资安事件处理作业办法.pdf-淘文阁

资源描述

《资安事件处理作业办法.pdf》由会员分享，可在线阅读，更多相关《资安事件处理作业办法.pdf（9页珍藏版）》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。

1、Revision HistoryProcedure:Title:Treating Method of the Info-Security Affairs|资安事件虞理作渠辨法 Rev:Rev.ECN Date Originator ReasonA 2006/6/22 Yoyo Yuan Initial ReleaseIssue stamp DateTRADE SECRETS,CONFIDENTIAL INFORMATION,PROP RI ETA R Y INFORMA TION NOTICE and COPYRIGHTThe Copyright in this docume

2、nt is vested in Altus Technology Inc.The document may not be reproduced in whole or in part,orstored in a retrieval system,or transmitted in any form or by any means electronic mechanical,photocopying or otherwise,without the prior written per-mission of Altus Technology Inc.This document or its con

3、tents,cither in whole or in part,must notbe communicated to the press or any person not authorized to receive it.The data shall not be duplicated used,or disclosed inwhole or in part for any purpose other than to evaluate the contents.This restriction does not limit the right of the recipient to use

4、information contained in this data for its review and use for its intended purpose.The data subject to this restriction is containedin pages of this document marked Altus Proprietary Data”ContentsProcedure:.1Title:.1Rev:.1A.1Contents.2Treating Method of the Info-Security Affairs.31.()Purpose 目的.32.

5、0 Scope 遹用 SB圉.33.0 Role and Responsibility 角色舆躺.34.0 Emergency work flow chart of Info-Security Affairs 资安事件鹰燮作渠流程 I.55.0 Reporting of Info-Security Affairs 通辍作渠.56.0 Disposition of Info-Security Affairs J 理作 I t.67.0 Improving of Info-Security Affairs 改善作 IS.78.0 Audil 稽核.79.0

6、Encourage for Disclosure 聚辍奖 W).710.0 Input and Export 输入输出.811.0 Appendices and Attachments 附件.9Treating Method of the Info-Securitv Affairs1.0 Purpose 目的 Standardize the handling mechanism of the Info-Security affairs,improvethe treatment quality of the incident.The relevant affairs of maki

7、ng the Info-Security affairs notify,dealing with,improving,auditting etc.are accordedwith to some extent.规范安全事件虞置檄制，提升事件的虑理品,使安全事件通辍、虑理、改善、稽核等相事矜有所依援。2.0 Scope 逋用靶 0B2.1 This treating method applies to Foxconn Electronics Inc.Info-Security affairscontingency to dis

8、position.本作渠辨法遹用於富士康科技集困瓷安全事件燮霓置作渠。3.0 Role and Responsibihty 角色卿 3.1 The table of role and responsibility角色典殿责一霓表 Department部 F ERole角色 Responsibility资安管理部资安主管 a 容核资安事件虞理音 I制 b 封资安案件分级判断 c 建置资安措施，轨行资安盛控 d 指峥资安虑理言懵 ij孰行 e 依

9、音 r上级指蜉修 IT虑理音副 f 管控是否需要癌作军位支援紧急 Jfi箜虑理小 a规副危械虞理言副程式 b 愤助事件彝生单位查明安全事件原因 c 行聚急 K K燮措施 d 段行资安稽核 e 愤助事赞军位轨行改善作渠 f 撰瘾结案辍告前 its人具 a 事件受理、通辍 b根撼客服系统做遇程跟粽 c 整理资安件结案文槽聚辍者 a 自向资安管理卿幸艮资安事件 b必要畤暹行

10、指 IS愤作单位事件凌生单位 a及畤通辍事件 b 主醇系且建事件虑理小事件虑理小乐且 a制 ff虑理、改善辞 0 十副；b轨行副副加提出事件虞理辍告；Department部 F号 Role角色 Responsibility愤作军位集圄安全委员傅 a接受资安事件通辍，制订）8 理副：b指醇、寄核虑理小之作渠；c指醇危械防演资安事件愿急事家系且 a虑理重大资安事件 b 穗紧急 IS燮虑理小事件

11、虑理小安全技雨 c除集困安全策略提出建和意兄 CIO 资安事件主任委员 a下连重大资安事件虑理指示 b封重大资安事件虑理部副骞核 c改勒炎辘徨原械制 3.2 Affairs Disposition Group事件虞理小 3.2.1 Can be units leading factor happen by the incident and set up in AffairsDisposition Group,the incident happens u n it,incide

