资安事件处理作业办法

《资安事件处理作业办法》由会员分享，可在线阅读，更多相关《资安事件处理作业办法（9页珍藏版）》请在装配图网上搜索。

1、Revision HistoryProcedure:Title:Treating Method of the Info-Security Affairs|资安事件虞理作渠辨法Rev:Rev.ECNDateOriginatorReasonA2006/6/22Yoyo YuanInitial ReleaseIssue stampDateTRADE SECRETS,CONFIDENTIAL INFORMATION,PROP RI ETA R Y INFORMA TION NOTICE and COPYRIGHTThe Copyright in this document is vested in A

2、ltus Technology Inc.The document may not be reproduced in whole or in part,orstored in a retrieval system,or transmitted in any form or by any means electronic mechanical,photocopying or otherwise,without the prior written per-mission of Altus Technology Inc.This document or its contents,cither in w

3、hole or in part,must notbe communicated to the press or any person not authorized to receive it.The data shall not be duplicated used,or disclosed inwhole or in part for any purpose other than to evaluate the contents.This restriction does not limit the right of the recipient to useinformation conta

4、ined in this data for its review and use for its intended purpose.The data subject to this restriction is containedin pages of this document marked Altus Proprietary Data”ContentsProcedure:.1Title:.1Rev:.1A.1Contents.2Treating Method of the Info-Security Affairs.31.()Purpose 目的.32.0 Scope 遹用 SB圉.33.

5、0 Role and Responsibility 角 色 舆 躺.34.0 Emergency work flow chart of Info-Security Affairs 资安事件鹰燮作渠流程I.55.0 Reporting of Info-Security Affairs 通辍作渠.56.0 Disposition of Info-Security Affairs J 理作I t.67.0 Improving of Info-Security Affairs 改善作IS.78.0 Audil 稽核.79.0 Encourage for Disclosure 聚辍奖W).710.0 I

6、nput and Export 输入输出.811.0 Appendices and Attachments 附件.9Treating Method of the Info-Securitv Affairs1.0 Purpose 目的Standardize the handling mechanism of the Info-Security affairs,improvethe treatment quality of the incident.The relevant affairs of making the Info-Security affairs notify,dealing wit

7、h,improving,auditting etc.are accordedwith to some extent.规 范 安 全 事 件 虞 置 檄 制，提升事件的虑理品 ,使 安 全 事 件 通 辍、虑 理、改 善、稽核等相 事矜有所依援。2.0 Scope 逋用靶0B2.1 This treating method applies to Foxconn Electronics Inc.Info-Security affairscontingency to disposition.本作渠辨法遹用於富士康科技集困瓷安全事件燮霓置作渠。3.0 Role and Responsibihty 角

8、色 卿3.1 The table of role and responsibility角色典殿责一霓表Department部FERole角色Responsibility资安管理部资安主管a容核资安事件虞理音I制b封资安案件分级判断c建置资安措施，轨行资安盛控d指峥资安虑理言懵ij孰行e依音r上级指蜉修IT虑理音 副f管控是否需要癌作军位支援紧急Jfi箜虑理小a规副危械虞理言 副程式b愤助事件彝生单位查明安全事件原因c行聚急K K燮措施d段行资安稽核e愤助事赞军位轨行改善作渠f撰瘾结案辍告前its人具a事件受理、通辍b根撼客服系统做遇程跟粽c整理资安件结案文槽聚辍者a自 向资安管理卿幸艮资安事件

9、b必要畤暹行指IS愤作单位事件凌生单位a及畤通辍事件b主醇系且建事件虑理小事件虑理小乐且a制f f 虑理、改善辞0十副；b轨行副副加提出事件虞理辍告；Department部F号Role角色Responsibility愤作军位集 圄 安 全委员傅a接受资安事件通辍，制订）8理 副：b指 醇、寄核虑理小 之作渠；c指 醇 危 械 防 演 资安事件愿急事 家 系 且a虑理重大资安事件b穗紧急IS燮 虑 理 小 事 件 虑理小 安全技雨c除集困安全策略提出建 和意兄CIO资安事件主任委员a下连重大资安事件虑理指示b封重大资安事件虑理部副骞核c改勒炎辘徨原械制3.2 Affairs Dispositio

10、n Group事件虞理小3.2.1 Can be units leading factor happen by the incident and set up in AffairsDisposition Group,the incident happens unit,incident relevant unit,Info-Security Management(in case of necessity)transfer manpower to make up,may include the professional service provider of outside.事件虑理小系且可由事件

