ATBMTTDN ChgI TONGQUAN PDF

Bi ging An ton v bo mt thng tin
doanh nghip
Nguyn Th Hi - B mn CNTT
9/22/2010 B mn CNTT 1
Bi ging mn:
An ton v bo mt thng tin
Doanh nghip
B mn CNTT
Khoa Tin hc Thng mi
9/22/2010 B mn CNTT 2
1. Mc ch v yu cu
Mc ch ca mn hc
Cung cp nhng kin thc c bn v an ton
v bo mt thng tin doanh nghip
Cung cp thng tin v cc nguy c tn cng
thng tin v phng php m bo an ton
cho h thng thng tin doanh nghip
Gii thiu mt s ng dng ca cng ngh
trong m an ton v bo mt thng tin doanh
nghip
doanh nghip
9/22/2010 B mn CNTT 3
1. Mc ch v yu cu (t)
Yu cu cn t c
Nm vng cc kin thc c bn v an ton v
bo mt thng tin doanh nghip
C kin thc v cc nguy c tn cng v v
cc phng php m bo an ton cho h
thng thng tin doanh nghip
S dng c mt s ng dng c trong
vic m bo an ton thng tin doanh nghip
9/22/2010 B mn CNTT 4
2. Phn phi chng trnh
Mn hc gm 2 tn ch (45 tit) phn phi
nh sau:
Nghe ging: 30 tit l thuyt
Tho lun v thc hnh: 6 tit
c ti liu tham kho: 9 tit
doanh nghip
9/22/2010 B mn CNTT 5
3. Ni dung mn hc
Chng 1:
Tng quan v an ton v bo mt thng tin doanh nghip
Chng 2:
Cc hnh thc tn cng vo thng tin doanh nghip
Chng 3:
Cc phng php phng trnh v khc phc
Chng 4:
Cc h m ha
Chng 5:
ng dng cng ngh trong an ton v bo mt thng tin
9/22/2010 B mn CNTT 6
4. Ti liu tham kho
[1] Gio trnh An ton d liu, B mn CNTT, i
hc Thng Mi, 2007.
[2] Phan nh Diu, L thuyt mt m v an ton
thng tin, i hc Quc gia H Ni, 1999.
[3] William Stallings, Cryptography and Network
Security Principles and Practices, Fourth Edition,
Prentice Hall, 2005
[4] Man Young Rhee. Internet Security:
Cryptographic principles, algorithms and
protocols. John Wiley & Sons, 2003.
doanh nghip
Ni dung chng I:
CC KHI NiM C BN V AT v BMTT
1. Khi nim
An ton v bo mt thng tin
Vai tr ATBM trong DN
Cc nguy c
Phn loi cc nguy c
Cc nguy c thc t ca doanh nghip
Phng trnh
Khc phc
2. Mc tiu v yu cu ca ATBMTTDN
Mc tiu
Yu cu
Quy trnh
3. M hnh v nh hng ATBMTTDN
M hnh
nh hng
9/22/2010 B mn CNTT 7
1. Khi nim an ton thng tin
9/22/2010 B mn CNTT 8
Mnh kha
nh ny
cha nh???
=> Thng tin khng b hng hc, khng b sa i v
khng b mt mt
doanh nghip
An ton thng tin
Mt h thng thng tin c coi l an ton khi
thng tin khng b lm hng hc, khng b sa
i, thay i, sao chp hoc xa b bi ngi
khng c php
Mt h thng thng tin an ton th cc s c c
th xy ra khng th lm cho hot ng ch yu
ca n ngng hn v chng s c khc phc
kp thi m khng gy thit hi n mc nguy
him cho ch s hu.
9/22/2010 B mn CNTT 9
Minh ha
9/22/2010 B mn CNTT 10
doanh nghip
Bo mt h thng
Bo mt thng tin l duy tr tnh b mt, tnh trn
vn v tnh sn sng ca thng tin.
B mt ngha l m bo thng tin ch c tip cn
bi nhng ngi c cp quyn tng ng.
Tnh trn vn l bo v s chnh xc, hon chnh ca
thng tin v thng tin ch c thay i bi nhng
ngi c cp quyn.
Tnh sn sng ca thng tin l nhng ngi c
quyn s dng c th truy xut thng tin khi h cn
H thng c coi l bo mt (confident) nu tnh
ring t ca ni dung thng tin c m bo
theo ng cc tiu ch trong mt thi gian xc
nh.
9/22/2010 B mn CNTT 11
Cc yu t cn xem xt trong
bo mt h thng thng tin
Yu t cng ngh:
Nhng sn phm nh Firewall, phn mm
phng chng virus, gii php mt m, sn
phm mng, h iu hnh
Nhng ng dng nh: trnh duyt Internet v
phn mm nhn Email t my trm
Yu t con ngi:
L nhng ngi s dng my tnh, nhng
ngi lm vic vi thng tin v s dng my
tnh trong cng vic ca mnh
9/22/2010 B mn CNTT 12
doanh nghip
Hin trng v ATBM TTDN Vit Nam
Theo bo co ca VNISA cui thng 11
nm 2009
9/22/2010 B mn CNTT 13
Mt s s kin ni bt v ATBMTT
ti Vit nam 2009
1. B TT&TT hon thnh D tho Quy hoch ATTT quc gia
2. Tn cng Websites Hn quc-M v tranh lun Vit nam
