1 41
100%
Actual Size
Fit Width
Fit Height
Fit Page
Automatic
<< 會計資訊系統課程講義 >> 企業資訊系統風險與控制 ~ 電腦舞弊、 COSO 、 COBIT 及 PKI 架構探討 ~ 周國華 國立屏東大學會計學系 初版: 2007/12/10 本次修正: 2021/04/11
SystemRiskControl 20210411.ppt [相容模式]
Upload
others
View
15
Download
0
Embed Size (px)
344 x 292
429 x 357
514 x 422
599 x 487
Citation preview
Microsoft PowerPoint - SystemRiskControl_20210411.ppt [] 3 25
4 RACI 26 5~6 IT 27
7 IT 28
CERT/CC CSIRT 8~9 29
10 COBIT 30 11 31
12~14 32
15~16 COBIT 33
17 34
ERM 20 PKI 36
COBIT 21 37
COBIT 22 38
COBIT 23 39
COBIT 24 40~41
•
•
3
SARS
– (industry risk)
– (enterprise risk)
– (business process risk)( )
– (information process risk)
4
• Romney and Steinbart (AIS, 2017) – (botnet, bot herders),
(zombies) – (denial-of-service attack) – (eavesdropping) –
(hacking) – (hijacking) – (identity theft) – (key logger)
5
6
update)
–
•
– R. T. Morris19891986 MIT[]
• CERT – (TWCERT/CC)
First.orgCERT
8
CSIRT • CERT/CC
• CSIRTFirst.org10
Computer Security Incident Response Team) – (TWNCERT) – (CCCSIRT) –
(ICRD-CSIRT) – (Onward Security) – (QNAP PSIRT)PSIRTP
– (Synology PSIRT) – (TWCERT/CC)
9
– (detective control)
– (corrective control)
10
11
) – 48
– Foreign Corrupt Practices Act (1977)
– Statements of Auditing Standards (SAS) No. 78 & 94 –
Sarbanes-Oxley Act (2002, SOX)
– Dodd-Frank Act (2011, Dodd-Frank Wall Street Reform and Consumer
Protection Act)2008
3-1
• 7
12
3-2
13
3-3
14
17
COSO 2-1
(risk assessment)
18
COSO 2-2
(information and communication)
(monitoring)
19
• COSO (ERM, 2004) 48 4
COSO 1992
COBIT • ISACA1996COBIT(Control Objectives for Information and
related Technology)IT (ITGI)1998 ITGI – COBIT 4.1 (2007)COBIT 5
(2012
) COBIT 5COBIT 4.1Val IT 2.0Risk IT COBIT 2019
COBIT 4.1
• COBIT IT
22
– PO1.2IT
– PO1.3
– PO1.4IT
– PO1.5IT
– PO1.6IT
24
– PC2
– PC5IT
– PC6
25
RACI • COBITRACI
– IT (application control) IT ()
– IT ITITIT (general control)
•
– AC2
IT(0)(5)
0 1 2 3 4 5
32
• AIS
34
• (public key infrastructure, PKI)(digital signature)
35
• 2002/4/1PKI
–
–
–
–
–
36
text)
– (public key) (private key) SSL(Chrome )
37
•
•
– () …CA
– CA
39
ISACA
– CISM (certified information security manager) ISACA
• (AICPA) – WebTrustCA
– CFE( ) 125
• (certified internal auditor, CIA) – (IIA)
– CIA(125)(100 )(100)41
LOAD MORE