Chnh sch qun tr bo mt thng tin doanh nghip (CISM)

Gii thiu
Thng tin v h thng thng tin l v cng quan trng v c coi l phn ti sn quan trng ca PBB.
Ngn hng s khng th hot ng vi nhng thng tin h thng CNTT khng ng tin cy. Theo lnh
o PBB yu cu thc hin nghim tc vic bo v, hon thin, thng k u v thng tin v h thng
thng tin. Trc nhng yu cu PBB a ra chun chnh sch qun l bo mt thng tin doanh
nghip, gi tt l CISM
Phn bit h thng CNTT: tp hp cc thit b pc, pm em n kh nng tc, x l, truyn ti, lu
tr thng tin theo mt yu cu nht nh.
Thng tin l s phn nh s vt, s vic, hin tng ca th gii khaki quan v cc hot ng ca
con ngi trong i sng x hi. D liu l s phn nh gi tr thng tin mc i lng.
Thng tin ca PBB phi c bo v mc tng ng vi tm quan trng ca n. Cc bin php bo
mt thng tin phi c p dng tt c cc dng thng tin (giy, file).
Cc lnh o phi m bo thng tin v h thng thng tin ang c bo v mc tng ng. t
c mc tiu ny, thng tin v h thng thng tin, quy trnh phi c kim tra nh k v cc l hng
phi c bo co kp thi sa cha.
Chnh sch bo mt c to lp v qun l tp trung bi b phn CNTT nhng ngi m c trch nhim
m bo an ton, bo mt cho h thng thng tin.

I.

Bo mt d liu.

D liu hay thng tin l ti sn quan trng ca doanh nghip, thng tin phi chnh xc, kp thi, ph hp
v c bo v ng cch
Bo mt d liu l vic xc nh cc yu cu an ninh, bo mt cho vic x l, lu tr v thao tc trn d
liu.
Tiu ch ca bo mt d liu: bo mt, ton vn, sn sang.
-

Bo mt: l vic xc lp gii hn, xc thc, m ha.

Ton vn: l vic m bo ni dung khng b thay i, sa cha.
Sn sng: l vic m bo c th s dng ngay khi c nhu cu.

D liu cn c phn loi theo mc quan trng v nhy cm. Chnh sch bo mt c p dng cho
tng mc bo mt.
D liu trn my tnh c nhn, email c nhn, cc cuc gi in thoi c nhn v bn nhn vin u phi
c xem xt trn quan im ring t, ngoi tr s chp thun ca cp qun l.
Nu d liu hay thng tin b mt hoc nghi ng b mt, bn cn thng bo cho b phn IT ngay lp tc.

II.

Phn mm ng dng.

P.m ng dng l nhng cng c p.m phc v cho cng vic, c lnh o, IT ph duyt cho php ci
ln my tnh nhn vin. P.m ng dng phi c phn loi, c p dng cc chnh sch bo mt tng
ng v cn c phng n sao lu, khi phc.
Vic phn loi da trn tm quan trng, mc nh hng vi hot ng NH (citad vs offices).
Cc ng dng cn c ng k bn quyn vi i tc v chc chn nhn c s h tr cng nh nng
cp u i khi cn thit.
Vic s dng p.m ng dng phi tun th lut php, khng t sao chp, ci t. tuyt i khng s dng
p.m, ng dng khng c bn quyn.
Ch s dng p.m ng dng trong khun kh doanh nghip, cm mi hnh vi sao chp bn quyn p.m, hay
chuyn giao cho bn th ba.
B phn IT nh k kim tra, gim st h thng my tnh, PCs nhm m bo vic tun th nghim ngt
cc quy nh ny.

III.

Chnh sch bo mt phn mm h thng

Mc ch
Nhng chnh sch ny nhm kim sot qu trnh truy cp v cc c ch nhm m bo an ninh phn
mm.
Ti khon v Mt khu: l ti sn ngn hng c giao cho c nhn v phi tuyt i gi b mt. Trong
trng hp b l hoc nghi ng b l cn bo ngay cho IT x l
Mt khu.
Yu cu v di ti thiu: 8
phc tp mt khu: hard / difficult bao gm ch hoa, ch thng, s, k t c bit
Khuyn ngh: nn l s kt hp (trn ln) ca cc s kin c nhn m gn gi vi bn nh: trng, lp,
bi ht, ngy sinh, bin s
i vi dng mt khu chuyn giao: phi p dng cc c ch thch hp nh sinh ngu nhin v in t ng
trn giy Pin Mailer.
Thi gian ti a yu cu thay i mt khu mi: 90 ngy
Hn ch s ln truy cp lin tip khng thnh cng: 5 ln.
Mt khu mc nh phi c thay i ngay khi c nhn.
Mt khu khng c ct gi dng c c trn giy, trn cc file lnh, file log. Mt khu phi lun
c m ha khi cu hnh, lu gi, truyn thng.
Vic truy cp ti c s d liu cha tn v mt khu ca h thng CNTT cn c gii hn nghim ngt,
ch c cc nhn vin chuyn trch mi c truy cp.
Ngi qun tr ch c thng bo mt khu cho ngi s dng l ngi dng mi v ngi dng qun
mt khu vi s ph chun ca lnh o.
Ngi dng phi log-off hoc kha my tnh (lock) khi ri khi my.
Nu my tnh c kt ni vo mng bn phi thc hin tt my tnh ngt kt ni v log-off.
Vi nhng ti khon c c quyn (root, administrator) cn c kim sot nghim ngt bi nhng ngi
c thm quyn.

