻤﻜﻦ ﺍﺧﺘﺼﺎﺭﻫﺎ ﻛـ ‪ ، <DATA> +4‬ﺣﻴﺚ ﺗﺤﺪﺩ ﺍﻷﻗﻮﺍﺱ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻓﻲ ﻫﺬﺍ ﺍﻟﻤﺴﺘﻮﻯ‪.‬‬

    ‫ﺍﻟﻄﺒﻘﺔ‪ - 3‬ﺍﻟﺸﺒﻜﺔ‬
    ‫ﺗﺘﻢﺇﺿﺎﻓﺔ ﻣﻌﻠﻮﻣﺎﺕ ﺭﺃﺱ ‪ IP‬ﺇﻟﻰ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻤﺘﻠﻘﺎﺓ ﺃﺳﻔﻞ ﺍﻟﻤﻜﺪﺱ ﻣﻦ ﺍﻟﻄﺒﻘﺔ ‪ .4‬ﺗﺼﺒﺢ ﺑﻴﺎﻧﺎﺕ ﻃﺒﻘﺔ ﺍﻟﺠﻠﺴﺔ ﺍﻟﻤﺠﻤﻌﺔ ﻭﺍﻟﺒﻴﺎﻧﺎﺕ‬
    ‫ﺍﻟﻮﺻﻔﻴﺔﻟﻄﺒﻘﺔ ﺍﻟﻨﻘﻞ ﻫﻲ ﺑﻴﺎﻧﺎﺕ ﺍﻟﺤﻤﻮﻟﺔ ﺍﻟﻨﺎﻓﻌﺔ ﻟﺘﻐﻠﻴﻒ ﺍﻟﻄﺒﻘﺔ ‪.3‬‬
    ‫ﺑﺼﺮﻳﺎً ‪،‬ﻳﻤﻜﻦ ﺍﺧﺘﺼﺎﺭﻫﺎ ﻛـ ‪ 4> +3‬ﺑﻴﺎﻧﺎﺕ<‪ .‬ﺃﺻﺒﺤﺖ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻮﺻﻔﻴﺔ ﻟﻠﻄﺒﻘﺔ ‪ 4‬ﺍﻵﻥ ﺩﺍﺧﻞ ﺍﻷﻗﻮﺍﺱ ﻣﻤﺎ ﻳﻌﻨﻲ ﺃﻧﻬﺎ ﺗﻌﺎﻣﻞ ﻋﻠﻰ ﺃﻧﻬﺎ‬
    ‫ﺑﻴﺎﻧﺎﺕﺑﻮﺍﺳﻄﺔ ﺍﻟﻄﺒﻘﺔ ‪.3‬‬

    ‫ﺍﻟﻄﺒﻘﺔ‪ - 2‬ﺍﺭﺗﺒﺎﻁ ﺍﻟﺒﻴﺎﻧﺎﺕ‬

    ‫ﻳﺘﻢﺗﻘﺴﻴﻢ ﺣﺰﻡ ‪ IP‬ﺇﻟﻰ ﺇﻃﺎﺭﺍﺕ ﻟﻺﺭﺳﺎﻝ ﻋﺒﺮ ﺷﺒﻜﺔ ﺍﻟﻤﻨﻄﻘﺔ ﺍﻟﻤﺤﻠﻴﺔ ﺇﻟﻰ ﺍﻟﻤﺤﻮﻝ ﺍﻟﺬﻱ ﻳﻌﻤﻞ ﺃﻳﻀﺎً ﻛﺠﻬﺎﺯ ﺗﻮﺟﻴﻪ‪ .‬ﻋﻠﻰ ﻏﺮﺍﺭ‬
    ‫ﻃﺒﻘﺎﺕﺍﻟﻨﻘﻞ ﻭﺍﻟﺸﺒﻜﺔ ‪ ،‬ﺗﺘﻢ ﻣﻌﺎﻣﻠﺔ ﻛﻞ ﻣﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻷﺻﻠﻴﺔ ﻭﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻮﺻﻔﻴﺔ ﻣﻦ ﺍﻟﻄﺒﻘﺎﺕ ﺍﻟﻌﻠﻴﺎ ﺑﻨﻔﺲ ﺍﻟﻄﺮﻳﻘﺔ ﻋﻨﺪ ﺗﻜﻮﻳﻦ‬
    ‫ﺇﻃﺎﺭﺍﺕﻃﺒﻘﺔ ﺍﺭﺗﺒﺎﻁ ﺍﻟﺒﻴﺎﻧﺎﺕ‪.‬‬
    ‫ﺑﺼﺮﻳﺎً ‪،‬ﻳﻤﻜﻦ ﺍﺧﺘﺼﺎﺭﻫﺎ ﻛـ ‪ .<DATA 4 3> +2‬ﻳﺘﻢ ﺗﻐﻠﻴﻒ ﺟﻤﻴﻊ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻮﺻﻔﻴﺔ ﺍﻟﺴﺎﺑﻘﺔ ﺑﺮﺅﻭﺱ ﺍﻟﻄﺒﻘﺔ ﺍﻟﺜﺎﻧﻴﺔ‪.‬‬