3. S v vic ti phm mng gia tng trong khu vc ngn hng v
chng khon
4. CA cng cng u tin ra i
5. Mt s mng chnh ph Vit nam c cng b trong danh sch b
hack bi mng gin ip quc t Ghostnet
6. Cc mng 3G v chun b ra i!
7. Mt cng ty bn Phn mm nghe ln v n cp tin nhn trn T di
ng
8. Cc phn mm dit virut ni c ph c qung b mnh m
9. Vit nam tch cc tham gia HT QT v chng khng b mng
10. Gia tng xu hng tip cn vn ATTT mt cch h thng
doanh nghip
Xu hng pht trin ca cc him ha mt ATTT
(slide nm 2008)
Trong vi nm ti (2009-2012):
Kt qu kho st 2009 ca VNISA
doanh nghip
i tng kho st
T chc ca qu v thuc lnh vc no?
9%
12%
15%
25%
11%
2%
26%
T chc Hnh chnh s nghip
trc thuc Trung ng
T chc Hnh chnh s nghip
trc thuc a phng
Doanh nghip nh nc
Doanh nghip ngoi quc doanh
Doanh nghip nc ngoi, lin
doanh, c vn nc ngoi
Tchc phi chnh ph
Khc
doanh nghip
T chc ca qu v c khong bao nhiu nhn vin s
dng my tnh ?
40%
38%
15%
7%
1- 50
50 500
Trn 500
Khng r
a s di 500
Doanh s hng nm ca t chc qu v l bao nhiu?
27%
17%
20%
10%
7%
7%
2%
10%
Khng c doanh s
Di 1 t
T 1 10 t
T 10 t di 50t
T 50 t di 100 t
T 100 t - di 500 t
T 500 t - di 1000
t
a s di 50 t
doanh nghip
Nhn thc v cc cuc tn cng
H thng ca qu v tng b tn cng mng (Cyber
Attack) hay khng (tnh t 1/2009)?
2007: khong 20% khng bit (t l M nhng nm 2000)!
doanh nghip
Cc tn cng m t chc gp phi k t 1/2008
Nm 2007: ch khong 25%
Ngun gc a ch IP tn cng xut hin t u?
Ncngoi
22%
Trongnc
30%
Khngr
48%
2008
2007
doanh nghip
C c lng c tng i tn tht ti chnh khi
b tn cng khng?
Khng
73%
C
27%
2008
2007
Vai tr ca ATBMTT trong DN
Vai tr:
- ANBM c vai tr quan trng i vi s pht trin bn vng
ca cc doanh nghip
- Thng tin l ti sn v gi ca cc doanh nghip.
- Ri ro v thng tin ca mi doanh nghip c th gy tht thot tin bc,
ti sn, con ngi v gy thit hi n hot ng kinh doanh sn xut
ca doanh nghip
- Ri ro thng tin doanh nghip nh hng uy tn & s pht trin ca
doanh nghip nhng li l vn rt kh trnh khi
=>ANBM khng phi l cng vic ca ring ngi lm CNTT
m l ca mi c nhn v n v trong t chc doanh
nghip
9/22/2010 B mn CNTT 26
doanh nghip
Cc nguy c
Ngu nhin (nguyn nhn khch quan)
Thin tai, hng vt l, mt in,
C ch nh (nguyn nhn ch quan)
Tin tc, c nhn bn ngoi, ph hng vt l, can
thip c ch ,
9/22/2010 B mn CNTT 27
Nhng nguy c ngu nhin
9/22/2010 B mn CNTT 28
Thin tai:
L lt, sng thn,
doanh nghip
Nguy c ngu nhin
9/22/2010 B mn CNTT 29
Nguy c c ch nh
9/22/2010 B mn CNTT 30
T con ngi:
Tin tc, phishing, pharming,
doanh nghip
Nguy c c ch
9/22/2010 B mn CNTT 31
=> Yu cu
9/22/2010 B mn CNTT 32
Ngi m bo an
ton thng tin phi
lun lun cp nht
cc kin thc bo
mt mi hn ch
c cc nguy c
tn cng ngy cng
gia tng nh ngy
nay!
doanh nghip
Cc nguy c thc t doanh nghip
a) Nguy c t bn trong
Nguy c do yu t k thut (thit b mng, my ch,
h thng thng tin.., )
Nguy c do lp k hoch, trin khai, thc thi, vn
hnh(vng i)
Nguy c trong quy trnh, chnh sch an ninh bo
mt
Nguy c do yu t ngi: vn hnh, o c ngh
nghip
9/22/2010 B mn CNTT 33
Mng qu ti
9/22/2010 B mn CNTT 34
doanh nghip
B) Nguy c t mi trng bn ngoi
- Mi trng: h tng nng lng, truyn thng, thm
ho t thin nhin hoc con ngi
- Cc doanh nghip cng ln cng l mc tiu ca
nhiu i tng tn cng t trong nc v quc t.
9/22/2010 B mn CNTT 35
Phng trnh
Phng trnh l cch thc s dng cc
phng php, phng tin, k thut nhm
ngn nga v gim bt cc ri ro m h
thng gp phi
Phn loi:
Phng trnh t bn trong
Yu t con ngi, h m ha, phn cng, phn
mm,
Phng trnh t bn ngoi
Yu t con ngi, m c, Internet,
9/22/2010 B mn CNTT 36
doanh nghip
Khc phc hu qu
Khc phc hu qu l s dng cc phng
php, phng tin v k thut nhm phc
