信息安全课件.pptx

《信息安全课件.pptx》由会员分享，可在线阅读，更多相关《信息安全课件.pptx（47页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、 A A AInformation Security for Metal Factory信息安全管理内容信息安全管理内容Content for information security management1.门禁、员工卡、安检门门禁、员工卡、安检门 Access Control,Worker ID,Security Gate2.物理安全物理安全 Physical Security3.安全组织安全组织 Security Organization4.NDA和机密协议和机密协议 NDA and Confidentiality Agreement5.风险管理风险管理 Risk Management6

2、.业务持续性业务持续性 Business Continuity7.安全意识安全意识 Security Awareness门禁、员工卡、安检门作用 Gate Guard,Worker ID,Security Gate确保信息保密性，真实性和易获得性确保信息保密性，真实性和易获得性 make sure information confidential,true and accessible确保公司符合法律法规的要求确保公司符合法律法规的要求make sure that company abides by the legal law and regulations确保建立和实施公司信息安全管理系统确

3、保建立和实施公司信息安全管理系统 make sure to establish and implement information security management system确保对公司员工进行信息安全和技能的培训确保对公司员工进行信息安全和技能的培训 make sure to train workers with information security awareness and skills确保实施信息安全事故的预防和反应系统确保实施信息安全事故的预防和反应系统 make sure to implement information security incident preven

4、tion and response system所有所有AAA公司员工公司员工卡都录入门禁系统程序，读卡报卡都录入门禁系统程序，读卡报警的员工禁止入内警的员工禁止入内 workers ID is stored by the entrance guard procedure,outsiders are not allowed to enter the working area without permission.安全管理内容安全管理内容Content for security management1.门禁、员工卡、安检门门禁、员工卡、安检门 Access Control,worker ID,S

5、ecurity Gate2.物理安全物理安全 Physical Security3.安全组织安全组织 Security Organization4.NDA和机密协议和机密协议 NDA and Confidentiality Agreement5.风险管理风险管理 Risk Management6.业务持续性业务持续性 Business Continuity7.安全意识安全意识 Security AwarenessPhysical Security离开办公区域前，桌面文件要保存好。离开办公区域前，桌面文件要保存好。Office workers should store files properl

6、y before they leave the working area。电脑设置屏保，电脑设置屏保，5分钟不用要自动锁定分钟不用要自动锁定Computer be set screen savers and automatically locked without use in five minutes。为为AAA公司建立公司建立信息安全事故管理文件信息安全事故管理文件Establish Information security incident control document for Metal Factory exclusive安全管理内容安全管理内容Content for securi

7、ty management1.门禁、员工卡、安检门门禁、员工卡、安检门 Access Control,worker ID,Security Gate2.物理安全物理安全 Physical Security3.安全组织安全组织 Security Organization4.NDA和机密协议和机密协议 NDA and Confidentiality Agreement5.风险管理风险管理 Risk Management6.业务持续性业务持续性 Business Continuity7.安全意识安全意识 Security Awareness安全组织Security OrganizationAAA公司

8、制定信息、物理安全组织架构图，并明确各级组织成员职责。Metal Factory establishes information and physical security framework,and defines duty of members of all levels.经AAA公司领导研究决定提名一位信息安全协调员，负责组织BBB及内部信息安全组织的各项工作。An information security representative is designated by the top management of Metal Factory,who will be in charge o

9、f dealing with tasks related to information security from BBB and internal information security organization.安全管理内容安全管理内容Content for security management1.门禁、员工卡、安检门门禁、员工卡、安检门 Access Control,worker ID,Security Gate2.物理安全物理安全 Physical Security3.安全组织安全组织 Security Organization4.NDA和机密协议和机密协议 NDA and Con

10、fidentiality Agreement5.风险管理风险管理 Risk Management6.业务持续性业务持续性 Business Continuity7.安全意识安全意识 Security AwarenessNDA and Confidentiality公司和所有管理人员以及各部门清洁工签定保密协议。All staffs and cleaning workers of AAA are required to sign confidentiality agreement公司和外来施工公司员工签定保密协议。Outside construction companies are requir