    ‫ﺍﻟﻄﺒﻘﺔ‪ - 1‬ﺍﻟﻤﺎﺩﻳﺔ‬

    ‫ﻳﺘﻢﺗﺮﻣﻴﺰ ﺍﻹﻃﺎﺭﺍﺕ ﻋﻠﻰ ﺷﻜﻞ ﻣﻮﺟﺔ ﻓﻲ ﺍﻷﺳﻼﻙ ﺍﻟﻨﺤﺎﺳﻴﺔ‪ .‬ﻻ ﻳﺤﺪﺙ ﺗﻐﻠﻴﻒ ﻷﻥ ﺍﻟﻄﺒﻘﺔ ﺍﻷﻭﻟﻰ ﺗﻘﻮﻡ ﺑﺒﺴﺎﻃﺔ ﺑﺘﺤﻮﻳﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺇﻟﻰ‬
    ‫ﺇﺷﺎﺭﺓﺣﺎﻣﻠﺔ‪ .‬ﻧﻈﺮﺍً ﻷﻧﻪ ﻳﺘﻢ ﺍﻟﺘﻌﺎﻣﻞ ﻣﻊ ﺟﻤﻴﻊ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻣﻦ ﺍﻟﻤﺴﺘﻮﻳﺎﺕ ﺍﻷﻋﻠﻰ ﺑﺎﻟﻄﺮﻳﻘﺔ ﻧﻔﺴﻬﺎ ‪ ،‬ﺗﻌُﺘﺒﺮ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻮﺻﻔﻴﺔ ﻣﻦ‬
    ‫ﺍﻟﻤﺴﺘﻮﻳﺎﺕﺍﻷﻋﻠﻰ ﺟﺰءﺍً ﻣﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﺘﻲ ﺗﻨﺰﻝ ﺇﻟﻰ ﺍﻟﻤﻜﺪﺱ‪.‬‬
    ‫ﺑﻤﺠﺮﺩﺇﺯﺍﻟﺔ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﺘﻌﺮﻳﻔﻴﺔ ﺫﺍﺕ ﺍﻟﺼﻠﺔ ﺑﺎﻟﻄﺒﻘﺔ ﺍﻟﺤﺎﻟﻴﺔ ‪ ،‬ﻳﺘﻢ ﺩﻓﻊ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﻤﺘﺒﻘﻴﺔ ﻷﻋﻠﻰ ﻓﻲ ﺍﻟﻤﻜﺪﺱ ﺣﻴﺚ ﻳﺘﻢ ﺍﻟﺘﻌﺮﻑ ﻋﻠﻰ ﺍﻟﺒﻴﺎﻧﺎﺕ‬
    ‫ﺍﻷﻭﻟﻴﺔﺫﺍﺕ ﺍﻟﻤﺴﺘﻮﻯ ﺍﻷﻋﻠﻰ ﻋﻠﻰ ﺃﻧﻬﺎ ﺑﻴﺎﻧﺎﺕ ﺗﻌﺮﻳﻒ ﻣﺮﺓ ﺃﺧﺮﻯ‪ .‬ﻏﺎﻟﺒﺎً ﻣﺎ ﺗﻌﻮﺩ ﺃﺟﻬﺰﺓ ﺍﻟﺸﺒﻜﺔ ﻓﻘﻂ ﺇﻟﻰ ﺍﻟﻤﻜﺪﺱ ﻣﻦ ﺧﻼﻝ ﺍﻟﻄﺒﻘﺔ ‪ 4‬؛ ﻧﺎﺩﺭﺍً‬
    ‫ﻣﺎﻳﺘﻢ ﺗﻌﺪﻳﻞ ﺑﻴﺎﻧﺎﺕ ﻃﺒﻘﺔ ﺍﻟﺠﻠﺴﺔ ﻋﻨﺪ ﺍﻟﺘﻮﻗﻔﺎﺕ ﺍﻟﻮﺳﻴﻄﺔ ﺑﻴﻦ ﺍﻟﻤﻀﻴﻔﻴﻦ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪58‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻤﻠﺤﻖﻭ‪ .‬ﺃﻭﺻﺎﻑ ﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻌﺎﻣﺔ‬
    ‫ﻫﺬﻩﺍﻟﺘﻌﺮﻳﻔﺎﺕ ﻣﺄﺧﻮﺫﺓ ﻣﻦ ﺩﻟﻴﻞ ﺃﻋﻤﺎﻝ ﺑﺎﺭﻭﻥﻗﺎﻣﻮﺱ ﻣﺼﻄﻠﺤﺎﺕ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﻭﺍﻹﻧﺘﺮﻧﺖ‪ ،‬ﺍﻟﻄﺒﻌﺔ ﺍﻟﺜﺎﻧﻴﺔ ﻋﺸﺮﺓ ‪،‬‬
    ‫‪.2017‬‬

    ‫ﺧﺎﺩﻡﺍﺳﻢ ﺍﻟﻨﻄﺎﻕ‪ -‬ﺧﺎﺩﻡ ﻣﺴﺆﻭﻝ ﻋﻦ ﺗﺮﺟﻤﺔ ﻋﻨﺎﻭﻳﻦ ﺍﻟﻤﺠﺎﻝ ‪ ،‬ﻣﺜﻞ ‪www.example.com‬‬


    ‫ﻓﻲﺃﺭﻗﺎﻡ ‪) IP‬ﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻹﻧﺘﺮﻧﺖ( ‪ ،‬ﻣﺜﻞ ‪.127.192.92.95‬‬
    ‫ﺇﻳﺜﺮﻧﺖ‪ -‬ﻧﻮﻉ ﻣﻦ ﺷﺒﻜﺎﺕ ﺍﻟﻤﻨﻄﻘﺔ ﺍﻟﻤﺤﻠﻴﺔ ﺗﻢ ﺗﻄﻮﻳﺮﻩ ﻓﻲ ﺍﻷﺻﻞ ﺑﻮﺍﺳﻄﺔ ﺷﺮﻛﺔ ‪ .Xerox Corporation‬ﺗﻮﺍﺻﻞ‬
    ‫ﻋﻦﻃﺮﻳﻖ ﺇﺷﺎﺭﺍﺕ ﺍﻟﺘﺮﺩﺩ ﺍﻟﻼﺳﻠﻜﻲ ﺍﻟﺘﻲ ﻳﺤﻤﻠﻬﺎ ﻛﺎﺑﻞ‪.‬‬
    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻧﻘﻞ ﺍﻟﻤﻠﻔﺎﺕ )‪ -(FTP‬ﻃﺮﻳﻘﺔ ﻗﻴﺎﺳﻴﺔ ﻟﻨﻘﻞ ﺍﻟﻤﻠﻔﺎﺕ ﻣﻦ ﻛﻤﺒﻴﻮﺗﺮ ﺇﻟﻰ ﺁﺧﺮ ﻋﻠﻰ‬
    ‫ﺍﻹﻧﺘﺮﻧﺖﻭﻋﻠﻰ ﺷﺒﻜﺎﺕ ‪ TCP / IP‬ﺍﻷﺧﺮﻯ‪.‬‬
    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻧﻘﻞ ﺍﻟﻨﺺ ﺍﻟﺘﺸﻌﺒﻲ )‪ -(HTTP‬ﻃﺮﻳﻘﺔ ﻗﻴﺎﺳﻴﺔ ﻟﻨﺸﺮ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻛﻨﺺ ﺗﺸﻌﺒﻲ ﺑﺘﻨﺴﻴﻖ‬
    ‫ﺗﻨﺴﻴﻖ‪ HTML‬ﻋﻠﻰ ﺍﻹﻧﺘﺮﻧﺖ‪ HTTPS .‬ﻫﻮ ﻧﻮﻉ ﻣﺨﺘﻠﻒ ﻣﻦ ‪ HTTP‬ﻳﺴﺘﺨﺪﻡ ﺗﺸﻔﻴﺮ ‪ SSL‬ﻟﻸﻣﺎﻥ‪.‬‬

    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﺍﻟﻮﺻﻮﻝ ﺇﻟﻰ ﺑﺮﻳﺪ ﺍﻹﻧﺘﺮﻧﺖ )‪ -(IMAP‬ﺑﺮﻭﺗﻮﻛﻮﻝ ﻟﻌﺮﺽ ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﻋﻠﻰ ﺟﻬﺎﺯ ﻛﻤﺒﻴﻮﺗﺮ ﺷﺨﺼﻲ ﺃﺛﻨﺎء‬
    ‫ﺗﺮﻛﻪﻓﻲ ﻣﻜﺎﻧﻪ ﻋﻠﻰ ﺍﻟﻨﻈﺎﻡ ﺍﻟﻤﻀﻴﻒ‪.‬‬
    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻣﻜﺘﺐ ﺍﻟﺒﺮﻳﺪ )‪ -(POP‬ﺑﺮﻭﺗﻮﻛﻮﻝ ﻗﻴﺎﺳﻲ ﻟﺘﻮﺻﻴﻞ ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﺇﻟﻰ ﺃﺟﻬﺰﺓ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﺍﻟﺸﺨﺼﻴﺔ‪.‬‬

