Thursday, August 25, 2011

資安管理十誡 - The 10 deadly sins of information security management

近日查閱資安管理(information security management)資料,不時看到 Ten Deadly Sin 字眼出現,今晨看過往Business Management 雜誌對現在公司所在領域的幾個原廠總字輩大佬的專訪,又看到文末列出這十宗罪(十宗罪好像是大陸習慣用法?)。

透過谷歌,很快就查到,原來這十誡典出學者 B. von Solms and R. von Solms 於 2004年7月發表在 Computer & Security 的文章。此十誡言簡意賅,強調資安管理不是技術部門獨有的責任,旨哉斯言,爰執鍵(盤)為之記。
  1. Not realizing that information security is a corporate governance responsibility (the buck stops right at the top)
  2.  Not realizing that information security is a business issue and not a technical issue
  3. Not realizing the fact that information security governance is a multi-dimensional discipline (information security governance is a complex issue, and there is no silver bullet or single ‘off the shelf’ solution)
  4. Not realizing that an information security plan must be based on identified risks
  5. Not realizing (and leveraging) the important role of international best practices for information security management
  6. Not realizing that a corporate information security policy is absolutely essential
  7. Not realizing that information security compliance enforcement and monitoring is absolutely essential
  8. Not realizing that a proper information security governance structure (organization) is absolutely essential
  9. Not realizing the core importance of information security awareness amongst users
  10. Not empowering information security managers with the infrastructure, tools and supporting mechanisms to properly perform their responsibilities

B. von Solms and R. von Solms, "The 10 deadly sins of information security management," Computers & Security, vol. 23, no. 5, pp. 371-376, Jul. 2004. [Online]. Available:

No comments:

Post a Comment


~ 林徽因 · 馬雁散文集 · 蓮燈 ~ 馬雁 在她的散文《高貴一種,有詩為證》裡,提到「十多年前,還不知道林女士的八卦及成就前,在期刊上讀到別人引用的《蓮燈》」 覺得非常喜歡,比之卞之琳、徐志摩,別說是毫不遜色,簡直是勝出一籌。前面的韻腳和平仄的處理顯然高於戴...