Working with ISO 27001 model in verinice
接著是基本作業流程教學,此部分介紹於verinice之中,如何操作ISO 27001的model,主要步驟如下:
- 建立資產(Creating Assets)
- 控制措施建模(Modelling Controls)
- 建立關聯(Creating Relations)
- 插入文件(Inserting Documents)
- 要求建模(Modelling Requirements)
- 要求與控制措施之符合性(Comply Requirement with Controls)
- 建立更多關聯(Creating More Relatinos)
詳細步驟:
建立資產(Creating Assets)
- In the view "Information Security Model" you can create objects and object groups.
- The predefined categories for objects are displayed when you create a new root object (organization object).
- Click on "Add new organization" button which is located at the top right edge of the view. An organization object means a scope, a department or even the entire organization.
- Now create an asset group. To do this, click the right mouse button on the category "Assets". You will see a context menu from which you should choose to option "Add New Asset Group ... ".
- Now you have created a group object for assets. A group object corresponds to a folder of an operating system. This object can contain other asset objects or other asset group objects.
- You can build completely custom hierarchical object groups and objects so.
- Rename the newly created asset group by entering the title text "Client PC" appeared in the left window (editor view). Save by pressing the key combination Ctrl+S.
- Now create for the group "Client PC" an asset object by right-clicking and selecting "Add New Asset ...".
Now an asset object is created and attached to the group object you created.
- The editor view for entering the data for the new asset appears automatically on the right site. Enter here some fictitious data and save it with the key combination Ctrl+S or by closing the view.
- On closing of unsaved view content you will be automatically asked if you want to save this.
控制措施建模(Modelling Controls)
- In the view "Information Security Model" you can create objects and object groups.
- The predefined categories for objects are displayed when you create a new root object (organization object).
- Click on "Add new organization" button which is located at the top right edge of the view. An organization object means a scope, a department or even the entire organization.
- Now create an asset group. To do this, click the right mouse button on the category "Assets".
- You will see a context menu from which you should choose to option "Add New Asset Group ... ".
- Now you have created a group object for assets. A group object corresponds to a folder of an operating system.
- This object can contain other asset objects or other asset group objects. You can build completely custom hierarchical object groups and objects so.
- Rename the newly created asset group by entering the title text "Client PC" appeared in the left window (editor view). Save by pressing the key combination Ctrl+S.
- Now create for the group "Client PC" an asset object by right-clicking and selecting "Add New Asset ...".
- Now an asset object is created and attached to the group object you created.
- The editor view for entering the data for the new asset appears automatically on the right site.
- Enter here some fictitious data and save it with the key combination Ctrl+S or by closing the view.
- On closing of unsaved view content you will be automatically asked if you want to save this.
建立關聯(Creating Relations)
- In the view "Information Security Model" you can create objects and object groups.
- The predefined categories for objects are displayed when you create a new root object (organization object).
- Click on "Add new organization" button which is located at the top right edge of the view.
- An organization object means a scope, a department or even the entire organization.
- Now create an asset group. To do this, click the right mouse button on the category "Assets".
- You will see a context menu from which you should choose to option "Add New Asset Group ... ".
- Now you have created a group object for assets. A group object corresponds to a folder of an operating system.
- This object can contain other asset objects or other asset group objects.
- You can build completely custom hierarchical object groups and objects so.
- Rename the newly created asset group by entering the title text "Client PC" appeared in the left window (editor view).
- Save by pressing the key combination Ctrl+S.
- Now create for the group "Client PC" an asset object by right-clicking and selecting "Add New Asset ...".
- Now an asset object is created and attached to the group object you created.
- The editor view for entering the data for the new asset appears automatically on the right site. Enter here some fictitious data and save it with the key combination Ctrl+S or by closing the view.
- On closing of unsaved view content you will be automatically asked if you want to save this.
插入文件(Inserting Documents)
- In the view "Information Security Model" you can create objects and object groups.
- The predefined categories for objects are displayed when you create a new root object (organization object).
- Click on "Add new organization" button which is located at the top right edge of the view.
- An organization object means a scope, a department or even the entire organization. Now create an asset group.
- To do this, click the right mouse button on the category "Assets".