    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻃﺒﻘﺔ ﻣﺂﺧﺬ ﺍﻟﺘﻮﺻﻴﻞ ﺍﻵﻣﻨﺔ )‪ -(SSL‬ﻣﺼﻤﻢ ﻟﺘﺄﻣﻴﻦ ﺍﻻﺗﺼﺎﻻﺕ ﺑﻴﻦ ﻋﻤﻼء ﺍﻟﻮﻳﺐ ﻭ‬
    ‫ﺧﻮﺍﺩﻡﺍﻟﻮﻳﺐ ﻋﺒﺮ ﺷﺒﻜﺔ ﻏﻴﺮ ﺁﻣﻨﺔ ‪ ،‬ﻣﺜﻞ ﺍﻹﻧﺘﺮﻧﺖ‪.‬‬
    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﻧﻘﻞ ﺍﻟﺒﺮﻳﺪ ﺍﻟﺒﺴﻴﻂ )‪ -(SMTP‬ﺑﺮﻭﺗﻮﻛﻮﻝ ﻳﺴﺘﺨﺪﻡ ﻟﻨﻘﻞ ﺍﻟﺒﺮﻳﺪ ﺍﻹﻟﻜﺘﺮﻭﻧﻲ ﺑﻴﻦ‬
    ‫ﺃﺟﻬﺰﺓﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﻋﻠﻰ ﺍﻹﻧﺘﺮﻧﺖ ﻭﺷﺒﻜﺎﺕ ‪ TCP / IP‬ﺍﻷﺧﺮﻯ‪.‬‬
    ‫ﺑﺮﻭﺗﻮﻛﻮﻝﺍﻟﺘﺤﻜﻢ ﻓﻲ ﺍﻹﺭﺳﺎﻝ ‪ /‬ﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻹﻧﺘﺮﻧﺖ )‪ -(TCP / IP‬ﺗﻨﺴﻴﻖ ﻗﻴﺎﺳﻲ ﻟﻨﻘﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ‬
    ‫ﺍﻟﺤﺰﻡﻣﻦ ﻛﻤﺒﻴﻮﺗﺮ ﺇﻟﻰ ﺁﺧﺮ‪ .‬ﺍﻟﺠﺰءﺍﻥ ﻣﻦ ‪ TCP / IP‬ﻫﻤﺎ ‪ ، TCP‬ﻭﺍﻟﺬﻱ ﻳﺘﻌﺎﻣﻞ ﻣﻊ ﺇﻧﺸﺎء ﺣﺰﻡ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﻭ ‪IP‬‬
    ‫‪،‬ﺍﻟﺬﻱ ﻳﻮﺟﻬﻬﺎ ﻣﻦ ﺁﻟﺔ ﺇﻟﻰ ﺃﺧﺮﻯ‪.‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪59‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻤﻠﺤﻖﺯ‪ .‬ﻣﻘﺎﺭﻧﺔ ﺑﻴﻦ ﻗﻮﺍﻋﺪ ﺑﻴﺎﻧﺎﺕ ‪ SQL‬ﻭ ‪NoSQL‬‬
    ‫ﻗﻮﺍﻋﺪﺑﻴﺎﻧﺎﺕ ‪NoSQL‬‬ ‫ﻗﻮﺍﻋﺪﺑﻴﺎﻧﺎﺕ ‪SQL‬‬

    ‫ﺍﻟﻌﺪﻳﺪﻣﻦ ﺍﻷﻧﻮﺍﻉ ﺍﻟﻤﺨﺘﻠﻔﺔ ﺑﻤﺎ ﻓﻲ ﺫﻟﻚ ﻣﺨﺎﺯﻥ ﺍﻟﻘﻴﻤﺔ‬ ‫ﻧﻮﻉﻭﺍﺣﺪ )ﻗﺎﻋﺪﺓ ﺑﻴﺎﻧﺎﺕ ‪ (SQL‬ﻣﻊ ﺍﺧﺘﻼﻓﺎﺕ ﻃﻔﻴﻔﺔ‪.‬‬ ‫ﺃﻧﻮﺍﻉ‬
    ‫ﺍﻟﺮﺉﻴﺴﻴﺔﻭﻗﻮﺍﻋﺪ ﺑﻴﺎﻧﺎﺕ ﺍﻟﻤﺴﺘﻨﺪﺍﺕ ﻭﻣﺨﺎﺯﻥ ﺍﻷﻋﻤﺪﺓ‬
    ‫ﺍﻟﻌﺮﻳﻀﺔﻭﻗﻮﺍﻋﺪ ﺑﻴﺎﻧﺎﺕ ﺍﻟﺮﺳﻢ ﺍﻟﺒﻴﺎﻧﻲ‪.‬‬

    ‫ﺗﻢﺗﻄﻮﻳﺮﻩ ﻓﻲ ‪ 2000s‬ﻟﻠﺘﻌﺎﻣﻞ ﻣﻊ ﻗﻴﻮﺩ ﻗﻮﺍﻋﺪ‬ ‫ﺗﻢﺗﻄﻮﻳﺮﻩ ﻓﻲ ﺍﻟﺴﺒﻌﻴﻨﻴﺎﺕ ﻟﻠﺘﻌﺎﻣﻞ ﻣﻊ ﺍﻟﻤﻮﺟﺔ ﺍﻷﻭﻟﻰ ﻣﻦ‬ ‫ﺗﻄﻮﻳﺮ‬
    ‫ﺑﻴﺎﻧﺎﺕ‪ ، SQL‬ﻻ ﺳﻴﻤﺎ ﻓﻴﻤﺎ ﻳﺘﻌﻠﻖ ﺑﺎﻟﺤﺠﻢ ﻭﺍﻟﺘﻜﺮﺍﺭ‬ ‫ﺗﻄﺒﻴﻘﺎﺕﺗﺨﺰﻳﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ‪.‬‬ ‫ﺗﺎﺭﻳﺦ‬
    ‫ﻭﺗﺨﺰﻳﻦﺍﻟﺒﻴﺎﻧﺎﺕ ﻏﻴﺮ ﺍﻟﻤﻬﻴﻜﻠﺔ‪.‬‬

    ‫‪ ، HBase ، Neo4j.‬ﻛﺎﺳﺎﻧﺪﺭﺍ ‪MongoDB ،‬‬ ‫‪ Oracle Database.‬ﻭ ‪ Postgres‬ﻭ ‪MySQL‬‬ ‫ﺃﻣﺜﻠﺔ‬