11、彝生里位主蹲系且建,事件彝生军位、事 件 相 位、资安管理部(必要畤)抽 人力系且成，可能包括外部事棠服矜提供商；3.2.2 Affairs Disposition Group should work under the guidance of Info-SecurityCommittee,Local Information Department Manager and AdministrativeExecutive,and report to them.事件虑理小组愿在资安委具曾、本 部 咒 主 管、行政主管指簿下工作加且向资安事件虞理委员曾、本部力瓷an主 管、行政主管甄告；3.3 Inf

12、o-Security Committee of the Group集 资 安 委 员 曾3.3.1 Info-Security Committee of the Group is organized by Cenfral InformationDepartment Manager,Group Information Department Manager and seniorinformation technical staff.集IB资安委员曾乃召集性系且微，成员由各事棠群/中央周遏军位 主管、资 深 技徐亍人员系且成；3.3.2 Advisor group members is organi

13、zed by senior administrative executive,ITManager,technical staff or senior personages of outside manufacturer,professional service organization.I I 成员可由集凰内部资深行政主管、n主管 技循:人 具 或 者 外 部 商、惠棠服矜檄情的资深人士搪任；3.3.3 If Info-Security Affairs is happened,according to incident nature,involve theprofessional field,

14、deal with the committee to transfer relevant personnel fromthe incident,instruct Info-Security Affairs Disposition Group promotes oneswork.如遇资安事件赞生，即 根 獴 事 件 性、涉及事渠领域，优事件虑理委员曾抽 相 人R，指醇资安事件虞理小91!展工作；4.0 Emergency work flow chart of Info-Security Affairs资安事件JS燮作渠流程IB虑理重大资安事件今聚急雁燮虑理小系且、事件虞理小 安全技钵亍“封集廛!

15、安全策略提出建和意冕5.0 Reporting of Info-Security Affairs 通辍作H5.1 Hot Line&E-mail for Info-Security Affairs notify(report).资 安 事 件 通 辍 信 箱。5.1.1 Hot Line for Info-Security Affairs notify(report):560-102,nder the care ofProduct Dynamic Solution Services Info-Security Management.集困言殳置资安事件通甄(W):560-102，由工管资资安管理

16、部负责；5.1.2 Can also notify(report)to Info-Security Management through the E-mail:INFOSEC/CEN/FOXCONN or PDSSS.亦可透谩甯子酬件向瓷安部通幸艮(W)：INFOSEC/CEN/FOXCONN 或PDSSS。5.2 Log of Aviso通辍5.2.1 In case of Info-Security Affairs happens,should report to Info-SecurityManagement in ten minutes.如遇资安事件彝生，鹰在十分 内甄告资安管理部：5

17、.2.2 Group staff are obligated to report Info-Security Affairs to Info-SecurityManagement.集困员工有羲矜向资安管理部聚辍资安事件；5.2.3 Info-Security Management receives the notification(reporting),must remindthe persons who notify and keep the secret,dont tell to others again.资安管理部接到通甄(W)须提醒通甄者矜必保守秘密，勿再向他人 述；5.2.4 Not

18、 accepting and reporting anonymously,the persons who demand toreport tell Info-Security Management true name,office,contact way,etc.Info-Security Management must be kept secret for persons who report.不接受匿名聚辍，要求聚辍者告知资安管理部真 姓名、工作里位、聊彳系方式等。W安管理部须焉聚甄者保密；5.2.5 Info-Security Affairs serial number rule:Yea

19、r-month-serial number(example:2006-01-XX);Info-Security file serial number observes FileCoding Process Guide Line of Product Dynamic Solution Services Info-Security Management资安事件褊虢规KJ:年份-月份-流水虢(例：2006-01-X X)；瓷安文槽褊虢遵守 工管 资安管理部文件编碣作渠型刖；5.2.6 Info-Security Management writes down the notification of e

20、very one Info-Security Affairs(including reporting),and deal with Info-Security Affairs incoordination with the unit,Info-Security Committee of the Group happens inthe incident after being notified.资安管理部1己 每一件资安事件之通辍(含聚辍)，她在得到通辍彳爰癌同事件赞生罩位、集资安事件虞理委员曾虑理资安事件；5.2.7 If it is not Info-Security Affairs,mus

21、t tell the persons who notify propercircular targets,for example:The public safe incident notifies central Ministryof State Security.若不腐於资安事件,须告知通率艮者遹常的通甄封象,例 如：公共安全事件通率艮中央安全部。6.0 Disposition of Info-Security Affairs JS理作棠6.1 The illustration of dispositionj 虚理作蕖脱明6.1.1 Info-Security Management,afte