Tt c cc ng dng lin quan n hot ng ca NH phi ghi nhn v lu tr hot ng ngi dng (truy
vn, thm, sa, xa).
Nht k ngi dng trn tt c cc h thng phi c lu gi t nht 7 nm.
Nht k ngi cng cung cp d liu hiu qu cho vic thm tra h thng hon thin chnh sch bo mt.

Chapter 4. Computer Network Security Policy

Mc ch ca nhng chnh sch ny l thit lp quy trnh, th tc cn thit nhm bo v an ton
thng tin trn h thng mng.
V vic truy cp mng & ti nguyn h thng.
Mt khu truy cp phi dng kh on (hard)
Vi vic cp ti khon cho ngi dng mi, hoc thay i quyn cho ti khon cn c thc hin
vi s ng ca lnh o bng vn bn.
Vi cc c nhn khng thuc PBB khi c nhu cu s dng mng, ti nguyn h thng trong mt thi
gian nht nh: phi c s ng ca lnh o, qun tr h thng phi c thng bo cp v thu
hi quyn, ti nguyn ng thi gian.
V vic kt ni vi bn th ba
Cc bn th ba khng c quyn kt ni vo mng ca PBB, hay thit b ca PBB. Ngoi tr trong mt
s trng hp c bit cn kt ni ti cc c quan c thm quyn vi s chp thun ca trng phng
CNTT.
Quyn qun tr h thng cn c nh gi li sau mi 6 thng. Theo gim c CNTT s quyt
nh vic tip tc cp quyn hoc rt bi quyn ca cc ti khon.
Tt c nhng thay i nh ci t phn mm ng dng mi, thay i lp a ch mng, cu hnh li
thit b, thm ng truyn: phi c s ng ca trng phng CNTT v phi c ti liu ha
qun l.
Tt c nhn vin khi s dng ti nguyn mng PBB, khng c php thit lp kt ni ti cc mng
khc (modem, VPN, 3g). trong trng hp c bit cn c s ng ca trng phng CNTT
Truy cp t xa
Truy cp t xa phi c kim sot cht v s dng xc thc hai nhn t ch ln.
Cc my tnh dng kt ni ti PBB t xa phi m bo cc yu cu an ton bo mt nh phn
mm chng virus cp nht thng xuyn. Tuyt i khng c s dng my tnh cng cng.
Vic truy cp t xa ch thc hin cc tc v c chp nhn, khng cho php lm cc cng vic
khc.
Truyn thng.
Khi cc thng tin nhy cm cn truyn qua mng, cc thng tin ny cn c m ha.
S dng nhng phng thc thng mi ph bin nh 3DES v c thng qua bi phng trng
phng CNTT.
Nht k.

Tt c truy cp hay truyn thng cn c ghi nht k. Cc nht k ny cn c lu tr t nht 7

nm, trong sut thi gian ny nht k cn c bo mt trnh b mt cp hoc thay i. nht k ny l
rt quan trng cho vic tm ra li, khm ph l hng v sa cha, ng thi cng l c s (kim
ton) h thng.
Cn nhc.
Mi nhn vin c yu cu cn nhc trc nhng nghi ng v an ninh h thng: virus, spam, tn
cng, mt mt thng tin.. v c trch nhim bo ln trng phng CNTT v phng Kim sot.
Tt c li, s c hoc nhng thao tc sai lien quan phn mm hay h thng cn c khn trng bo
v phng CNTT, vic l i nhng li lm nh c th dn n nhng vn nghim trng.
Qun l thit b.
Tt c cc thit b CNTT cn c t trong khu vc ring c bo v trnh mt cp v s tc
ng t bn ngoi ca cc nhn vin, i tc khng c phn s. Nhng my tnh cha ng nhng
thng tin nhy cm cng cn c t trong cc khu vc ring, ch c cc nhn vin c php mi
c th tip cn.
Trong trng hp cc nhn vin hay i tc c tip cn khu vc, thit b CNTT ny vi s chp
thun ca lnh o th cn c s gim st cht ch ca cn b chuyn trch.

chapter 5. Internet & Email.