- You will see a context menu from which you should choose to option "Add New Asset Group ... ". Now you have created a group object for assets.
- A group object corresponds to a folder of an operating system. This object can contain other asset objects or other asset group objects.
- You can build completely custom hierarchical object groups and objects so.
- Rename the newly created asset group by entering the title text "Client PC" appeared in the left window (editor view).
- Save by pressing the key combination Ctrl+S. Now create for the group "Client PC" an asset object by right-clicking and selecting "Add New Asset ...".
- Now an asset object is created and attached to the group object you created.
- The editor view for entering the data for the new asset appears automatically on the right site.
- Enter here some fictitious data and save it with the key combination Ctrl+S or by closing the view.
- On closing of unsaved view content you will be automatically asked if you want to save this.
要求建模(Modelling Requirements)
- In the view "Information Security Model" you can create objects and object groups.
- The predefined categories for objects are displayed when you create a new root object (organization object). Click on "Add new organization" button which is located at the top right edge of the view.
- An organization object means a scope, a department or even the entire organization.
- Now create an asset group. To do this, click the right mouse button on the category "Assets".
- You will see a context menu from which you should choose to option "Add New Asset Group ... ".
- Now you have created a group object for assets.
- A group object corresponds to a folder of an operating system.
- This object can contain other asset objects or other asset group objects.
- You can build completely custom hierarchical object groups and objects so.
- Rename the newly created asset group by entering the title text "Client PC" appeared in the left window (editor view).
- Save by pressing the key combination Ctrl+S.
- Now create for the group "Client PC" an asset object by right-clicking and selecting "Add New Asset ...".
- Now an asset object is created and attached to the group object you created.
- The editor view for entering the data for the new asset appears automatically on the right site.
- Enter here some fictitious data and save it with the key combination Ctrl+S or by closing the view.
- On closing of unsaved view content you will be automatically asked if you want to save this.
符合要求與控制措施(Comply Requirement with Controls)
- In the view "Information Security Model" you can create objects and object groups.
- The predefined categories for objects are displayed when you create a new root object (organization object).
- Click on "Add new organization" button which is located at the top right edge of the view.
- An organization object means a scope, a department or even the entire organization.
- Now create an asset group. To do this, click the right mouse button on the category "Assets".
- You will see a context menu from which you should choose to option "Add New Asset Group ... ".
- Now you have created a group object for assets.
- A group object corresponds to a folder of an operating system.
- This object can contain other asset objects or other asset group objects.
- You can build completely custom hierarchical object groups and objects so.
- Rename the newly created asset group by entering the title text "Client PC" appeared in the left window (editor view).
- Save by pressing the key combination Ctrl+S.
- Now create for the group "Client PC" an asset object by right-clicking and selecting "Add New Asset ...".
- Now an asset object is created and attached to the group object you created.
- The editor view for entering the data for the new asset appears automatically on the right site.
- Enter here some fictitious data and save it with the key combination Ctrl+S or by closing the view.
- On closing of unsaved view content you will be automatically asked if you want to save this.
建立更多關聯(Creating More Relatinos)
- In the view "Information Security Model" you can create objects and object groups.
- The predefined categories for objects are displayed when you create a new root object (organization object).
- Click on "Add new organization" button which is located at the top right edge of the view.
- An organization object means a scope, a department or even the entire organization.
- Now create an asset group. To do this, click the right mouse button on the category "Assets".
- You will see a context menu from which you should choose to option "Add New Asset Group ... ".
- Now you have created a group object for assets.
- A group object corresponds to a folder of an operating system.
- This object can contain other asset objects or other asset group objects.
- You can build completely custom hierarchical object groups and objects so.
- Rename the newly created asset group by entering the title text "Client PC" appeared in the left window (editor view).
- Save by pressing the key combination Ctrl+S.
- Now create for the group "Client PC" an asset object by right-clicking and selecting "Add New Asset ...".
- Now an asset object is created and attached to the group object you created.
- The editor view for entering the data for the new asset appears automatically on the right site.
- Enter here some fictitious data and save it with the key combination Ctrl+S or by closing the view.
- On closing of unsaved view content you will be automatically asked if you want to save this.