11、ed to sign confidential agreement针对能够接触到BBB项目的外部机构与其签署NDA.Outside organizations that have access to BBB projects are required to sign NDA with AAA合作商及其职员必须遵守BBB和合 作商的协议上的承诺，此条款在劳动合同上体现.Suppliers of AAA must abide by the agreement signed by BBB and suppliers,which are written on the contract.在BBB信息共享

12、之前,合作商与BBB 之间必须签署不透露协议。Prior to sharing BBB information,suppliers must sign the confidential agreement with BBB 安全管理内容安全管理内容Content for security management1.门禁、员工卡、安检门门禁、员工卡、安检门 Gate Guard,worker ID,Security Gate2.物理安全物理安全 Physical Security3.安全组织安全组织 Security Organization4.NDA和机密协议和机密协议 NDA and Conf

13、identiality Agreement5.风险管理风险管理 Risk Management6.业务持续性业务持续性 Business Continuity7.安全意识安全意识 Security AwarenessWe have established risk management system to effectively identify,analyze,control and monitor risks associated with our information security.AAA公司已建立风险管理系统，对涉及信息安全的风险进行判断，分析和控制，及时预防和消除风险。We p

14、romote risk management throughout all aspects of information security activities,including activities with regard to physical security,server room,customer prototype security,general information securities and IT securities which covers the operating system,user management,software management as wel

15、l as backup policy and measures,etc.We give priority to prevention and focus on risk identification and mitigation,and also we are committed to compliance with BBB requirements,laws and regulations.AAA公司风险管理覆盖了信息安全活动的方方面面，包括物理安全，服务器室，客户样品管控，一般信息安全管控和 IT安全的管理。We have risk management requirements to o

16、ur own supply network related to BBB business.我们在涉及BBB项目的供应链均采用了风险管理系统，控制风险。If a risk that can impact BBB seems likely to materialize.Business dept.will inform customer.如果有任何危及风险会影响到BBB的产品项目，AAA公司商务部门会第一时间通知客户 Risk Management风险管理Internal audit Information security organizationRisk AssessmentRisk ide

17、ntificationRisk evaluationCritical risk listManagement review AAA information security policyRisk Management System风险管理系统Risk reporting and communicationDecision making and resource allocationOperational control(including contingency planning,etc.)Monitoring,measurement,corrective and preventive act

18、ions Risk management responsibilities and practices 风险管理责任和实践风险管理责任和实践We have a risk management organization in metal factory and company level,risks are identified against IT structure expansion,variety of network use and mobility of people into and out of manufacturing facilities,etc.Risk evaluati

19、on metrics and risk acceptance constraints are justified.Status of risks and actions are reviewed once per half a year.AAA公司和公司层面都设有风险管理组织。针对IT 产业群结构评估各种风险。例如，各种网络的使用，生产车间人员的进出。Responsibilities on each important risk has been agreed on(risk ownership,action owners).We communicate internally and exte

20、rnally these important risks,and their control action,monitoring,response plan,etc.每项重大的风险公司和部门均安排专人监控（风险管控人，行动负责人）公司在内部和外部对重大的风险进行充分的沟通，制定管控计划，监控风险，和风险处理计划。Managing Risks 风险管控风险管控We highly stress information security risk management,which has been involved into management practices and daily work,r

21、elevant procedures in use to define risk identification,evaluation process,action and emergency response to ensure risk under control.Routine audit and regular review by management also give attention to risk management.部门管理层对信息安全风险十分重视，已经把它融入到日常的管理工作中。我们有程序用来识别和管控风险，评估流程，应付突发事件。Part of the Risk Man

22、agement Procedures 部分风险管理流程安全管理内容安全管理内容Content for security management1.门禁、员工卡、安检门门禁、员工卡、安检门 Access Control,worker ID,Security Gate2.物理安全物理安全 Physical Security3.安全组织安全组织 Security Organization4.NDA和机密协议和机密协议 NDA and Confidentiality Agreement5.风险管理风险管理 Risk Management6.业务持续性业务持续性 Business Continuity7.