    ‫ﻳﺨﺘﻠﻒﺑﻨﺎء ًﻋﻠﻰ ﻧﻮﻉ ﻗﺎﻋﺪﺓ ﺑﻴﺎﻧﺎﺕ ‪ .NoSQL‬ﻋﻠﻰ‬ ‫ﻳﺘﻢﺗﺨﺰﻳﻦ ﺍﻟﺴﺠﻼﺕ ﺍﻟﻔﺮﺩﻳﺔ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪" ،‬‬ ‫ﻣﺨﺰﻥﺍﻟﺒﻴﺎﻧﺎﺕ‬
    ‫ﺳﺒﻴﻞﺍﻟﻤﺜﺎﻝ ‪ ،‬ﺗﻌﻤﻞ ﻣﺨﺎﺯﻥ ﺍﻟﻘﻴﻤﺔ ﺍﻟﺮﺉﻴﺴﻴﺔ ﺑﺸﻜﻞ‬ ‫ﺍﻟﻤﻮﻇﻔﻮﻥ"( ﻛﺼﻔﻮﻑ ﻓﻲ ﺍﻟﺠﺪﺍﻭﻝ ‪ ،‬ﺣﻴﺚ ﻳﺨﺰﻥ‬ ‫ﻧﻤﻮﺫﺝ‬
    ‫ﻣﺸﺎﺑﻪﻟﻘﻮﺍﻋﺪ ﺑﻴﺎﻧﺎﺕ ‪ ، SQL‬ﻭﻟﻜﻨﻬﺎ ﺗﺤﺘﻮﻱ ﻋﻠﻰ‬ ‫ﻛﻞﻋﻤﻮﺩ ﺟﺰءﺍً ﻣﻌﻴﻨﺎً ﻣﻦ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺣﻮﻝ ﻫﺬﺍ ﺍﻟﺴﺠﻞ )‬
    ‫ﻋﻤﻮﺩﻳﻦﻓﻘﻂ )"ﻣﻔﺘﺎﺡ" ﻭ "ﻗﻴﻤﺔ"( ‪ ،‬ﻣﻊ ﺗﺨﺰﻳﻦ‬ ‫ﻋﻠﻰﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪" ،‬ﺍﻟﻤﺪﻳﺮ" ‪" ،‬ﺗﺎﺭﻳﺦ ﺍﻟﺘﻮﻇﻴﻒ"( ‪،‬‬
    ‫ﻣﻌﻠﻮﻣﺎﺕﺃﻛﺜﺮ ﺗﻌﻘﻴﺪﺍً ﺃﺣﻴﺎﻧﺎً ﺩﺍﺧﻞ ﺃﻋﻤﺪﺓ "ﺍﻟﻘﻴﻤﺔ"‪.‬‬ ‫ﻣﺜﻞﺟﺪﻭﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ‪ .‬ﻳﺘﻢ ﺗﺨﺰﻳﻦ ﺃﻧﻮﺍﻉ ﺍﻟﺒﻴﺎﻧﺎﺕ‬
    ‫ﺗﺘﺨﻠﺺﻗﻮﺍﻋﺪ ﺑﻴﺎﻧﺎﺕ ﺍﻟﻤﺴﺘﻨﺪﺍﺕ ﻣﻦ ﻧﻤﻮﺫﺝ ﺍﻟﺠﺪﻭﻝ‬ ‫ﺍﻟﻤﻨﻔﺼﻠﺔﻓﻲ ﺟﺪﺍﻭﻝ ﻣﻨﻔﺼﻠﺔ ‪ ،‬ﺛﻢ ﻳﺘﻢ ﺿﻤﻬﺎ ﻣﻌﺎً‬
    ‫ﻭﺍﻟﺼﻒﺗﻤﺎﻣﺎً ‪ ،‬ﻭﺗﺨﺰﻥ ﺟﻤﻴﻊ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺫﺍﺕ ﺍﻟﺼﻠﺔ ﻣﻌﺎً‬ ‫ﻋﻨﺪﺗﻨﻔﻴﺬ ﺍﺳﺘﻌﻼﻣﺎﺕ ﺃﻛﺜﺮ ﺗﻌﻘﻴﺪﺍً‪ .‬ﻋﻠﻰ ﺳﺒﻴﻞ‬
    ‫ﻓﻲ"ﻣﺴﺘﻨﺪ" ﻭﺍﺣﺪ ﺑﺘﻨﺴﻴﻖ ‪ JSON‬ﺃﻭ ‪ XML‬ﺃﻭ ﺗﻨﺴﻴﻖ‬ ‫ﺍﻟﻤﺜﺎﻝ ‪،‬ﻗﺪ ﻳﺘﻢ ﺗﺨﺰﻳﻦ "ﺍﻟﻤﻜﺎﺗﺐ" ﻓﻲ ﺟﺪﻭﻝ ‪ ،‬ﻭ "‬
    ‫ﺁﺧﺮ ‪،‬ﻭﺍﻟﺬﻱ ﻳﻤﻜﻨﻪ ﺩﻣﺞ ﺍﻟﻘﻴﻢ ﺑﺸﻜﻞ ﻫﺮﻣﻲ‪.‬‬ ‫ﺍﻟﻤﻮﻇﻔﻮﻥ" ﻓﻲ ﺟﺪﻭﻝ ﺁﺧﺮ‪ .‬ﻋﻨﺪﻣﺎ ﻳﺮﻳﺪ ﺍﻟﻤﺴﺘﺨﺪﻡ‬
    ‫ﺍﻟﻌﺜﻮﺭﻋﻠﻰ ﻋﻨﻮﺍﻥ ﻋﻤﻞ ﺃﺣﺪ ﺍﻟﻤﻮﻇﻔﻴﻦ ‪ ،‬ﻓﺈﻥ ﻣﺤﺮﻙ‬
    ‫ﻗﺎﻋﺪﺓﺍﻟﺒﻴﺎﻧﺎﺕ ﻳﻨﻀﻢ ﺇﻟﻰ ﺟﺪﻭﻟﻲ "ﺍﻟﻤﻮﻇﻒ" ﻭ "‬
    ‫ﺍﻟﻤﻜﺘﺐ" ﻣﻌﺎً ﻟﻠﺤﺼﻮﻝ ﻋﻠﻰ ﺟﻤﻴﻊ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ‬
    ‫ﺍﻟﻼﺯﻣﺔ‪.‬‬

    ‫ﺑﺸﻜﻞﻧﻤﻮﺫﺟﻲ ﺩﻳﻨﺎﻣﻴﻜﻲ‪ .‬ﻳﻤﻜﻦ ﺃﻥ ﺗﻀﻴﻒ ﺍﻟﺴﺠﻼﺕ ﻣﻌﻠﻮﻣﺎﺕ‬ ‫ﻳﺘﻢﺇﺻﻼﺡ ﺍﻟﻬﻴﺎﻛﻞ ﻭﺃﻧﻮﺍﻉ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻣﺴﺒﻘﺎً‪ .‬ﻟﺘﺨﺰﻳﻦ‬ ‫ﺍﻟﻤﺨﻄﻄﺎﺕ‬
    ‫ﺟﺪﻳﺪﺓﻋﻠﻰ ﺍﻟﻔﻮﺭ ‪ ،‬ﻭﻋﻠﻰ ﻋﻜﺲ ﺻﻔﻮﻑ ﺟﺪﻭﻝ ‪ ، SQL‬ﻳﻤﻜﻦ‬ ‫ﻣﻌﻠﻮﻣﺎﺕﺣﻮﻝ ﻋﻨﺼﺮ ﺑﻴﺎﻧﺎﺕ ﺟﺪﻳﺪ ‪ ،‬ﻳﺠﺐ ﺗﻐﻴﻴﺮ‬
    ‫ﺗﺨﺰﻳﻦﺍﻟﺒﻴﺎﻧﺎﺕ ﻏﻴﺮ ﺍﻟﻤﺘﺸﺎﺑﻬﺔ ﻣﻌﺎً ﺣﺴﺐ ﺍﻟﻀﺮﻭﺭﺓ‪ .‬ﺑﺎﻟﻨﺴﺒﺔ‬ ‫ﻗﺎﻋﺪﺓﺍﻟﺒﻴﺎﻧﺎﺕ ﺑﺄﻛﻤﻠﻬﺎ ‪ ،‬ﻭﺧﻼﻝ ﻫﺬﺍ ﺍﻟﻮﻗﺖ ﻳﺠﺐ ﻧﻘﻞ‬
    ‫ﻟﺒﻌﺾﻗﻮﺍﻋﺪ ﺍﻟﺒﻴﺎﻧﺎﺕ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪ ،‬ﻣﺨﺎﺯﻥ ﺍﻷﻋﻤﺪﺓ‬ ‫ﻗﺎﻋﺪﺓﺍﻟﺒﻴﺎﻧﺎﺕ ﺩﻭﻥ ﺍﺗﺼﺎﻝ‪.‬‬
    ‫ﺍﻟﻌﺮﻳﻀﺔ( ‪ ،‬ﻓﻬﻲ ﺃﻛﺜﺮ ﺇﻟﻰ ﺣﺪ ﻣﺎ‬
    ‫ﺗﺤﺪﻳﺎﻹﺿﺎﻓﺔ ﺣﻘﻮﻝ ﺟﺪﻳﺪﺓ ﺑﺸﻜﻞ ﺩﻳﻨﺎﻣﻴﻜﻲ‪.‬‬