12、nt relevant u n it,Info-Security Management(in case of necessity)transfer manpower to make up,may include the professional service provider of outside.事件虑理小系且可由事件彝生里位主蹲系且建,事件彝生军位、事件相位、资安管理部(必要畤)抽人力系且成，可能包括外部事棠服矜提供商；3.2.2 Affairs Disposition Group sho

13、uld work under the guidance of Info-SecurityCommittee,Local Information Department Manager and AdministrativeExecutive,and report to them.事件虑理小组愿在资安委具曾、本部咒主管、行政主管指簿下工作加且向资安事件虞理委员曾、本部力瓷 an主管、行政主管甄告；3.3 Info-Security Committee of the Group集资安委员曾 3.3.1

14、Info-Security Committee of the Group is organized by Cenfral InformationDepartment Manager,Group Information Department Manager and seniorinformation technical staff.集 IB资安委员曾乃召集性系且微，成员由各事棠群/中央周遏军位主管、资深技徐亍人员系且成；3.3.2 Advisor group members is organized by senior admin

15、istrative executive,ITManager,technical staff or senior personages of outside manufacturer,professional service organization.I I成员可由集凰内部资深行政主管、n主管技循:人具或者外部商、惠棠服矜檄情的资深人士搪任；3.3.3 If Info-Security Affairs is happened,according to incident nature,involve theprofessional

16、 field,deal with the committee to transfer relevant personnel fromthe incident,instruct Info-Security Affairs Disposition Group promotes oneswork.如遇资安事件赞生，即根獴事件性、涉及事渠领域，优事件虑理委员曾抽相人 R，指醇资安事件虞理小 91!展工作；4.0 Emergency work flow chart of Info-Security Affairs资安事件 J

17、S燮作渠流程 IB虑理重大资安事件今聚急雁燮虑理小系且、事件虞理小安全技钵亍“封集廛!安全策略提出建和意冕 5.0 Reporting of Info-Security Affairs 通辍作 H5.1 Hot Line&E-mail for Info-Security Affairs notify(report).资安事件通辍信箱。5.1.1 Hot Line for Info-Security Affairs notify(report):560-102,nder the care ofPr

18、oduct Dynamic Solution Services Info-Security Management.集困言殳置资安事件通甄(W):560-102，由工管资资安管理部负责；5.1.2 Can also notify(report)to Info-Security Management through the E-mail:INFOSEC/CEN/FOXCONN or PDSSS.亦可透谩甯子酬件向瓷安部通幸艮(W)：INFOSEC/CEN/FOXCONN 或 PDSSS。5.2 Log of Aviso通辍 5.

19、2.1 In case of Info-Security Affairs happens,should report to Info-SecurityManagement in ten minutes.如遇资安事件彝生，鹰在十分内甄告资安管理部：5.2.2 Group staff are obligated to report Info-Security Affairs to Info-SecurityManagement.集困员工有羲矜向资安管理部聚辍资安事件；5.2.3 Info-Security Management

20、 receives the notification(reporting),must remindthe persons who notify and keep the secret,dont tell to others again.资安管理部接到通甄(W)须提醒通甄者矜必保守秘密，勿再向他人述；5.2.4 Not accepting and reporting anonymously,the persons who demand toreport tell Info-Security Management true name,office,c

21、ontact way,etc.Info-Security Management must be kept secret for persons who report.不接受匿名聚辍，要求聚辍者告知资安管理部真姓名、工作里位、聊彳系方式等。W安管理部须焉聚甄者保密；5.2.5 Info-Security Affairs serial number rule:Year-month-serial number(example:2006-01-X X);Info-Security file serial number obse

22、rves FileCoding Process Guide Line of Product Dynamic Solution Services Info-Security Management资安事件褊虢规 K J:年份-月份-流水虢(例：2006-01-X X)；瓷安文槽褊虢遵守工管资安管理部文件编碣作渠型刖；5.2.6 Info-Security Management writes down the notification of every one Info-Security Affairs(including report

23、ing),and deal with Info-Security Affairs incoordination with the u n it,Info-Security Committee of the Group happens inthe incident after being notified.资安管理部 1己每一件资安事件之通辍(含聚辍)，她在得到通辍彳爰癌同事件赞生罩位、集资安事件虞理委员曾虑理资安事件；5.2.7 If it is not Info-Security Affairs,mu

24、st tell the persons who notify propercircular targets,for example:The public safe incident notifies central Ministryof State Security.若不腐於资安事件,须告知通率艮者遹常的通甄封象,例如：公共安全事件通率艮中央安全部。6.0 Disposition of Info-Security Affairs JS理作棠 6.1 The illustration of dispositionj 虚理