23、安全意识安全意识 Security Awareness Business continuity/contingency 业务持续性 We have systematic approach to protect ourselves and BBB from disruptions in business with BBB In AAA,when emergency happens,our Emergency Handling Mechanism will be triggered immediately to control or mitigate the consequences.Meanwh

24、ile,our Business Continuity Team manages to recover our business in order to minimize the impact.And we have defined procedures and responsibilities for major risks.Actions are prioritized according to the actual circumstances.公司拥有完善的系统来保护公司业务免受中断。突发事件自动应急系统已经建立，一旦出现生产意外，公司将根据实际情况采取相应措施。3.Disaster R

25、ecovering Plan for Division 1（Metal Product）2.Business Continuity Plan for Division 1（Metal Product）1.Business Continuity Plan We also prepare enough preventions actions before emergency materializes,e.g.公司充分预防措施可以防止突然事件发生。We identify key elements and make backup for them which may heavily impact ou

26、r business recovery such as equipment,material,personnel,tools,data,etc.我们识别出关键的要素，并为之备份，可以很好的降低突发事件造成的不良影响，如重要的机械设备，原材料，人员，模具和数据等。We designate dedicated personnel to manage these key items in case any abnormality materializes,to ensure they are always in good status.我们派专人负责保护重要的要素确保使之处于良好状态。，We als

27、o arrange emergency response drills(such as fire fighting,evacuation drill,etc.)to enhance our emergency response ability in case emergency happens.我们同样举行突发事件演习（消防演习，撤退演习）来增强我们在危机一旦发生时的反应能力key backup schemeHUI ZHOUAlso We have backup place for identified important workshop which can help up to resum

28、e our business with BBB timely.我们同时对重要的生产厂房进行支持，确保和BBB有关的生产持续运行。安全管理内容安全管理内容Content for security management1.门禁、员工卡、安检门门禁、员工卡、安检门 Access Control,worker ID,Security Door2.物理安全物理安全 Physical Security3.安全组织安全组织 Security Organization4.NDA和机密协议和机密协议 NDA and Top Secret Agreement5.风险管理风险管理 Risk Management6.

29、业务持续性业务持续性 Operation Continuity7.安全意识安全意识 Security Awareness安全意识Security AwarenessAAA公司把信息物理安全纳入新员工入职培训中。train new workers with Information and physical security regulations in metal factory 培训和宣导内容包括：客户信息的机密性；信息安全和安全事件的应急处理.training and propaganda are about confidentiality of customers information,

30、information security and security incident response procedure.培训记录培训记录training record培训现场培训现场training scene 安全意识Security AwarenessInformation security incident response procedureInformation security propaganda board安全意识 信息安全宣传栏信息安全宣传栏Information security propaganda board物理安全内容物理安全内容 Content of Physi

31、cal Security1.物理进入控制物理进入控制 Physical Access Control2.有警报的侵入探测系统有警报的侵入探测系统 Intruder Detection System with Alarm3.视频监视视频监视 Video Surveillance 4.警卫警卫 Guard5.访客管理访客管理 Visitor Management6.服务器机房服务器机房 Sever Room7.紧急处理程序紧急处理程序 Emergency Response Procedure物理进入控制entrance control所有的入口需有保安或保密员看守，同时安装电子门禁刷卡系统所有的入

32、口需有保安或保密员看守，同时安装电子门禁刷卡系统 all the entrance are guarded,and electro-guard gate with card flashing system is installed.车间、仓库等区域安排保密员看守车间、仓库等区域安排保密员看守 workshops and warehouse are guarded 办公区与作业区进行物理隔离，并安装门禁系统办公区与作业区进行物理隔离，并安装门禁系统 office and operation areas are separated,a guard gate installed to control

