IT风险管理报告-赛门铁克

geqing1017
0 ℃
2017-08-14

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

IT200612120072ITRISKMANAGEMENT–GregHughesITIT............................................................................................................2.................................................................................................................31–IT.....................................................................................................5ITITIT2–IT........................................................................................13ITIT3–IT.............................................................................23ITITIT4–IT..........................................................................................31IT5–IT...............................................................................................37IT–................................................................................................................42................................................................................................................442(IT)ITITITIT500ITITITIT••IT•()ITITITITITITITIT()3ITITITIT•IT1IT•ITIT2IT•IT2•IT3IT•51IT50%ITIT•–•–•–•–ITIT56ITIT?ITITITIT•ITIT•ITIT7•ITIT(IT)1ITITIT1IT•–•–()•–(IT)•–ITIT1()ITITITITITIT1IT8ITITIT––––––––––––––––•••(HIPAA)•––IT––––––––––––IT–––––IT––––IT?200510200610528IT–IT(n=310)*IT122ITIT()IT9IT0%20%40%60%80%100%–(SCM)––––––*–(n=)IT66%53%IT27%33%ITITITIT3(n=528()n=310)3IT66%70%55%–36%44%10IT0%20%40%60%80%100%IT–ITITIT20,00033%15%28%4%IT511–––––ITIT–2ITITIT13ITITIT(ChiefRiskOfficer)ITITInfrastructureLibrary(ITIL®)ISO17799COBIT®ITITIT(IT)((ISO/IEC17799:20052)COBIT3ITIL4)IT()14ITIT15IT–IT––––––––––––()–––ITITIT(n=310)44IT68%75%38%75%ITITITITIT16IT100%80%60%40%20%0%10%25%50%75%90%IT5580%77%75%()55%52%43%75%ITEvergreenSystemsITIL5IT4IT1710%25%50%75%90%IT0%20%40%60%80%100%ITIT633%25%6ITILISOCOBIT618IT100%80%60%40%20%0%••()•ITITIT31016•–(76n=77)•–(5175n=78)•–(2650n=77)•–(25n=78)IT(67IT)IT77ITITITITIT1912345ITITITITITITITIT()16IT8–7–8(//)()20IT8()()()IT1621IT123453IT––IT23ITIT–ITITCIO2007IT7ITITITITITITIT–ITITITITITIT24ITITITITITITITIT()()()()ITIT9:IT16%22%44%9IT()25100%80%60%40%20%0%IT10ITIT22%8%12%10IT()239%IT75%27%ITITIT––IT260%20%40%60%80%100%EITITITITIT–27ITIT24IT––ITIT24–ITITITITITITITITITCIOITITITITITITITIT28291.522.()53.ITIT10%()–5554.ITIT10%()1020474ITITITIT31ITITITITIT200685,00089ITITIT()ITIT(11)32ITITIT11IT1–ITIT()•(IT)••ITITITITITIT33ITIT12345IT2–ITITIT...()()IT3–IT344–ITIT()5–ITITITIT•IT••IT35–375ITITIT37IT(=310)IT•IT(35%)IT•IT(23%)ITITIT•IT(42%)IT12IT–ITITITIT3812IT13IT()IT()13ITITITITITIT39IT-ITITITIT–ITITIT()IT?ITITITITIT4ITIT4041IT–ITIT––ITITITITITITITITITCIOITITITIT4243200510200610528ITITEcosystemsLLC5282183105283103744A1528121613081ITA2450102030405060708090121202040608010012012152299A3A45284601020304050607080901001220,0005,00120,0001,0015,0001,00005010015020025035030012亞太區歐洲、中東及非洲地區拉丁美洲北美洲52892()•–11•–19•–19•–18•–18•–2310125=6=610=10471MichaelPorter.CompetitiveAdvantage:CreatingandSustainingSuperiorPerformance.(NewYork:TheFreePress,1985)2InformationTechnology–SecurityTechniques–CodeofPracticeforInformationSecurityManagement.(ISO/IEC17799:2005(E).(Geneva:InternationalOrganizationforStandardization,2005)3AligningCOBIT,ITILandISO17799forBusinessBenefit.(RollingMeadows,IL:ITGovernanceInstituteandNorwich,UK:OfficeofovernmentCommerce,2005)4ITInfrastructureLibrary,(Norwich,UK:OfficeofGovernmentCommerce)5ITILChangeManagementMaturityBenchmarkStudy.(Sterling,VA:EvergreenSystems,Inc.,20067)6SunnyGupta.ITILAdoption.E-BusinessBlog,(LosAngeles:Line56.com,20061013)7CIOMagazine.StateoftheCIOSurvey.(Boston:InternationalDataGroup,2007)8LawrenceGordon,MartinLoeb,WilliamLucyshynandRobertRichardson.2006CSI/FBIComputerCrimeandSecuritySurvey.(SanFrancisco:ComputerSecurityInstitute,2006)9FromContingencytoContinuity.InformationAge,(London:Infoconomy,Ltd.2004210)Adner,Ron.MatchYourInnovationStrategytoYourInnovationEcosystem.HarvardBusinessReview,20064Broussard,Frederick,StephenElliot,andTimGrieser.ITILPenetrationisMovingFasterthanYouMightThink:SomeRe-sultsoftheSystemManagementSoftwareStrategiesStudy.Framingham,MA:IDC,20063Champy,James.FourStepstoSuccessfulIT/BusinessAlignmentSearchCIO.com.Needham,MA:TechTarget,2005511Craig,David,andRanjitTinaikar.DivideandConquer:RethinkingITStrategy.McKinseyonIT,Fall2006:4-13Froot,Kenneth,DavidScharfstein,andJeremyStein.AFrameworkforRiskManagement.HarvardBusinessReview,199411-12:Hughes,Greg.FiveStepstoITRiskManagementBestPractices.RiskManagementMagazine,20067:34-40Kolodgy,CharlesJ.,ChristianA.Christiansen,BrianE.Burke,SallyHudson,AllanCarey,RoseRyan,J.D.Top10Predic-tionsforSecurityin2006:CounteringCraftyCriminalsandInsidiousInsiders.Framingham,MA:IDC,20063Lassiter,Lee.CIOGuidetoSarbanesOxley.Edgewater,MD:ReymannGroup,Inc.,20051Macauley,Tyson.OperationalRiskandResiliencyFrameworks,Ataleoffiveriskmanagementcharactersandhowtheyfitintoyourorganization.