Embedded Files
Introduction to Information Security Management 24
1/20: 成績已公布於作業繳交系統中。最終送交教務處分數為標記 “24-SECMGMT-UNI” 的欄位。如有問題請於本週四 (1/23) 下午五點下班前寫信給老師或是 TA,逾時將無法修改成績。
從理論與實務面介紹資通訊網路安全等的相關潛在威脅與預防手法 ,讓學生能從各個層面瞭解資安風險 ,提升資安相關意識與資安基本素養 。
D01. 安全與風險管理 (Security and Risk Management)
D02. 資產安全 (Asset Security)
D03. 安全架構與工程設計 (Security Architecture and Engineering)
D04. 通訊與網路安全 (Communication and Network Security)
D05. 身份識別訪問管理 (Identity and Access Management, IAM)
D06. 安全評估與測試 (Security Assessment and Testing)
D07. 安全營運 (Security Operations)
D08. 軟體開發安全 (Software Development Security)
資訊安全相關架構與法規介紹
This course will equip you with the fundamental knowledge and practices needed to manage information security within an organization.
Why Information Security Management Matters?
In today's digital age, information is a critical asset for organizations. Our dependence on interconnected systems and data makes us vulnerable to cyberattacks that can disrupt operations, steal sensitive information, or cause financial loss. Information security management is the process of implementing and maintaining controls to protect information assets from unauthorized access, use, disclosure, disruption, modification, or destruction.
What We'll Cover in this Course:
We will follow a roadmap for information security. Throughout this course, we'll delve into the eight domains, including:
Security and Risk Management: We'll explore concepts like risk assessment, threat analysis, and security policies.
Asset Security: Learn how to identify, classify, and protect valuable information assets.
Security Architecture and Engineering: Gain insights into secure network design, system hardening, and data encryption.
Communication and Network Security: Understand network security controls like firewalls, intrusion detection systems, and secure protocols.
Identity and Access Management (IAM): Explore methods for user authentication, authorization, and access control.
Security Assessment and Testing: Learn about vulnerability assessments, penetration testing, and security audits.
Security Operations: Discover best practices for incident response, security event management, and disaster recovery.
Software Development Security: Examine secure coding practices and software development lifecycle security.
Security Framework, Standard, Law and Regulation.
從理論與實務面介紹資通訊網路安全等的相關潛在威脅與預防手法 ,讓學生能從各個層面瞭解資安風險 ,提升資安相關意識與資安基本素養 。
D01. 安全與風險管理 (Security and Risk Management)
D02. 資產安全 (Asset Security)
D03. 安全架構與工程設計 (Security Architecture and Engineering)
D04. 通訊與網路安全 (Communication and Network Security)
D05. 身份識別訪問管理 (Identity and Access Management, IAM)
D06. 安全評估與測試 (Security Assessment and Testing)
D07. 安全營運 (Security Operations)
D08. 軟體開發安全 (Software Development Security)
資訊安全相關架構與法規介紹
This course will equip you with the fundamental knowledge and practices needed to manage information security within an organization.
Why Information Security Management Matters?
In today's digital age, information is a critical asset for organizations. Our dependence on interconnected systems and data makes us vulnerable to cyberattacks that can disrupt operations, steal sensitive information, or cause financial loss. Information security management is the process of implementing and maintaining controls to protect information assets from unauthorized access, use, disclosure, disruption, modification, or destruction.
What We'll Cover in this Course:
We will follow a roadmap for information security. Throughout this course, we'll delve into the eight domains, including:
Security and Risk Management: We'll explore concepts like risk assessment, threat analysis, and security policies.
Asset Security: Learn how to identify, classify, and protect valuable information assets.
Security Architecture and Engineering: Gain insights into secure network design, system hardening, and data encryption.
Communication and Network Security: Understand network security controls like firewalls, intrusion detection systems, and secure protocols.
Identity and Access Management (IAM): Explore methods for user authentication, authorization, and access control.
Security Assessment and Testing: Learn about vulnerability assessments, penetration testing, and security audits.
Security Operations: Discover best practices for incident response, security event management, and disaster recovery.
Software Development Security: Examine secure coding practices and software development lifecycle security.
Security Framework, Standard, Law and Regulation.
Class Info
Class Info
資通安全管理概論 (通識)
Instructor: Prof. Shun-Wen Hsiao, NCCU MIS Dept., hsiaom at nccu.edu.tw
Lecture (046007001): Friday 56 (14:10 ~ 16:00) @ Classroom 資訊 140305 商館 260106
TA: {113356023, 113356024, 113356045} at g.nccu.edu.tw; Miss Chien (簡), Mr. Chen (陳), Miss Chang (張)
Office Hours: By appointment only.
