แผนบริหารความ ... - dede.go.th

1 2558-2559.. 255 -255 .. COSO (Committee of Sponsoring Organizations of the Treadway Commission) (ISO 27001) .. ( ).. 255 -255 .. ( .) .. 2558-2559 .. COSO (Committee of Sponsoring Organizations of the Treadway Commission) . (PMQA) . (ISO 27001) .. 2558-2559 .. ICT External Audit Internal Audit . ICT .. 255 -255 .. 1.. 1. 2.. 2. 3.. 2. 4.. 3. 5. (Risk assessment) .. 4. 6. (Risk estimation) .. 8. 7. (Risk evaluation) .. 13.. 13.. 14. 8. (Risk analysis) .. 18. 9. (Risk management) .. 20. 10.. 22.. 1 .. 17.. 1 (Description of risk) ..5. 2 (Risk estimation) .. 10. 3 (Risk evaluation) .. 15. 4 (Risk analysis) .. 18. 5 (Risk management) .. 20. 6 .. 22.. 255 -255 .. 255 -255 .. 255 -255 .. 1.. (Risk) . ( ) .. (Impact) . (Likelihood) . (Risk Factor) .. (Risk Assessment) . (Likelihood) (Impact) . (Degree of Risk) . 4 . (Risk Management) .. 4 / .. (Control) . 4 .. 1.. 255 -255 .. (Asset) 5.

2 COSO (Committee of Sponsoring Organizations of the Treadway Commission) . 1. (Objective Setting). 2. (Event Identification). 3. (Risk Assessment). 4. (Risk Response). 5. (Control Activities). 6. (Information and Communication). 7. (Monitoring).. 2.. 1.. 2.. 3.. 4.. 5.. 3.. 2.. 255 -255 .. 1.. 2.. 3.. 4.. 5.. 6.. 7.. 8.. 9.. 10.. 11.. 12. 4 . 13.. 14.. 15.. 16.. 17.. 3.. 255 -255 .. 4. (Risk assessment).. 4 .. Hacker Cracker .. (Description of risk) 1 1.. 4.. 255 -255 .. 1 (Description of risk). / / . 1. RIT01 - . - . - .. 2. RIT02 - .. - .. 3. RIT03 Hacker - Hacker/Cracker . / - . (denial of services/ DOS) . - . - . - .. - / .. 5.. 255 -255 .. / / . 4. RIT04 - . - - .. 5. RIT05 - .. 6. RIT06 - . (Update) - . (denial of services/ DOS) . - .. 7. RIT07 - Hacker/Cracker . - . (denial of services/ DOS) . - . - . - / .. 6.. 255 -255 .. / / . 8. RIT08 - .. 9. RIT09 Hacker - Hacker/Cracker.

3 / - . (denial of services/ DOS) . - . - . - .. - / . - .. 7.. 255 -255 .. 5. (Risk estimation). (Incident) (Event) .. 5 > 4 / . 4 4 / . 3 3 / . 2 2 / . 1 1 / .. - . - / . - . - .. - . - . - . - . - / .. 8.. 255 -255 .. 5 > 10 .. 4 > 5 10 .. 3 > 5 .. 2 > 1 .. 1 100,000 .. 2.. 9.. 255 -255 .. 2 (Risk estimation).. / . / . 1. RIT01 - 1 5. - . - .. 2. RIT02 - 3 5.. - .. 3. RIT03 Hacker - Hacker/Cracker 3 3. / - . (denial of services/ DOS) . - . - . - .. - / .. 10.. 255 -255 .. / . / . 4. RIT04 - 3 3. - - .. 5. RIT05 - 3 1.. 6. RIT06 - 3 3. (Update) - . (denial of services/ DOS) . - .. 7. RIT07 - Hacker/Cracker 5 3. - . (denial of services/ DOS) . - . - . - / .. 11.. 255 -255 .. / . / . 8. RIT08 - 3 4.. 9. RIT09 Hacker - Hacker/Cracker 3 4. / - . (denial of services/ DOS) . - . - . - .. - / . - .. 12.. 255 -255 .. 6. (Risk evaluation).. = ( ) X ( ).. 1 8 . 5 14 ( ) . 17 24 ( ) . 25.

4 (Risk Map).. - - . - - .. - - . - - .. 13.. 255 -255 .. 5 5 10 15 20 25 . 4 4 8 12 16 20 .. / .. 3 3 6 9 12 15 . 2 2 4 6 8 10.. ( ). 1 1 2 3 4 5. 1 2 3 4 5. / . 3 . (Risk Map) 1.. 14.. 255 -255 .. 3 (Risk evaluation). / .. 1. RIT01 1 5 5.. 2. RIT02 3 5 15.. 3. RIT03 Hacker 3 3 9. / .. 4. RIT04 3 3 9. - .. 5. RIT05 3 1 3.. 15.. 255 -255 .. / .. 6. RIT06 3 3 9. (Update) .. 7. RIT07 5 3 15.. 8. RIT08 3 4 12.. 9. RIT09 Hacker 3 4 12. / .. 16.. 255 -255 .. (Risk Map). 5 RIT01 RIT02 . 4 RIT08, RIT09 . / . RIT03, RIT07. 3 RIT04, RIT06.. 2.. RIT05. 1 ( ). 1 2 3 4 5. / . 1 .. 17.. 255 -255 .. 7. (Risk analysis). 4. 4 (Risk analysis).. 1. 15.. 2. 15.. 3. 12.. 4. / Hacker 12.. 18.. 255 -255 .. 5. / Hacker 9.. 6. - 9.. 7. 9. (Update) .. 8. 5.. 9. 3.. 19.. 255 -255 .. 8. (Risk management). 5.. 15 . 15 . 5. 5 (Risk management).. 1. 15 - - . ( ) - . - . (Business Continuity Plan : BCP). 2. 15.

5 ( ) .. - .. 3. 12 - - . ( ) - . 4. 12 - - . ( ) OWASP-Top 10 Web Application Security Risks . - .. 20.. 255 -255 .. 5. 9 - - firewall, IPS . ( ) - .. - patch . - patch . 6. 9 - - . ( ) . - . 7. 9 - - . ( ) . - .. - .. 8. 5 - - . (Business Continuity Plan : BCP). - . - . 9. 3 - - .. - .. 21.. 255 -255 .. 9.. ( .) 2558 2559 . 6 .. 2558 .. 2559.. / .. 1. - - 6 .. - - .. - - .. - .. (Business Continuity Plan : BCP). 2. - - .. - - .. 22.. 255 -255 .. 2558 .. 2559.. / .. 3. - - .. - - 6 .. 4. - - . OWASP-Top 10 . - - 6 .. 5. - - . Firewall, IPS . - - .. - - . patch . - patch - .. 23.. 255 -255 .. 2558 .. 2559.. / .. 6. - - .. - - 3 .. 7. - - .. - - .. - .. 24.. 255 -255.