hi li ti nguyn h thng v cc hot
ng ch yu ca n
Phn loi:
Phc hi d liu:
Backup, Recovery data,
Phc hi ng dng:
Backup, phn cng, phn mm chuyn dng,
9/22/2010 B mn CNTT 37
2. Mc tiu v yu cu ca
ATBMTTDN
3 Mc tiu c bn
Pht hin cc l hng ca h thng thng
tin, d on trc nhng nguy c tn
cng
Ngn chn nhng hnh ng gy mt an
ton thng tin t bn trong cng nh bn
ngoi
Phc hi tn tht khi h thng thng tin b
tn cng
9/22/2010 B mn CNTT 38
doanh nghip
Cc yu cu ca ATTT h thng
4 Yu cu
Tnh b mt (Secrecy)
m bo d liu ca ngi s dng lun c bo v, khng
b xm phm bi nhng ngi khng c php
Tnh ton vn (Integrity):
D liu khng b to ra, sa i hay xa bi nhng ngi
khng s hu.
Tnh sn sng (Availability):
D liu phi lun trong trng thi sn sng.
Tnh tin cy (Confidentiality)
Thng tin ngi dng nhn c l ng
9/22/2010 B mn CNTT 39
Cc yu cu trong
m bo an ton thng tin
9/22/2010 B mn CNTT 40
Bo mt
Tnh sn sng
Tnh tin cn
Tnh ton vn
doanh nghip
- Doanh nghip phi m
bo y cc yu t ca
m hnh C-I-A:
Confidentiality, Integrity,
Availability.
- Xy dng trung tm d
phng thng tin trong tng
th an ninh h thng phn
no m bo tnh lin tc
(Availability)
Quy trnh m bo an ton h thng
9/22/2010 B mn CNTT 42
Xc
nh
nh gi
Gim st
ri ro
La chn
gii php
doanh nghip
Quy trnh m bo ATTT HT
Xc nh
Bo v cho ai? Bo v ci g? Bo v nh th no? =>
Rt quan trng
nh gi
a ra cc bin php? nh gi hiu nng, chi ph,
an ton,
La chn gii php
T bc nh gi la chn gii php ti u c th
Gim st ri ro
Lun lun gim st hot ng => Xc nh nguy c
=> => =>
9/22/2010 B mn CNTT 43
Cc bin php m bo ATTT hin
nay trong DN
doanh nghip
C quy trnh thao tc chun
phn ng li nhng cuc
tn cng my tnh khng?
Nu cha c, c nh
hay k hoch xy dng
quy trnh khng?
Khng
53%
C
26%
Khng r
21%
S lng Khng v Chua r cn cao hn 2007
Gn nhu 2007
Nu t chc b tn cng my tnh, qu v s bo
thng tin ny n ai?
Vn l 2 hnh thc chnh
doanh nghip
T chc ang s dng cc cng ngh
m bo ATTT no?
Tng m
Tng mnh
T chc ang dng Firewall ca hng no?
doanh nghip
T chc ang dng phn mm dit virus ca hng no?
AVG
11% BitDefender
4%
BKAV
16%
CMCInternet Security
5%
Kasperky
24%
Symantec
21%
Trend Micro
4%
Khc
6%
Sophos
1%
McAfee
8%
T chc ca qu v c c tun theo hoc c nh tun theo nhng ch d
ca cc chun ATTT no di y khng?
doanh nghip
Vn kh khn nht qu v gp phi trong vic
thc thi bo v an ton cho h thng thng tin l g?
Th t nh 2007, nhung t l cao gp di!
3. M hnh v nh hng m
bo ATTT DN
A. M hnh m bo an ton trn my u cui
9/22/2010 B mn CNTT 52
TI NGUYN
MC MNG
MC VT L
MC D LiU
MC H iU HNH
tro^~ nay` ve~ sai
1
2
3
4
doanh nghip
a) Mc vt l
Chng nguy c mt mt d liu qua ng vt l
nh gi chu ng ca h thng d liu trc
nhng s c bt ng.
Qun l cc truy nhp mc vt l vo phn cng
lu tr
Qun l hot ng ca cc thit b cn bo v v
thit b bov m bo s hot ng ca d
liu mt cch n inh.
9/22/2010 B mn CNTT 53
b) Mc h iu hnh
To v phn quyn ngi dng
Kim sot cc chng trnh ang c
thc thi trong my
Cc file log dng theo di hot ng ca
h thng
Cc chc nng bo mt c tch hp sn
(trnh dit Virus, tng la)
9/22/2010 B mn CNTT 54
doanh nghip
c) Mc mng
S dng cc thit b phn cng chuyn
dng ngn chn s xm nhp tri php
t Internet
Dng cc c ch qun l v phn quyn
ngi s dng
S dng cc giao thc bo mt trn mng
Cc phn mm chng xm nhp tri php
cng nh d tm Virus
9/22/2010 B mn CNTT 55
d) Mc d liu
M ha d liu:
D liu c lu tr di dng bn m.
Phn quyn ngi dng:
Phn ra nhiu mc ngi s dng khc nhau.
Thit lp cc c ch sao lu d liu
Thit lp c ch backup, lu trn nhiu Server
S dng cc chng trnh bo mt th
mcv file
Dng NTFS, h iu hnh LINUX, ..
9/22/2010 B mn CNTT 56
doanh nghip
b. M hnh an ton trong truyn d liu
9/22/2010 B mn CNTT 57
T
h
n
g