22、r receiving taking place on the notification/reporting of Info-Security Affairs,must note down the incident to departmentsexecutive transmits submit Info-Security Committee of the Group.资安管理部在接到樊生资安事件的通辍/聚辍接,须揩事件系己 系监部F4主管辅呈集度I资安事件虞理委员曾；6.1.2 Info-Security Committee of the Group is notified the unit

23、 happens in theincident,the leading factor makes up Affairs Disposition Group.集凰资安事件虑理委具曾通知事件赞生军位，主簿系且成事件虞理小系且；6.1.3 Info-Security Management is helped or must participate in Affairs DispositionGroup and deal with the incident of information safety.资安管理部癌助或视必要参典事件虞理小系且虑理资安事件；6.1.4 Info-Security Affa

24、irs Disposition Group proposes dealing with the scheme inincident under the guidance of committee,and carry out this scheme.资安事件虞理小系且在委员曾指厚下提出事件虑理方案，或且轨行 方案；6.1.5 Info-Security Affairs Disposition Group should deal with to Info-SecurityCommittee,our unit report incident punish progress at any time.资

25、安事件虞理小系且愿随日寺向资安事件虞理委具曾、本里位麋辍事件虞理迤展。7.0 Improving of Info-Security Affairs 改善作It7.1 Plan and Proposal of Improving改善 及建7.1.1 The info-security affairs is dealt with later stage or after finishing,theincident should summarize the unit,look for the holes of the info-security,propose improving the schem

26、e and improving the plan.资安事件虞理彳发期或完 以彳爰,事件赞生军位愿谨行 系吉，尊找资安漏洞,提出改善方案及改善壹I；7.1.2 Info-Security Management helps the incident to offer the suggestion ofimproving on the basis of summarizing the incident result.资安管理部愤助事件赞生罩位在 事件虞理结果基磁上提出改善建7.2 Improving of Info-Security Affairs改善作渠7.2.1 The incident tak

27、es charge of implementing the unit.事件赞生军位:f t 施。、8.0 Audit 稽核8.1 Info-Security Management is responsible for carrying out and audits and deals withthe committee and offers and audits reporting to info-security affairs to the thing thatthe improvement homework of the unit happens in the incident.资安管理

28、部负责轨行封事件赞生里位的改善作蕖迤行稽核3 6向资安事件虞理委员畲提供稽核幸员告。8.2 The contents of improving and auditing,make reference to“Treating Method ofthe Info-Security Affairs”.於改善作案及稽核，具飕见 资安事件虞理作渠辨法。9.0 Encourage for Disclosure 聚辍物f t9.1 The group encourages the employee to put forward to Department of Info-Security Managemen

29、t reporting after finding the info-security affairs.集IB鼓励景工赞51资安事件彳爰向资安管理部提出聚辍；9.2 The moment the disclosure being affirmed,prosecutor will be properly rewarded.S W S S，酹予以聚辍人逾富的物 及精神堤励。9.3 Detailed reward procedure will be drawn up by Department of Human ResourceManagement,assisted by Department of

30、 Info-Security Management,referring toUlnfo-security Disclosure and Reward Procedure”.聚幸典魁勤具艘作棠辨法由资安管理部曲助中央人资另掇，具 鹘 足 资安事件聚辍及樊勘作棠辨法。10.0 Input and Export 输入输出10.1 Input 输入Name瓷料名耦Description描述Remark资安事件亵生之通辍通辍资安事件（事件赞生畤3、遇、影辔情1兄）可能卷口 述或甯子酬件描述10.2 Export 输出Name瓷料名耦Description描述RemarkWii安全事件通辍受理后已 表由资

31、安管理部 言己 由事件彝生单位通告或者员工聚幸&的资安事件由资安管理部 言己虑理小 人员名军I1由事件樊生军位、资 服 矜 罩位、外部摩商及寡渠服矜里位的相II人员以及外聘事家/S3冏人员成，可以事案架情形式。事件彝生里位、事件虑理小幺F I上辍，资安管理部硅定整理。安全事件虞理 制善由资安管理部事人负责封相 安事件暹行制制起草，加根撅事件的殿重程度暹行分 分级，制定出可以 幸 人 行 的 虞理言十副资安管理部完成 安全事件虞理幸艮告善提出事件彝生、虑理遇程及虑理结果、改善言f剧等辞黜辍告事件赞生甲.位、事件虞理小 完成11.0 Appendices and Attachments 附件11.1 Altus 安全事件通幸需己 表11.2 Altus 安 全 事 件 虞 理 11.3 Altus资安事件人事樊慧言己 表