    ‫ﺃﻓﻘﻴﺎً ‪،‬ﻣﻤﺎ ﻳﻌﻨﻲ ﺃﻧﻪ ﻹﺿﺎﻓﺔ ﺳﻌﺔ ‪ ،‬ﻳﻤﻜﻦ ﻟﻤﺴﺆﻭﻝ‬ ‫ﻋﻤﻮﺩﻳﺎً ‪،‬ﻣﻤﺎ ﻳﻌﻨﻲ ﺃﻧﻪ ﻳﺠﺐ ﺯﻳﺎﺩﺓ ﻗﻮﺓ ﺍﻟﺨﺎﺩﻡ ﺍﻟﻔﺮﺩﻱ‬ ‫ﺗﺤﺠﻴﻢ‬
    ‫ﻗﺎﻋﺪﺓﺍﻟﺒﻴﺎﻧﺎﺕ ﺑﺒﺴﺎﻃﺔ ﺇﺿﺎﻓﺔ ﺍﻟﻤﺰﻳﺪ ﻣﻦ ﺧﻮﺍﺩﻡ‬ ‫ﻟﻠﺘﻌﺎﻣﻞﻣﻊ ﺍﻟﻄﻠﺐ ﺍﻟﻤﺘﺰﺍﻳﺪ‪ .‬ﻣﻦ ﺍﻟﻤﻤﻜﻦ ﻧﺸﺮ ﻗﻮﺍﻋﺪ‬
    ‫ﺍﻟﺴﻠﻊﺃﻭ ﻣﺜﻴﻼﺕ ﺍﻟﺴﺤﺎﺑﺔ‪ .‬ﺗﻘﻮﻡ ﻗﺎﻋﺪﺓ ﺑﻴﺎﻧﺎﺕ‬ ‫ﺑﻴﺎﻧﺎﺕ‪ SQL‬ﻋﻠﻰ ﺍﻟﻌﺪﻳﺪ ﻣﻦ ﺍﻟﺨﻮﺍﺩﻡ ‪ ،‬ﻭﻟﻜﻦ ﺑﺸﻜﻞ‬
    ‫‪ NoSQL‬ﺗﻠﻘﺎﺉﻴﺎً ﺑﻨﺸﺮ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻋﺒﺮ ﺍﻟﺨﻮﺍﺩﻡ‬ ‫ﻋﺎﻡﻳﺘﻄﻠﺐ ﺍﻷﻣﺮ ﻫﻨﺪﺳﺔ ﺇﺿﺎﻓﻴﺔ ﻛﺒﻴﺮﺓ‪.‬‬
    ‫ﺣﺴﺐﺍﻟﻀﺮﻭﺭﺓ‪.‬‬

    ‫ﺍﻟﻤﺼﺪﺭﺍﻟﻤﻔﺘﻮﺡ‪.‬‬ ‫ﻣﺰﻳﺞﻣﻦ ﺍﻟﻤﺼﺎﺩﺭ ﺍﻟﻤﻔﺘﻮﺣﺔ )ﻣﺜﻞ ‪ Postgres‬ﻭ ‪(MySQL‬‬ ‫ﺗﻄﻮﻳﺮ‬


    ‫ﻭﺍﻟﻤﺼﺪﺭﺍﻟﻤﻐﻠﻖ )ﻣﺜﻞ ‪.(Oracle Database‬‬ ‫ﻧﻤﻮﺫﺝ‬

    ‫ﻓﻲﻇﺮﻭﻑ ﻣﻌﻴﻨﺔ ﻭﻋﻠﻰ ﻣﺴﺘﻮﻳﺎﺕ ﻣﻌﻴﻨﺔ )ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ‪،‬‬ ‫ﻧﻌﻢ ‪،‬ﻳﻤﻜﻦ ﺗﻜﻮﻳﻦ ﺍﻟﺘﺤﺪﻳﺜﺎﺕ ﻹﻛﻤﺎﻟﻬﺎ ﺑﺎﻟﻜﺎﻣﻞ ﺃﻭ ﻻ‬ ‫ﻳﺪﻋﻢ‬
    ‫ﻣﺴﺘﻮﻯﺍﻟﻤﺴﺘﻨﺪ ﻣﻘﺎﺑﻞ ﻣﺴﺘﻮﻯ ﻗﺎﻋﺪﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ(‪.‬‬ ‫ﺗﻜﺘﻤﻞﻋﻠﻰ ﺍﻹﻃﻼﻕ‪.‬‬ ‫ﺍﻟﻤﻌﺎﻣﻼﺕ‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪60‬‬ ‫‪www.theiia.org‬‬


    ‫ﻣﻦﺧﻼﻝ ﻭﺍﺟﻬﺎﺕ ﺑﺮﻣﺠﺔ ﺍﻟﺘﻄﺒﻴﻘﺎﺕ )‪ (APIs‬ﺍﻟﻤﻮﺟﻬﺔ ﻟﻠﻜﺎﺉﻨﺎﺕ‪.‬‬ ‫ﻟﻐﺔﻣﺤﺪﺩﺓ ﺑﺎﺳﺘﺨﺪﺍﻡ ﻋﺒﺎﺭﺍﺕ ﺍﻟﺘﺤﺪﻳﺪ ﻭﺍﻹﺩﺭﺍﺝ‬ ‫ﺑﻴﺎﻧﺎﺕ‬
    ‫ﻭﺍﻟﺘﺤﺪﻳﺚ ‪،‬ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﻟﻤﺜﺎﻝ ﺣﺪﺩ ﺍﻟﺤﻘﻮﻝ ﻣﻦ‬ ‫ﺗﻼﻋﺐ‬
    ‫ﺍﻟﺠﺪﻭﻝﺣﻴﺚ ]ﺃﺩﺧﻞ ﻣﻌﺎﻳﻴﺮ ﻣﺤﺪﺩﺓ[‬

    ‫ﻳﻌﺘﻤﺪﻋﻠﻰ ﺍﻟﻤﻨﺘﺞ‪.‬‬ ‫ﻳﻤﻜﻦﺗﻜﻮﻳﻨﻪ ﻟﺘﺤﻘﻴﻖ ﺗﻨﺎﺳﻖ ﻗﻮﻱ‪.‬‬ ‫ﺗﻨﺎﺳﻖ‬

    ‫ﺍﻟﻤﺼﺪﺭ‪:‬ﻣﻮﻗﻊ ‪.https://www.mongodb.com/nosql-explained/nosql-vs-sql، Mongo DB‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪61‬‬ ‫‪www.theiia.org‬‬


