本資訊安全管理系統(ISMS)稽核課程,將以ISO/IEC 27001:2013版之內容為依據,逐一介紹該條文,並輔以組織進行ISMS建置之實務案例介紹,包括資安政策、風險評鑑、到管理控制措施之建立,並配合各階程序書之管控,到內部管理稽核及外部稽核之流程,希望學員對ISMS內容及ISO驗證稽核實務有所了解。另亦將2018年5月剛通過之資通安全管理法條文及最新國家資通安全發展方案內容進行分析,讓學員對資安管理發展趨勢有所掌握。
《 課程簡介 -- English 》
The Information Security Management System (ISMS) audit course will use the content of ISO/IEC 27001:2013 as a basis to introduce the clauses one by one, supplemented by practical case presentations on the organization of ISMS development, including security policies and risk assessments. The establishment of various management and control measures, together with the management and control of the various stages of procedures, and the process of internal management audits and external audits, hopes that the students will have an understanding of the ISMS contents and ISO certification audit practices. It also analyzes the provisions of the Cyber Security Management Law that passed in May 2018 and the contents of the latest state-owned security development plan so that trainees can grasp the development trend of the security management.
|