Homework System: http://hsiaom.nccu.edu.tw:8888/
Announcement (Fall 2024)
Announcement (Fall 2024)
--/--: 本課程修課名單排除已修習資訊安全域專業課程學生。
09/01:
本課程第一週 09/13 為準備週,不上正課,影片解釋課堂規定、作業、考試、期末報告。
本課程第二週 09/20 為加簽暨退課日,需要紙本加簽或退課的同學,請至課堂。
09/05:
本課程第一週 09/13 為準備週,不上正課。同學可以自行決定到授課教室觀看課堂的說明影片或由此連結觀看影片 https://youtu.be/ZrxjwpoUbYQ。當天會有助教在場。
本課程第二週 09/20 正式上課,請所有同學至課堂上課,本週開始點名(點名是期末成績項目之一)。
09/09:
教室異動:商館 260106
09/24:
09/27 將實施第一次點名,請到教室操作點名系統與作業繳交系統。
09/27:
Homework Submission System: http://hsiaom.nccu.edu.tw:8888/
10/11:
作業一已公布,作業繳交截止日期為 2024/10/18 23:59:59. 請依上述作業繳交系統網址依照帳號以及密碼繳交。
11/01:
因颱風緣故,商院停電無法上課,因此11/1之課程暫停上課。
本日點名將自動設定為所有同學到場,勿至商院。請同學注意出入安全。
11/15:
作業二將於 11/1518 公布,繳交期限為 11/29。共有十題,請在作業系統上作答。
12/13:
12/20 暫停上課一次。
12/27 (五) 請至課堂參與期末討論
1/20:
成績已公布於作業繳交系統中。最終送交教務處分數為標記 “24-SECMGMT-UNI” 的欄位。如有問題請於本週四 (1/23) 下午五點下班前寫信給老師或是 TA,逾時將無法修改成績。
Course Objectives & Learning Outcomes
Course Objectives & Learning Outcomes
培養學生基本資訊安全素養概念
瞭解資訊安全之威脅以及相關防禦手法與技術
瞭解資訊安全相關政策與規範
瞭解國內外資訊安全與隱私保護相關法律
By the end of this course, you will be able to:
Discuss the importance of information security management.
Apply the security framework to understand different security domains.
Identify and implement essential security controls.
Develop strategies for mitigating information security risks.
This course is designed to be a valuable resource for anyone interested in information security, from IT professionals to business managers. Whether you're aiming to pursue a certification or simply want to improve your organization's security posture, this course will equip you with the knowledge and skills you need.
Schedule (Fall 2024)
Schedule (Fall 2024)
09/13: (+1) 安全與風險管理
第一週為準備週,提供課程相關資料。
09/20: 安全與風險管理
資通安全管理基本概念介紹
紙本加簽暨退課
09/27: 安全與風險管理
資通安全管理基本概念介紹
10/04: 資產安全
持續運作與災難復原
10/11: 資產安全
資料防護與備份、異地備援
作業一:資訊安全管理
10/18: 安全架構與工程設計
加解密演算法,雜湊,簽章
10/25: 安全架構與工程設計
加解密演算法,對稱與非對稱加密
11/01: 通訊與網路安全
網路架構,OWASP Top 10 攻擊
11/08: 通訊與網路安全
防火牆,DMZ,VPN,IDS,常見攻擊手法(社交工程,釣魚,勒索)
作業二:資訊安全技術 (因颱風緣故延後一週發布)
11/15: 身份識別訪問管理
授權,認證,稽核,存取控制
11/22: 安全評估與測試
滲透測試,工具,安全評估,成本規劃,誤判與漏判
11/29: 安全營運
安全資訊和事件管理,資安事件與回應,安全系統,災難復原
作業三:資訊安全營運
12/06: 期中考試
12/13: 資通安全管理國際規範
12/20: 政府機關安全相關法令
暫停上課一次
12/27: 期末報告
01/03: 期末報告
01/10: (+1) 新興科技 (本週不上課,內容已於課堂講授完畢)
區塊鏈安全與人工智能安全
Class Note (Fall 2024)
Class Note (Fall 2024)
D05. 身份識別訪問管理 (Identity and Access Management, IAM)
D06. 安全評估與測試 (Security Assessment and Testing)
D07. 安全營運 (Security Operations)
D08. 軟體開發安全 (Software Development Security)
Appendix D. Security-Related Acts in Taiwan
資通安全管理國際規範,政府機關安全相關法令
Grading Policy
Grading Policy
Participation (24%)
One participation worth 2 points.
Homework (30%)
Final Presentation (20%)
TA/Lecturer grading
Midterm (26%)
Score, Grade, GPA
100~90: A+, 4.3
89~85: A, 4.0
84~80: A-, 3.7
79~77: B+, 3.3
76~73: B. 3.0
72~70: B-, 2.7
69~67: C+, 2.3
66~63: C, 2.0
62~60: C-, 1.7
59~57: D+, 1.3
56~53: D, 1.0
52~50: D-, 0.7
49~0: F, 0.0
Homework
Homework
Google Sites
Report abuse