25、作蕖脱明 6.1.1 Info-Security Management,after receiving taking place on the notification/reporting of Info-Security Affairs,must note down the incident to departmentsexecutive transmits submit Info-Security Committee of the Group.资安管理部在接到樊生资安事件的通辍/聚辍接,须揩事件系己系监部 F 4主管辅呈集

26、度 I资安事件虞理委员曾；6.1.2 Info-Security Committee of the Group is notified the unit happens in theincident,the leading factor makes up Affairs Disposition Group.集凰资安事件虑理委具曾通知事件赞生军位，主簿系且成事件虞理小系且；6.1.3 Info-Security Management is helped or must participate in Affairs Disp

27、ositionGroup and deal with the incident of information safety.资安管理部癌助或视必要参典事件虞理小系且虑理资安事件；6.1.4 Info-Security Affairs Disposition Group proposes dealing with the scheme inincident under the guidance of committee,and carry out this scheme.资安事件虞理小系且在委员曾指厚下提出事

28、件虑理方案，或且轨行方案；6.1.5 Info-Security Affairs Disposition Group should deal with to Info-SecurityCommittee,our unit report incident punish progress at any time.资安事件虞理小系且愿随日寺向资安事件虞理委具曾、本里位麋辍事件虞理迤展。7.0 Improving of Info-Security Affairs 改善作 It7.1 Plan and Proposal

29、 of Improving改善及建 7.1.1 The info-security affairs is dealt with later stage or after finishing,theincident should summarize the unit,look for the holes of the info-security,propose improving the scheme and improving the plan.资安事件虞理彳发期或完以彳爰,事件赞生军位愿谨行系吉，尊找资安漏洞,提出改善方

30、案及改善壹 I；7.1.2 Info-Security Management helps the incident to offer the suggestion ofimproving on the basis of summarizing the incident result.资安管理部愤助事件赞生罩位在事件虞理结果基磁上提出改善建 7.2 Improving of Info-Security Affairs改善作渠 7.2.1 The incident takes charge of implementing the

31、unit.事件赞生军位:f t 施。、8.0 Audit 稽核 8.1 Info-Security Management is responsible for carrying out and audits and deals withthe committee and offers and audits reporting to info-security affairs to the thing thatthe improvement homework of the unit happens in the incident.资安管理部负责轨行封事件赞生

32、里位的改善作蕖迤行稽核 36向资安事件虞理委员畲提供稽核幸员告。8.2 The contents of improving and auditing,make reference to“Treating Method ofthe Info-Security Affairs”.於改善作案及稽核，具飕见资安事件虞理作渠辨法。9.0 Encourage for Disclosure 聚辍物 ft9.1 The group encourages the employee to put forward to

33、Department of Info-Security Management reporting after finding the info-security affairs.集 IB鼓励景工赞 51资安事件彳爰向资安管理部提出聚辍；9.2 The moment the disclosure being affirmed,prosecutor will be properly rewarded.S W S S，酹予以聚辍人逾富的物及精神堤励。9.3 Detailed reward procedure will be drawn

34、 up by Department of Human ResourceManagement,assisted by Department of Info-Security Management,referring toUlnfo-security Disclosure and Reward Procedure”.聚幸典魁勤具艘作棠辨法由资安管理部曲助中央人资另掇，具鹘足资安事件聚辍及樊勘作棠辨法。10.0 Input and Export 输入输出 10.1 Input 输入 Name瓷料名耦 Desc

35、ription描述 Remark资安事件亵生之通辍通辍资安事件（事件赞生畤 3、遇、影辔情 1 兄）可能卷口述或甯子酬件描述 10.2 Export 输出 Name瓷料名耦 Description描述 RemarkW ii安全事件通辍受理后已表由资安管理部言己由事件彝生单位通告或者员工聚幸&的资安事件由资安管理部言己虑理小人员名军 I1由事件樊生军位、资服矜罩位、外部摩商及寡渠服矜

36、里位的相 II人员以及外聘事家/S 3冏人员成，可以事案架情形式。事件彝生里位、事件虑理小幺 F I上辍，资安管理部硅定整理。安全事件虞理制善由资安管理部事人负责封相安事件暹行制制起草，加根撅事件的殿重程度暹行分分级，制定出可以幸人行的虞理言十副资安管理部完成安全事件虞理幸艮告善提出事件彝生、虑理遇程及虑理结果、改善言 f剧等辞黜辍告事件赞生甲.位、事件虞理小完成11.0 Appendices and Attachments 附件 11.1 Altus安全事件通幸需己表 11.2 Altus安全事件虞理 11.3 Altus资安事件人事樊慧言己表

展开阅读全文