ChinaNetCloud Online Lecture: Fight Against External Attacks From Different L...ChinaNetCloud
Internet makes the world brand-new, but it also put the system safety in danger— security problems such as DDOS attacks, data theft, and BotNet always bothering IT operations teams. How can we defend ourselves from these types of attack? By implementing four layers of security protection: network, system, code, and operation maintenance.
On July 5, Wang Han, senior architect of ChinaNetCloud shared our view points about “How to resist external attacks” with dozens of audience through webinar.
ChinaNetCloud Online Lecture: Fight Against External Attacks From Different L...ChinaNetCloud
Internet makes the world brand-new, but it also put the system safety in danger— security problems such as DDOS attacks, data theft, and BotNet always bothering IT operations teams. How can we defend ourselves from these types of attack? By implementing four layers of security protection: network, system, code, and operation maintenance.
On July 5, Wang Han, senior architect of ChinaNetCloud shared our view points about “How to resist external attacks” with dozens of audience through webinar.
How Enterprises Leverage Data to Overcome Business Challenges During CoronavirusDenodo
Watch full webinar here: https://bit.ly/2Jgb1uc
Coronavirus is spreading all over the world and has big impact on all the industries. How to acquire latest virus information from different countries and regions in real time to help organizations strategically plan and take actions accordingly and timely becomes very important.
Attend this webinar to learn:
- How business department acquires trustworthy data, gain deeper insights and fasten decision making
- How IT easily supports dynamic business requirements in real time
How Enterprises Leverage Data to Overcome Business Challenges During CoronavirusDenodo
Watch full webinar here: https://bit.ly/2Jgb1uc
Coronavirus is spreading all over the world and has big impact on all the industries. How to acquire latest virus information from different countries and regions in real time to help organizations strategically plan and take actions accordingly and timely becomes very important.
Attend this webinar to learn:
- How business department acquires trustworthy data, gain deeper insights and fasten decision making
- How IT easily supports dynamic business requirements in real time
16. 16
p 雲端安全聯盟 (CSA, Cloud Security Alliance) 致力於在
雲端運算環境下提供最佳的安全方案 (2009成立)
•目前全球超過42,000個獨立會員,200家企業會員,64個分會。
•提供用戶和供應商對雲端運算必要的安全需求與資安認知。
•促進對雲端運算安全最佳做法的獨立研究 。
p STAR = Security, Trust & Assurance Registry
p 由雲端安全聯盟CSA(Cloud Security Alliance)和英國標準協會BSI (The British
Standards Institution)共同推出
p STAR符合開放式認證框架(Open Certification Framework, OCF),依成熟度分為
三個層級,金、銀、銅,是一個國際標準等級的認證。
p 符合全球常見的資安標準或框架- ISO27001、PCIDSS、HIPPA等。
p 由STAR認證,雲端服務供應商將有能力證明,自身的雲端安全控制措施已依照新
STAR認證成熟度模型被獨立評鑑,合理的贏得客戶信賴。
雲端資安認證機制(1/2)
18. 18
雲端服務安全管理特色
-實體安全
ü 建立STAR管理政策規範
ü 鑑別雲端資安內外部議題
及利害關係人之期望
ü 風險評鑑機制
ü 鑑別法令法規標準之要求
ü 高階支持及資源投入
ü 教育訓練
ü 定期會議討論
ü 實施STAR雲端安
全制度
ü 自動化工具輔助
ü 實體安全強化機制
ü 資安防禦縱深
ü 即時監控與分析異
常及事件處理
ü 定期內外部稽核與技術性
檢查(弱點掃瞄/滲透測試)
ü 有效性資安指標量測
ü 識別高風險項目
ü 管理階層審查,確認各項
改進均已識別
ü 查核主要供應商
ü 採取矯正措施
ü 利害相關人就各項措
施與改進進行溝通
(如:客戶、合作廠商)
ü 識別雲端安全風險各
項改進之有效