b
o

a
n

t
o
n
Thng tin
b mt
Chuyn i
lin quan
n an ton
T
h
n
g

b
o
T
h
n
g

b
o
Thng tin
b mt
Chuyn i
lin quan
n an ton
T
h
n
g

b
o

a
n

t
o
n
i th
Bn th ba ng tin
Bn nhn
Knh
thng tin
nh hng tng cng
ATBMTT DN
58
1. Nng cao nhn thc v ATBM TT cho doanh
nghip
2. Ban hnh cc chnh sch ATBM
3. T chc thc hin & kim tra, kim sot
doanh nghip
1- Nng cao nh n th c v ATBM TTDN
59
- ATBM c vai tr i vi pht trin bn vng ca
doanh nghip
- ATBM khng phi l cng vic ca ring ngi lm
CNTT trong doanh nghip m l ca tt c mi thnh
vin trong t chc
- Doanh nghip cn c chnh sch u t thch ng
cho ATBM TTDN
2- Ban hnh chnh sch
60
R sot, chnh sa v hon thin cc quy nh
nghip v theo hng ng dng cng ngh cao
Tip tc hon thin cc quy nh v an ninh, bo mt
h thng thng tin trong cc n v sn xut kinh
doanh
Tng bc xy dng cc cc tiu chun chung i
vi mt h thng thng tin trong cc n v sn xut
kinh doanh
Xy dng quy ch x l ri ro ng dng CNTT.
doanh nghip
3- T ch c th c hi n & ki m tra ki m sot
61
Thc hin l trnh p dng cc tiu chun ATBM
Tng n v c th ho thnh chnh sch ATBM
ring & t chc thc hin
Cc n v thng xuyn t chc kim tra,nh gi
v mc ATBM ca doanh nghip mnh nhm pht
hin kp thi v tng cng mc m bo ATTT
cho doanh nghip
Kt thc chng I
Trnh by cc khi nim v an ton thng
tin v bo mt thng tin
Vai tr ca ATBM TT trong DN
Cc nguy c tn cng vo HTTT ca DN
Cc yu cu cng nh mc tiu ca vic
m bo an ton v bo mt thng tin
Quy trnh v m hnh m bo ATBM TT
nh hng tng cng ATBMTT trong
DN
9/22/2010 B mn CNTT 62

ATBMTTDN ChgI TONGQUAN PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ATBMTTDN ChgI TONGQUAN PDF

Uploaded by

Copyright:

Available Formats

Bi ging An ton v bo mt thng tin

You might also like