33、 in and out.保密员对来访供应商、客户实行登记记录，并封闭手机摄像头，对需保密员对来访供应商、客户实行登记记录，并封闭手机摄像头，对需要拍照的必须提交由工厂厂长签批的拍照申请单要拍照的必须提交由工厂厂长签批的拍照申请单 Secrecy guard registers visiting suppliers,customers and seals camera on the phone,to those who need to take photos in the workshop they have to submit application to factory director f

34、or grant.A类场所登记表类场所登记表物理安全内容物理安全内容 Content of Physical Security1.物理进入控制物理进入控制 Physical Entrance control2.有警报的侵入探测系统有警报的侵入探测系统 Intruder Detection System with Alarm3.视频监视视频监视 Video Surveillance 4.警卫警卫 Guard5.访客管理访客管理 Visitor Management6.服务器机房服务器机房 Sever Room7.紧急处理程序紧急处理程序 Emergency Response Procedure有

35、警报的侵入探测系统有警报的侵入探测系统 intruder detection system with alarm在厂房周边围墙设置全天侯监测摄像头在厂房周边围墙设置全天侯监测摄像头 around the clock detection cameras are placed around the factory安装红外线报警器，实施远程报警安装红外线报警器，实施远程报警 infrared ray alarm installed to implement long-distance warning有警报的侵入探测系统有警报的侵入探测系统Intruder detection system with

36、alarmIntruder warning system物理安全内容物理安全内容 Content of Physical Security1.物理进入控制物理进入控制 Physical Entrance Control2.有警报的侵入探测系统有警报的侵入探测系统 Intruder Detection System with Alarm3.视频监视视频监视 Video Surveillance 4.警卫警卫 Guard5.访客管理访客管理 Visitor Management6.服务器机房服务器机房 Sever Room7.紧急处理程序紧急处理程序 Emergency Response Proc

37、edure视频监视Video SurveillanceAAA公司各公司各入口处安装入口处安装CCTV，监控系统并进行，监控系统并进行24小时监控小时监控CCTV系统，系统，每季度须进行一次测试保养，确保其正常有效使用，测试及保养记录留每季度须进行一次测试保养，确保其正常有效使用，测试及保养记录留存存30天备查天备查。All entrances of metal factory are installed CCTV,and watched by surveillance system 24hours around.Every Quarter cctv is maintained to make

38、sure it works well,records of the test and maintenance will be stored for 30days.入口处设置密码进入系统，凭密码方可进入，办公室移交客户使用后，入口处设置密码进入系统，凭密码方可进入，办公室移交客户使用后，由客户工作人员对密码进行修改并移交客户使用。由客户工作人员对密码进行修改并移交客户使用。Only workers that have password can enter into the system,when customers use the offices,the password is changed

39、by our CS personnel and tell the customer.客户办公室为重要场所。如因工作需要进入需事先征得客户同意，否则客户办公室为重要场所。如因工作需要进入需事先征得客户同意，否则任何人员不允许进入任何人员不允许进入。Customer office area is of high importance,without customers permission,nobody is allowed to enter.监控室安装门禁 Surveillance room is installed with gate guard 监控室监控录像 surveillance vi

40、deo视频监视 所有所有CCTV设备的时间和日期必须保持一致设备的时间和日期必须保持一致 Time and date of all the cctv equipment shall be consistent CCTV监控室必须为控制区域，限制人员出入监控室必须为控制区域，限制人员出入 CCTV surveillance room is a controlled area,outsiders are not allowed to enter without permission CCTV的画面必须保证能够分辨进入受限制或敏感区域的的画面必须保证能够分辨进入受限制或敏感区域的 个人和车辆。个人和

41、车辆。屋顶或远景的摄像头必须能够分辨移动物体屋顶或远景的摄像头必须能够分辨移动物体 Pictures of cctv must be visually clear about people and vehicles entering restricted areas.Roof and long distance Cameras should be able to tell moving objects.物理安全内容物理安全内容 Content of Physical Security1.物理进入控制物理进入控制 Physical Entrance Control2.有警报的侵入探测系统有警报的

