Powered by GitBook

使用Verinice操作資訊安全管理系統(ISMS)

Working with ISO 27001 model in verinice

接著是基本作業流程教學,此部分介紹於verinice之中,如何操作ISO 27001的model,主要步驟如下:

  1. 建立資產(Creating Assets)
  2. 控制措施建模(Modelling Controls)
  3. 建立關聯(Creating Relations)
  4. 插入文件(Inserting Documents)
  5. 要求建模(Modelling Requirements)
  6. 要求與控制措施之符合性(Comply Requirement with Controls)
  7. 建立更多關聯(Creating More Relatinos)

詳細步驟:

建立資產(Creating Assets)

  1. In the view "Information Security Model" you can create objects and object groups.
  2. The predefined categories for objects are displayed when you create a new root object (organization object).
  3. Click on "Add new organization" button which is located at the top right edge of the view. An organization object means a scope, a department or even the entire organization.
  4. Now create an asset group. To do this, click the right mouse button on the category "Assets". You will see a context menu from which you should choose to option "Add New Asset Group ... ".
  5. Now you have created a group object for assets. A group object corresponds to a folder of an operating system. This object can contain other asset objects or other asset group objects.
  6. You can build completely custom hierarchical object groups and objects so.
  7. Rename the newly created asset group by entering the title text "Client PC" appeared in the left window (editor view). Save by pressing the key combination Ctrl+S.
  8. Now create for the group "Client PC" an asset object by right-clicking and selecting "Add New Asset ...". Now an asset object is created and attached to the group object you created.
  9. The editor view for entering the data for the new asset appears automatically on the right site. Enter here some fictitious data and save it with the key combination Ctrl+S or by closing the view.
  10. On closing of unsaved view content you will be automatically asked if you want to save this.

控制措施建模(Modelling Controls)

  1. In the view "Information Security Model" you can create objects and object groups.
  2. The predefined categories for objects are displayed when you create a new root object (organization object).
  3. Click on "Add new organization" button which is located at the top right edge of the view. An organization object means a scope, a department or even the entire organization.
  4. Now create an asset group. To do this, click the right mouse button on the category "Assets".
  5. You will see a context menu from which you should choose to option "Add New Asset Group ... ".
  6. Now you have created a group object for assets. A group object corresponds to a folder of an operating system.
  7. This object can contain other asset objects or other asset group objects. You can build completely custom hierarchical object groups and objects so.
  8. Rename the newly created asset group by entering the title text "Client PC" appeared in the left window (editor view). Save by pressing the key combination Ctrl+S.
  9. Now create for the group "Client PC" an asset object by right-clicking and selecting "Add New Asset ...".
  10. Now an asset object is created and attached to the group object you created.
  11. The editor view for entering the data for the new asset appears automatically on the right site.
  12. Enter here some fictitious data and save it with the key combination Ctrl+S or by closing the view.
  13. On closing of unsaved view content you will be automatically asked if you want to save this.

建立關聯(Creating Relations)

  1. In the view "Information Security Model" you can create objects and object groups.
  2. The predefined categories for objects are displayed when you create a new root object (organization object).
  3. Click on "Add new organization" button which is located at the top right edge of the view.
  4. An organization object means a scope, a department or even the entire organization.
  5. Now create an asset group. To do this, click the right mouse button on the category "Assets".
  6. You will see a context menu from which you should choose to option "Add New Asset Group ... ".
  7. Now you have created a group object for assets. A group object corresponds to a folder of an operating system.
  8. This object can contain other asset objects or other asset group objects.
  9. You can build completely custom hierarchical object groups and objects so.
  10. Rename the newly created asset group by entering the title text "Client PC" appeared in the left window (editor view).
  11. Save by pressing the key combination Ctrl+S.
  12. Now create for the group "Client PC" an asset object by right-clicking and selecting "Add New Asset ...".
  13. Now an asset object is created and attached to the group object you created.
  14. The editor view for entering the data for the new asset appears automatically on the right site. Enter here some fictitious data and save it with the key combination Ctrl+S or by closing the view.
  15. On closing of unsaved view content you will be automatically asked if you want to save this.

