資訊安全與資料隱私保護 - page 3

Date:
20/03/1519/03/15
EuroCloud Europe a.s.b.l.
Version 3.0 Rev 10
EuroCloud Star Audit Certificate
No.
項次
I - Control Topic
控制主題
II - Control Scope
控制範疇
III - Control Question
控制題項
Star Rating
Audit Goal
驗證目標
維運同仁是否接受存取個資及資料隱私相關政策之
訓練
?
A -
提供專屬訓練且有認證
B -
有相關政策且經每位人員確認
C -
在人資合約中有提及相關政策
A03-S01-C02-Q01
Preventive Measures
防範措施
Are regular security checks or penetration tests carried
out?
是否定期進行資安檢查或滲透測試?
**** (A;B),
*** ( C)
Proactive security monitoring and verification of procedures
主動式資安監控及驗證程序
A03-S01-C02-Q02
Are regular emergency drills carried out and docu-
mented?
是否定期舉辦緊急演練並將過程文件化?
***** (A),
**** (B)
Show capabilities to deal with emergency situations and to reduce
risk and length of service interruption
顯示可處置緊急狀況的能力,降低風險及服務中斷的時間
A03-S01-C02-Q03
Is
the entitlement and authorization process for new
customers appropriate?
對於新客戶的法律授權及存取授權之管制流程是否
適當?
**** (A)
*** (B)
Protect other customers from being affected by suspicious or
anonymous users (cyber and crime threats)
保護其他客戶不受可疑的或匿名的用戶影響(網路及犯罪威
脅)
A03-S01-C02-Q04
Are the current security procedures appropriate to com-
mon requirements for web and application security with
respect to the chosen technology?
現行資訊安全程序是否足夠因應與選用的資訊技術
有關之網路及應用系統安全之要求?
****
A03-S02-C01-Q01 Technical Security
技術性資訊安全
Cyber Security
網路安全
Does a firewall system protect the infrastructure ac-
cording to the current level of technology?
根據現有之科技水準,防火牆系統能否防護基礎設
施?
***
Evidence of base line protection
提供可達基礎保護之證據(可達保護要求之底線)
A03-S02-C01-Q02
Is the system protected from DoS and DDoS attacks
from the Internet?
系統能否防止來自互聯網的
DoS
阻斷服務
(Denial of
Service)
DDoS (Distributed Denial of Service)
分散式
阻斷服務的攻擊?
****
Evidence of base line protection
提供可達基礎保護之證據(可達保護要求之底線)
A03-S02-C01-Q03
Is the service access secured either by Virtual Private
Network (VPN) or Virtual Private Cloud (VPC) access?
Show isolation level of connected users for highly sensitive areas
(e.g. medical patient data)
1,2 4,5,6
Powered by FlippingBook