Quy inh chung: Truy cp Internet cho vic tm kim, trao i thng tin phc v cho mc ch thng
mi ca PBB. Ngi dng c trch nhim s dng Internet theo quy nh ca php lut, ngoi ra cn
phi tun th chnh sch bo mt ca PBB. Vic vi phm cn c x l nghim khc.
Nhn vin ca PBB khng c s dng email khng chnh thng cho cc hot ng giao dch
thng mi vi i tc. V cng khng c s dng email chnh thng cho cc mc ch c nhn
khc (mua sm, din n, kt bn)
Chnh sch
Cc yu cu v thm mi ti khon Internet cho nhn vin c yu cu hon thnh mu n c s
chp thun ca lnh o v trng phng CNTT.
Ngi dng khng c chia x ti khon Internet vi ng nghip, bn b ngoi tr ti khon c
n nh l ti khon dng chung.
Vic truy cp Internet c ghi nht k v ngi dng c trch nhim vi ti khon ca mnh trong
vic tun th cc chnh sch an ninh ca PBB.
Mt khu cn c thay i thng xuyn. Bt k c gng truy cp ti khon ca ngi dng khc
mt cch tri php u b nghim cm.
Kt ni truy cp internet ch c sn trong mt khong thi gian xc nh. Kt ni ngoi thi gian quy
nh cn c s ng ca lnh o v Trng phng Cng ngh thng tin.
C x trn mi trng Internet: ngi s dng c thi vn ha hp l trn mi trng Internet.
Khng s dng Internet cho cc hot ng khng ng mc ch c bit l cc tr chi trn mng.
Cc dch v ngang hng nh P2P v cc dch v chat nh IRC hay vic ti hoc sao chp phn mm
khng bn quyn, phn mm b kha t internet l b cm. Cc dch v trn c th tip tay cho hacker
ph hoi hoc n cp thng tin doanh nghip, c nhn vi phm hon ton chu trch nhim v hnh vi
ca mnh.
Vic truy cp cc ni dung vi phm thun phong m tc, tham gia cc trang mng c l vi phm
php lut v phi chu trch nhim c nhn trc php lut.
Vic gi th c nh km tp c dung lng ln l khng khuyn khch v c th nh hng n hot
ng chung ca h thng.
Qun tr.
PBB tin hnh gim st ni dung, ghi nht k truy cp Internet m bo an ninh h thng v c s x
l cc vi phm.
PBB tin hnh gim st ni dung d liu Internet m bo quyn li, s ton vn ca h thng v
d liu.

Chapter 6: My tnh c nhn.

L nhng chnh sch, quy nh nhm m bo an ninh trong vic s dng my tnh ti phng lm vic
cng nh trn cc my tnh xch tay (portable) l ti sn ca PBB.
Cc my tnh ca PBB phi c s dng trong mi trng bo mt, c s kim sot tng ng v
phn mm, phn cng v d liu bng nhng cng c ph hp.
Chnh sch:
Cc my tnh ca PBB ch c s dng bi nhn vin PBB v phc v cho mc ch cng vic.
Mi my tnh c gn quyn bi b phn IT cho mt nhn vin c th.
Cc nhn vin c o to/hng dn v s dng my tnh v cc chnh sch c bn ca PBB.
Tt c cc my tnh u phi tun th cc yu cu v cu hnh phn cng v phn mm do b phn IT
a ra.
My tnh phi c t trong mi trng ph hp trnh ni m t, nhim in t, khu vc thiu v
sinh hay ni c ngun in khng an ton. Vi cc my tnh cha cc ng dng, d liu quan trng
cn c trang b thit b UPS.
Cc my tnh nn c t trong khu vc an ton c ca kha v c bo v sau khi gi lm.
Cc my tnh khng c t tho ri, di chuyn m khng c s ng ca b phn IT.
Cc my tnh xch tay ch c s dng bi cc nhn vin chuyn trch v cng phi tun th y
cc quy nh v an ninh ca PBB.
Vic mt mt phn cng hoc phn mm cn c bo ngay cho trng b phn IT.
Ngi dng nn cu hnh ch mn hnh ch (screen saver) sau 10p v c mt m bo v.
Thit b quay s nh modem khng c php trn my tnh ngoi tr c s ng ca trng b
phn IT.
Cc phn mm thng mi mua bi PBB v ch c s dng bi PBB, vic sao chp hay thay i
bn quyn ca PBB l vi phm php lut.
Vic s dng cc phn mm khng c s cho php ca PBB trn my tnh c nhn u b nghim
cm.
Nhng d liu c nh gi quan trng cn c lu d phng nh k v hy theo ng quy trnh
khi khng cn c s dng.
Vic sao chp d liu hay chng trnh v bt k mc ch g phi c s ng ca lnh o v
trng b phn IT.

Chapter 9: Internet Banking and Mobile Banking Security Policy