插入文件(Inserting Documents)

  1. In the view "Information Security Model" you can create objects and object groups.
  2. The predefined categories for objects are displayed when you create a new root object (organization object).
  3. Click on "Add new organization" button which is located at the top right edge of the view.
  4. An organization object means a scope, a department or even the entire organization. Now create an asset group.
  5. To do this, click the right mouse button on the category "Assets".
  6. You will see a context menu from which you should choose to option "Add New Asset Group ... ". Now you have created a group object for assets.
  7. A group object corresponds to a folder of an operating system. This object can contain other asset objects or other asset group objects.
  8. You can build completely custom hierarchical object groups and objects so.
  9. Rename the newly created asset group by entering the title text "Client PC" appeared in the left window (editor view).
  10. Save by pressing the key combination Ctrl+S. Now create for the group "Client PC" an asset object by right-clicking and selecting "Add New Asset ...".
  11. Now an asset object is created and attached to the group object you created.
  12. The editor view for entering the data for the new asset appears automatically on the right site.
  13. Enter here some fictitious data and save it with the key combination Ctrl+S or by closing the view.
  14. On closing of unsaved view content you will be automatically asked if you want to save this.

要求建模(Modelling Requirements)

  1. In the view "Information Security Model" you can create objects and object groups.
  2. The predefined categories for objects are displayed when you create a new root object (organization object). Click on "Add new organization" button which is located at the top right edge of the view.
  3. An organization object means a scope, a department or even the entire organization.
  4. Now create an asset group. To do this, click the right mouse button on the category "Assets".
  5. You will see a context menu from which you should choose to option "Add New Asset Group ... ".
  6. Now you have created a group object for assets.
  7. A group object corresponds to a folder of an operating system.
  8. This object can contain other asset objects or other asset group objects.
  9. You can build completely custom hierarchical object groups and objects so.
  10. Rename the newly created asset group by entering the title text "Client PC" appeared in the left window (editor view).
  11. Save by pressing the key combination Ctrl+S.
  12. Now create for the group "Client PC" an asset object by right-clicking and selecting "Add New Asset ...".
  13. Now an asset object is created and attached to the group object you created.
  14. The editor view for entering the data for the new asset appears automatically on the right site.
  15. Enter here some fictitious data and save it with the key combination Ctrl+S or by closing the view.
  16. On closing of unsaved view content you will be automatically asked if you want to save this.

符合要求與控制措施(Comply Requirement with Controls)

  1. In the view "Information Security Model" you can create objects and object groups.
  2. The predefined categories for objects are displayed when you create a new root object (organization object).
  3. Click on "Add new organization" button which is located at the top right edge of the view.
  4. An organization object means a scope, a department or even the entire organization.
  5. Now create an asset group. To do this, click the right mouse button on the category "Assets".
  6. You will see a context menu from which you should choose to option "Add New Asset Group ... ".
  7. Now you have created a group object for assets.
  8. A group object corresponds to a folder of an operating system.
  9. This object can contain other asset objects or other asset group objects.
  10. You can build completely custom hierarchical object groups and objects so.
  11. Rename the newly created asset group by entering the title text "Client PC" appeared in the left window (editor view).
  12. Save by pressing the key combination Ctrl+S.
  13. Now create for the group "Client PC" an asset object by right-clicking and selecting "Add New Asset ...".
  14. Now an asset object is created and attached to the group object you created.
  15. The editor view for entering the data for the new asset appears automatically on the right site.
  16. Enter here some fictitious data and save it with the key combination Ctrl+S or by closing the view.
  17. On closing of unsaved view content you will be automatically asked if you want to save this.

建立更多關聯(Creating More Relatinos)

  1. In the view "Information Security Model" you can create objects and object groups.
  2. The predefined categories for objects are displayed when you create a new root object (organization object).
  3. Click on "Add new organization" button which is located at the top right edge of the view.
  4. An organization object means a scope, a department or even the entire organization.
  5. Now create an asset group. To do this, click the right mouse button on the category "Assets".
  6. You will see a context menu from which you should choose to option "Add New Asset Group ... ".
  7. Now you have created a group object for assets.
  8. A group object corresponds to a folder of an operating system.
  9. This object can contain other asset objects or other asset group objects.
  10. You can build completely custom hierarchical object groups and objects so.
  11. Rename the newly created asset group by entering the title text "Client PC" appeared in the left window (editor view).
  12. Save by pressing the key combination Ctrl+S.
  13. Now create for the group "Client PC" an asset object by right-clicking and selecting "Add New Asset ...".
  14. Now an asset object is created and attached to the group object you created.
  15. The editor view for entering the data for the new asset appears automatically on the right site.
  16. Enter here some fictitious data and save it with the key combination Ctrl+S or by closing the view.
  17. On closing of unsaved view content you will be automatically asked if you want to save this.