    ‫ﺍﻟﻤﻠﺤﻖﺡ‪ .‬ﺍﻟﻤﺮﺍﺟﻊ ﻭﺍﻟﻤﻮﺍﺭﺩ ﺍﻹﺿﺎﻓﻴﺔ‬

    ‫ﻣﺮﺍﺟﻊ‬
    ‫ﻫﻮﻝ ‪،‬ﻛﻴﺮﻱ‪" .‬ﺟﻮﺩﺓ ﺑﻴﺎﻧﺎﺕ ﺍﻟﻌﻤﻴﻞ‪ :‬ﺍﻟﺠﻴﺪ ﻭﺍﻟﺴﻴﺊ ﻭﺍﻟﻘﺒﻴﺢ‪ ".‬ﺻﻼﺣﻴﺔ‪ 5 .‬ﺃﻳﻠﻮﻝ )ﺳﺒﺘﻤﺒﺮ(‬
    ‫‪.https://www.validity.com/blog/customer-data-quality/.2019‬‬

    ‫ﻣﻴﻞﻭﺑﻴﺘﺮ ﻭﺗﻴﻢ ﺟﺮﺍﻧﺲ ‪" ،‬ﺗﻌﺮﻳﻒ ‪ NIST‬ﻟﻠﺤﻮﺳﺒﺔ ﺍﻟﺴﺤﺎﺑﻴﺔ ‪ "،‬ﻣﻌﻠﻮﻣﺎﺕ ‪NIST‬‬


    ‫ﻣﺨﺘﺒﺮﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ ‪ ،‬ﻣﺮﻛﺰ ﻣﻮﺍﺭﺩ ﺃﻣﺎﻥ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ‪ ، SP 800-145 ،‬ﺳﺒﺘﻤﺒﺮ ‪/sp/800-145/final .2011‬‬
    ‫‪.https://csrc.nist.gov/publications/detail‬‬

    ‫ﻣﺼﺎﺩﺭﺇﺿﺎﻓﻴﺔ‬
    ‫ﻣﺮﻛﺰﺃﻣﻦ ﺍﻹﻧﺘﺮﻧﺖ ‪.https://www.cisecurity.org،‬‬
    ‫ﺗﺤﺎﻟﻒﺃﻣﺎﻥ ﺍﻟﺴﺤﺎﺑﺔ ‪.https://cloudsecurityalliance.org،‬‬

    ‫ﺩﺍﻭﻧﻴﻨﺞ ‪،‬ﺩﻭﺟﻼﺱ ‪ ،‬ﻣﺎﻳﻜﻞ ﻛﻮﻓﻴﻨﺠﺘﻮﻥ ‪ ،‬ﺩﻛﺘﻮﺭﺍﻩ ‪ ،‬ﻣﻴﻠﻮﺩﻱ ﻛﻮﻓﻴﻨﺠﺘﻮﻥ ‪ ،‬ﻛﺎﺛﺮﻳﻦ ﺁﻥ ﺑﺎﺭﻳﺖ ‪ ،‬ﻭ‬
    ‫ﺷﺎﺭﻭﻥﻛﻮﻓﻴﻨﺠﺘﻮﻥ‪.‬ﻗﺎﻣﻮﺱ ﻣﺼﻄﻠﺤﺎﺕ ﺍﻟﻜﻤﺒﻴﻮﺗﺮ ﻭﺍﻹﻧﺘﺮﻧﺖ ‪ ،‬ﺍﻹﺻﺪﺍﺭ ﺍﻟﺜﺎﻧﻲ ﻋﺸﺮ‪ .‬ﻫﻮﺑﻮﺝ ‪ ،‬ﻧﻴﻮﻳﻮﺭﻙ‪BES :‬‬
    ‫ﻟﻠﻨﺸﺮ ‪-of-Computer-and-Internet-Terms/Douglas-Downing/Barrons-Business-.2017،‬‬
    ‫‪https://www.simonandschuster.com/books/Dictionary‬‬
    ‫ﻗﻮﺍﻣﻴﺲ ‪.9781438008783 /‬‬
    ‫ﺟﻴﺒﺲﻭﻧﻴﻠﺴﻮﻥ ﻭﺩﻳﻔﺎﻛﺎﺭ ﺟﺎﻳﻦ ﻭﺃﻣﻴﺘﺶ ﺟﻮﺷﻲ ﻭﺳﻮﺭﻳﻜﺎ ﻣﻮﺩﺩﺍﻣﺴﻴﺘﻲ ﻭﺳﺎﺭﺍﺑﺠﻮﺕ ﺳﻴﻨﻎ‪.‬ﺟﺪﻳﺪ‬
    ‫ﺩﻟﻴﻞﺍﻟﻤﺪﻗﻖ ﻟﺘﺨﻄﻴﻂ ﻋﻤﻠﻴﺎﺕ ﺗﺪﻗﻴﻖ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻭﺗﻨﻔﻴﺬﻫﺎ ﻭﺗﻘﺪﻳﻤﻬﺎ‪Interal Audit Foundation ، 2010.‬‬
    ‫‪-auditors-guide-toplanning-performing-and-presenting-it-audits-8-3. Altamonte Springs ، FL: The‬‬
    ‫‪.https://bookstore.theiia.org/a-new‬‬

    ‫ﺇﻳﺴﺎﻛﺎ ‪.https://www.isaca.org،‬‬

    ‫ﺍﻟﻤﻌﻬﺪﺍﻟﻮﻃﻨﻲ ﻟﻠﻤﻌﺎﻳﻴﺮ ﻭﺍﻟﺘﻜﻨﻮﻟﻮﺟﻴﺎ )‪.https://www.nist.gov، (NIST‬‬


    ‫ﺭﺍﻱ ‪،‬ﻭﺳﺎﺟﺎﻱ ‪ ،‬ﻭﻓﻴﻠﻴﺐ ﺗﺸﻮﻛﻮﻣﺎ ‪ ،‬ﻭﺭﻳﺘﺸﺎﺭﺩ ﻛﻮﺯﺍﺭﺕ‪.‬ﺃﻣﻦ ﻭﻣﺮﺍﺟﻌﺔ ﺍﻷﺟﻬﺰﺓ ﺍﻟﺬﻛﻴﺔ‪:‬‬
    ‫ﺇﺩﺍﺭﺓﺍﻧﺘﺸﺎﺭ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﺴﺮﻳﺔ ﻋﻠﻰ ﺃﺟﻬﺰﺓ ﺍﻟﺸﺮﻛﺔ ﻭﺟﻬﺎﺯ ‪ .BYOD‬ﺑﻮﻛﺎ ﺭﺍﺗﻮﻥ ‪ ،‬ﻓﻠﻮﺭﻳﺪﺍ‪ :‬ﻣﻄﺒﻌﺔ ‪.CRC ، 2016‬‬
    ‫‪-smart-devicesmanaging-prolacing-of-confidential-data-on-corporate-and-byod-devices‬‬
    ‫‪.https://bookstore.theiia.org/security-and-auditing-of‬‬