42、侵入探测系统 Intruder Detection System with Alarm3.视频监视视频监视 Video Surveillance 4.警卫警卫 Guard5.访客管理访客管理 Visitor Management6.服务器机房服务器机房 Sever Room7.紧急处理程序紧急处理程序 Emergency Response Procedure警卫 Guard所有所有A类场所进入口设置保密员类场所进入口设置保密员Entrance of all classified A areas is placed with guard保密员实行保密员实行24小时上岗制小时上岗制 Guard w

43、orks 24hours per day by 3 shifts 负责负责A类场所人员出入的登记类场所人员出入的登记 register people in and out A areas.检查出入人员是否符合管理规定检查出入人员是否符合管理规定 Check workers to make sure they all observe rules 负责对负责对A类场所货物进出进行严格控制，对出入货物进行详细登记及存类场所货物进出进行严格控制，对出入货物进行详细登记及存档，并对进出货物进行查询，看其是否符合规定，如不符合便禁止其带档，并对进出货物进行查询，看其是否符合规定，如不符合便禁止其带出并将其

44、扣留出并将其扣留 strictly control parts in and out of A areas,record and keep evidence,check the parts to see whether it is allowed to take out,if not,keep away the parts and report to superior.物理安全内容物理安全内容 Content of Physical Security1.物理进入控制物理进入控制 Physical Entrance Control2.有警报的侵入探测系统有警报的侵入探测系统 Intruder D

45、etection System with Alarm3.视频监视视频监视 Video Surveillance 4.警卫警卫 Guard5.访客管理访客管理 Visitor Management6.服务器机房服务器机房 Sever Room7.紧急处理程序紧急处理程序 Emergency Response Procedure访客管理 visitor management管制办法：外来人员进出公司实行全程陪同管理并需佩带相应的身份识别管制办法：外来人员进出公司实行全程陪同管理并需佩带相应的身份识别证证managing method:visitors will be accompanied by

46、responsible workers of AAA and shall wear ID card.省、部级以下政府官员来访参观报告相关事业部最高主管省、部级以下政府官员来访参观报告相关事业部最高主管 government officials(provincial and ministry levels excluded)visit company shall report division top management.客户在厂区内参观时接待单位应派人陪同客户在厂区内参观时接待单位应派人陪同 when customers tour around the factory,inviting de

47、partment should accompany.客户参观时必须严格执行客户参观时必须严格执行A类场所管理规定，所携带类场所管理规定，所携带PC必须按照要求接受必须按照要求接受检查登记，并按要求封闭摄像头检查登记，并按要求封闭摄像头 Visiting customers must observe A classified area management,their PCs are registered along with cameras sealed.接待宾客原则上只能在会议室进行，如因情况特殊须带入办公室或其它场接待宾客原则上只能在会议室进行，如因情况特殊须带入办公室或其它场所的，必须有

48、相关人员陪同，并禁止访客在厂区内拍照所的，必须有相关人员陪同，并禁止访客在厂区内拍照 visitors are welcomed at the meeting room,for special reasons,visitors enter offices area or other places must be accompanied by AAA workers,and taking photo is prohibited.外来施工人员比照访客凭有效证件发放外来施工人员比照访客凭有效证件发放外来施工施证外来施工施证，施工人员在厂，施工人员在厂区施工期间及进出门岗位必须佩戴识别证，不能随意进入

49、施式无关域区施工期间及进出门岗位必须佩戴识别证，不能随意进入施式无关域 Outside construction workers will be granted approved construction ID card,and they must wear the ID card during work or in and out the factory,they are not allowed to enter places unrelated to the construction areas.物理安全内容物理安全内容 Content of Physical Security1.物理进入

50、控制物理进入控制 Physical Entrance Control2.有警报的侵入探测系统有警报的侵入探测系统 Intruder Detection System with Alarm3.视频监视视频监视 Video Surveillance 4.警卫警卫 Guard5.访客管理访客管理 Visitor Management6.服务器机房服务器机房 Sever Room7.紧急处理程序紧急处理程序 Emergency Response Procedure样品安全管理规定Samples Management Process 样品柜样品柜sample cabinet 样品柜样品柜sample c