中海信托信息安全風險評估及整改項目技術方案

1、北京天融信公司第32頁目錄1概述概述.................................................................................................................................................351.1項目背景................................................

2、.................................................................................351.2項目目標.................................................................................................................................3

3、51.3項目內容.................................................................................................................................361.4項目設計原則........................................................................

4、.................................................371.5項目范圍.................................................................................................................................381.6文件和法律法規(guī).....................

5、................................................................................................382天融信對本項目的理解天融信對本項目的理解.....................................................................................................

6、............392.1對項目目標的理解.................................................................................................................392.2對項目特點的理解.....................................................................

7、............................................393項目總體方法與流程項目總體方法與流程.....................................................................................................................413.1概述...............................

8、..........................................................................................................413.2天融信風險評估方法....................................................................................................

9、.........443.3本項目采用的安全風險評估方法.........................................................................................453.4技術難點和關鍵突破.........................................................................................

10、....................484信息資產調查和賦值信息資產調查和賦值.....................................................................................................................504.1信息資產概述...................................................

11、......................................................................504.2信息資產分類.........................................................................................................................504.3保護對象框架.......

12、..................................................................................................................564.4資產識別過程...............................................................................................

13、..........................584.5信息資產賦值.........................................................................................................................594.6賦值工作操作方法指南...............................................

14、..........................................................645IT設備評估設備評估....................................................................................................................................665.1評估的過程.......

15、......................................................................................................................665.2評估的方法............................................................................................

16、.................................685.3評估的內容.............................................................................................................................705.4評估的風險和應對.......................................

17、..........................................................................726網絡設備安全風險評估網絡設備安全風險評估.................................................................................................................736.1評估過程描

18、述.........................................................................................................................746.2評估的方法........................................................................................

19、.....................................776.3評估的內容.............................................................................................................................786.4評估的風險和應對...................................

20、..............................................................................817應用系統(tǒng)和管理安全風險評估應用系統(tǒng)和管理安全風險評估.....................................................................................................817.1評估過程描述.

21、........................................................................................................................847.2評估方法...........................................................................................

22、......................................467.3評估內容.................................................................................................................................477.4風險及應對措施................................

23、.....................................................................................608安全增強與加固安全增強與加固......................................................................................................................

24、.......618.1安全加固內容.........................................................................................................................628.2安全加固流程......................................................................

25、...................................................649應急響應服務應急響應服務.................................................................................................................................659.1服務目標：...............

26、..............................................................................................................65北京天融信公司第34頁19.1項目風險分析及規(guī)避措施..................................................................................

27、...................9219.2項目的保密控制.....................................................................................................................9420天融信信息安全服務業(yè)務介紹天融信信息安全服務業(yè)務介紹.........................................

28、........................................................9520.1安全服務組織結構圖.............................................................................................................9520.2安全服務業(yè)務范圍..........................

29、.......................................................................................9621項目實施質量保證項目實施質量保證.................................................................................................................

30、....9821.1項目執(zhí)行人員的質量職責.....................................................................................................9821.2天融信安全服務質量保證體系嚴格貫徹以下過程.............................................................9822項目驗收方式

31、項目驗收方式...........................................................................................................................10122.1驗收方法確認..............................................................................

32、.........................................10222.2驗收程序...............................................................................................................................10322.3版本控制..............................

33、.................................................................................................10522.4交付件歸檔辦法.............................................................................................................