    ‫ﺳﻴﺠﻠﺮ ‪،‬ﻛﻴﻦ ﻭﺍﻟﺪﻛﺘﻮﺭ ﺟﻴﻤﺲ ﺇﻝ ﺭﻳﻨﻲ ﺍﻟﺜﺎﻟﺚ‪.‬ﺗﺄﻣﻴﻦ ﻣﺆﺳﺴﺔ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻣﻦ ﺧﻼﻝ ﺍﻟﺤﻮﻛﻤﺔ ﻭﺍﻟﻤﺨﺎﻃﺮ‬
    ‫ﺍﻹﺩﺍﺭﺓﻭﺍﻟﺘﺪﻗﻴﻖ‪ .‬ﺑﻮﻛﺎ ﺭﺍﺗﻮﻥ ‪ ،‬ﻓﻠﻮﺭﻳﺪﺍ‪ :‬ﻣﻄﺒﻌﺔ ‪-riskmanagement-and-audit. .CRC ، 2015‬‬
    ‫‪https://bookstore.theiia.org/securing-an-it-organization-through-governance‬‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪62‬‬ ‫‪www.theiia.org‬‬


    ‫ﺷﻜﺮﻭﺗﻘﺪﻳﺮ‬

    ‫ﻓﺮﻳﻖﺗﻄﻮﻳﺮ ﺍﻟﺘﻮﺟﻴﻪ‬
    ‫ﺳﻮﺯﺍﻥﻫﺎﺳﻴﻠﻲ ‪ ، CIA ،‬ﺍﻟﻮﻻﻳﺎﺕ ﺍﻟﻤﺘﺤﺪﺓ ﺍﻷﻣﺮﻳﻜﻴﺔ )ﺭﺉﻴﺲ( ‪، CISM ، CISSP‬‬

    ‫‪ ، Sajay Rai‬ﺍﻟﻮﻻﻳﺎﺕ ﺍﻟﻤﺘﺤﺪﺓ ﺍﻷﻣﺮﻳﻜﻴﺔ )ﺭﺉﻴﺲ ﺍﻟﻤﺸﺮﻭﻉ( ﺑﺮﺍﺩ ﺃﻣﻴﺲ ‪ ،‬ﺍﻟﻮﻻﻳﺎﺕ‬

    ‫ﺍﻟﻤﺘﺤﺪﺓﺍﻷﻣﺮﻳﻜﻴﺔ‬

    ‫ﻣﺎﻳﻜﻞﻟﻴﻦ ‪ ، CIA ، CRMA ،‬ﺍﻟﻮﻻﻳﺎﺕ ﺍﻟﻤﺘﺤﺪﺓ ﺍﻷﻣﺮﻳﻜﻴﺔ ‪،‬‬

    ‫‪ ، Avin Mansookram‬ﺟﻨﻮﺏ ﺇﻓﺮﻳﻘﻴﺎ ‪ ،‬ﺟﻴﺮﺍﺭﺩ‬

    ‫ﻣﻮﺭﻳﺴﻮ ‪،‬ﺍﻟﻮﻻﻳﺎﺕ ﺍﻟﻤﺘﺤﺪﺓ ﺍﻷﻣﺮﻳﻜﻴﺔ‬

    ‫ﺟﺎﺳﺘﻦﺑﺎﻭﻟﻮﺳﻜﻲ ‪ ، CIA ، CRMA ،‬ﺃﻟﻤﺎﻧﻴﺎ‬

    ‫ﺍﻟﻤﺴﺎﻫﻤﻮﻥ‬
    ‫ﻟﻲﻛﻨﺞ "ﺟﻮﻳﺲ" ﺗﺸﻮﺍ ‪ ،‬ﻭﻛﺎﻟﺔ ﺍﻟﻤﺨﺎﺑﺮﺍﺕ ﺍﻟﻤﺮﻛﺰﻳﺔ ‪ ،‬ﺳﻨﻐﺎﻓﻮﺭﺓ ‪ ،‬ﺟﻴﻤﺲ ﺇﻧﺴﺘﺮﻭﻡ ‪ ،‬ﻭﻛﺎﻟﺔ‬

    ‫ﺍﻟﻤﺨﺎﺑﺮﺍﺕﺍﻟﻤﺮﻛﺰﻳﺔ ‪ ،‬ﺍﻟﻮﻻﻳﺎﺕ ﺍﻟﻤﺘﺤﺪﺓ ﺍﻷﻣﺮﻳﻜﻴﺔ‬

    ‫ﺳﻜﻮﺕﻣﻮﺭ ‪ ،‬ﻭﻛﺎﻟﺔ ﺍﻟﻤﺨﺎﺑﺮﺍﺕ ﺍﻟﻤﺮﻛﺰﻳﺔ ‪ ،‬ﺍﻟﻮﻻﻳﺎﺕ ﺍﻟﻤﺘﺤﺪﺓ ﺍﻷﻣﺮﻳﻜﻴﺔ‬

    ‫ﺷﻮﻧﺎﻓﻼﻧﺪﺭﺯ ‪ ،‬ﻣﺪﻳﺮ ﻣﻨﺎﻫﺞ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪ ،‬ﻣﺴﺎﻫﻢ ﻣﻮﻇﻔﻲ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﺍﻟﺪﻭﻟﻲ‬

    ‫ﻣﻌﺎﻳﻴﺮﻭﺇﺭﺷﺎﺩﺍﺕ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﺍﻟﻌﺎﻟﻤﻲ‬

    ‫ﻣﺎﻳﻜﻞﺑﺎﺩﻳﻼ ‪ ، CIA ،‬ﻣﺪﻳﺮ )ﺭﺉﻴﺲ ﺍﻟﻤﺸﺮﻭﻉ(‬


    ‫‪ ، Jim Pelletier‬ﻧﺎﺉﺐ ﺍﻟﺮﺉﻴﺲ‬
    ‫‪Lauressa Nelson، Technical Editor‬‬
    ‫‪Shelli Browning، Technical Editor‬‬
    ‫‪PS Director Jeanette York، CCSA، FS‬‬
    ‫‪، CFSA، Director Chris Polke، CGAP،‬‬
    ‫‪Anne Mercer، CIA‬‬
    ‫ﺟﻴﻔﺮﻱﻧﻮﺭﺩﻫﻮﻑ ‪ ،‬ﻣﻄﻮﺭ ﻣﺤﺘﻮﻯ ﻭﻛﺎﺗﺐ ﺗﻘﻨﻲ ﻛﺮﻳﺴﺘﻴﻦ ‪ ،‬ﻳﺎﻧﺴﻜﻮ ‪،‬‬
    ‫ﻣﻄﻮﺭﻭﻛﺎﺗﺐ ﻣﺤﺘﻮﻯ‬
    ‫ﻓﺎﻧﻴﺴﺎﻓﺎﻥ ﻧﺎﺗﺎ ‪ ،‬ﺃﺧﺼﺎﺉﻴﺔ ﺍﻟﻤﻌﺎﻳﻴﺮ ﻭﺍﻟﺘﻮﺟﻴﻪ‬

    ‫ﻳﻮﺩﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﺍﻟﺪﻭﻟﻲ ﺃﻥ ﻳﺸﻜﺮ ﻫﻴﺉﺎﺕ ﺍﻟﺮﻗﺎﺑﺔ ﺍﻟﺘﺎﻟﻴﺔ ﻋﻠﻰ ﺩﻋﻤﻬﺎ‪ :‬ﻟﺠﻨﺔ ﺗﻮﺟﻴﻪ ﺗﻜﻨﻮﻟﻮﺟﻴﺎ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ‪،‬ﻭﺍﻟﻤﺠﻠﺲ ﺍﻻﺳﺘﺸﺎﺭﻱ ﻟﻺﺭﺷﺎﺩ ﺍﻟﻤﻬﻨﻲ ‪ ،‬ﻭﻣﺠﻠﺲ ﻣﻌﺎﻳﻴﺮ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﺍﻟﺪﻭﻟﻲ ‪ ،‬ﻭﻟﺠﻨﺔ‬
    ‫ﺍﻟﻤﺴﺆﻭﻟﻴﺔﺍﻟﻤﻬﻨﻴﺔ ﻭﺍﻷﺧﻼﻗﻴﺎﺕ ‪ ،‬ﻭﻣﺠﻠﺲ ﺍﻹﺷﺮﺍﻑ ﻋﻠﻰ ﺇﻃﺎﺭ ﺍﻟﻤﻤﺎﺭﺳﺎﺕ ﺍﻟﻤﻬﻨﻴﺔ ﺍﻟﺪﻭﻟﻴﺔ‬

    ‫ﺃﺳﺎﺳﻴﺎﺕﺗﻜﻨﻮﻟﻮﺟﻴﺎ ﺍﻟﻤﻌﻠﻮﻣﺎﺕ ﻟﻠﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪63‬‬ ‫‪www.theiia.org‬‬


    ‫ﺣﻮﻝﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﺍﻟﺪﻭﻟﻲ‬

    ‫ﻣﻌﻬﺪﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ )‪ (IIA‬ﻫﻮ ﺍﻟﻤﺪﺍﻓﻊ ﻭﺍﻟﻤﻌﻠﻢ ﻭﺍﻟﻤﻘﺪﻡ ﺍﻷﻛﺜﺮ ﺷﻬﺮﺓ ﻓﻲ ﻣﻬﻨﺔ ﺍﻟﺘﺪﻗﻴﻖ ﺍﻟﺪﺍﺧﻠﻲ ﻟﻠﻤﻌﺎﻳﻴﺮ ﻭﺍﻟﺘﻮﺟﻴﻪ ﻭﺍﻟﺸﻬﺎﺩﺍﺕ‪ .‬ﺗﺄﺳﺲ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﻋﺎﻡ‬
    ‫‪، 1941‬ﻭﻳﺨﺪﻡ ﺍﻟﻴﻮﻡ ﺃﻛﺜﺮ ﻣﻦ ‪ 200000‬ﻋﻀﻮ ﻣﻦ ﺃﻛﺜﺮ ﻣﻦ ‪ 170‬ﺩﻭﻟﺔ ﻭﺇﻗﻠﻴﻢ‪ .‬ﻳﻘﻊ ﺍﻟﻤﻘﺮ ﺍﻟﻌﺎﻟﻤﻲ ﻟﻠﺠﻤﻌﻴﺔ ﻓﻲ ﻟﻴﻚ ﻣﺎﺭﻱ ‪ ،‬ﻓﻠﻮﺭﻳﺪﺍ ‪ ،‬ﺍﻟﻮﻻﻳﺎﺕ ﺍﻟﻤﺘﺤﺪﺓ ﺍﻷﻣﺮﻳﻜﻴﺔ‪ .‬ﻟﻠﻤﺰﻳﺪ ﻣﻦ‬
    ‫ﺍﻟﻤﻌﻠﻮﻣﺎﺕﻗﻢ ﺑﺰﻳﺎﺭﺓ‪.www.globaliia.org‬‬

    ‫ﺗﻨﺼﻞ‬
    ‫ﻳﻨﺸﺮﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ )‪ (IIA‬ﻫﺬﻩ ﺍﻟﻮﺛﻴﻘﺔ ﻷﻏﺮﺍﺽ ﺇﻋﻼﻣﻴﺔ ﻭﺗﻌﻠﻴﻤﻴﺔ‪ .‬ﻻ ﺗﻬﺪﻑ ﻫﺬﻩ ﺍﻟﻤﻮﺍﺩ ﺇﻟﻰ ﺗﻘﺪﻳﻢ ﺇﺟﺎﺑﺎﺕ ﻧﻬﺎﺉﻴﺔ ﻟﻈﺮﻭﻑ ﻓﺮﺩﻳﺔ ﻣﺤﺪﺩﺓ ﻭﻋﻠﻰ ﻫﺬﺍ ﺍﻟﻨﺤﻮ ﻳﻘُﺼﺪ ﻣﻨﻬﺎ‬
    ‫ﻓﻘﻂﺍﺳﺘﺨﺪﺍﻣﻬﺎ ﻛﺪﻟﻴﻞ‪ .‬ﻳﻮﺻﻲ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ﺍﻟﺪﻭﻟﻲ ﺑﺎﻟﺘﻤﺎﺱ ﻣﺸﻮﺭﺓ ﺍﻟﺨﺒﺮﺍء ﺍﻟﻤﺴﺘﻘﻠﻴﻦ ﻓﻴﻤﺎ ﻳﺘﻌﻠﻖ ﻣﺒﺎﺷﺮﺓ ﺑﺄﻱ ﺣﺎﻟﺔ ﻣﺤﺪﺩﺓ‪ .‬ﻻ ﻳﻘﺒﻞ ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ‬
    ‫)‪ (IIA‬ﺃﻱ ﻣﺴﺆﻭﻟﻴﺔ ﻋﻦ ﺃﻱ ﺷﺨﺺ ﻳﻌﺘﻤﺪ ﻭﺣﺪﻩ ﻋﻠﻰ ﻫﺬﻩ ﺍﻟﻤﻮﺍﺩ‪.‬‬

    ‫ﺣﻘﻮﻕﺍﻟﻨﺸﺮ‬
    ‫ﺣﻘﻮﻕﺍﻟﻨﺸﺮ © ‪ 2020‬ﻣﻌﻬﺪ ﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪ ،‬ﺟﻤﻴﻊ ﺍﻟﺤﻘﻮﻕ ﻣﺤﻔﻮﻇﺔ‪ .‬ﻟﻠﺤﺼﻮﻝ ﻋﻠﻰ ﺇﺫﻥ ﻹﻋﺎﺩﺓ ﺍﻹﻧﺘﺎﺝ ‪ ،‬ﻳﺮﺟﻰ ﺍﻻﺗﺼﺎﻝ ﺑـ ‪. copyright@theiia.org‬‬

    ‫ﻳﻮﻧﻴﻮ‪2020‬‬

    ‫ﻣﻘﺮﺍﺕﺍﻟﻌﻤﻞ ﺍﻟﻌﺎﻟﻤﻴﺔ‬
    ‫ﻣﻌﻬﺪﺍﻟﻤﺪﻗﻘﻴﻦ ﺍﻟﺪﺍﺧﻠﻴﻴﻦ ‪USA 1035‬‬
    ‫‪، Suite 149 Lake Mary، FL32746،‬‬
    ‫‪Greenwood Blvd.‬‬
    ‫‪1-407-937-1111 +‬‬ ‫ﻫﺎﺗﻒ‪:‬‬
    ‫‪1-407-937-1101 +‬‬ ‫ﺍﻟﻔﺎﻛﺲ‪:‬‬

    ‫‪www.globaliia.org‬‬

    You might also like