資訊系統及流程 (Security Qualification)
首頁>
產品與服務 >
資訊安全 Information Security >
資訊系統及流程 (Security Qualification)
資訊系統及流程 (Security Qualification)
什麼是電腦網路系統安全評鑑 (Security Qualification)?
電腦網路系統安全評鑑 (Security Qualification) 乃由 TÜV NORD 將其多年資訊安全技術與產品評鑑經驗,針對網路系統的安全(例如銀行交易網路、企業防火牆、數位簽章系統等) ,所開發出來之評鑑方法與程序。
同時,這也是被國際(歐盟各國)認可,目前唯一針對網路系統整體安全提出完整方法論與實作驗證之有效安全評鑑技術。
電腦網路系統安全評鑑方法根據下列相關安全標準為理論基礎,進而發展出來的電腦網路系統安全評鑑程序。
- ISO27001/ISO17799
- ISO/IEC TR 13335 (Information Technology-Guidelines for the Management of IT,GMITS)
- ITBPM (Information Technology Baseline Protection Manual
- Common Criteria與ITSEC
成功案例及參考客戶
截至目前為止,全球已有數十家客戶已通過電腦網路系統安全評鑑 (SQ),並授予德國 TÜV NORD 國際級安全標章。客戶行業別涵括金融、郵政、資訊等,特別一提台灣的票券集保中心也通過此認證,讓票券交易過程安全無虞。(詳細資料可以參考德國 http://www.tuvit.de/ 網站)
通過驗證之客戶與專案
Companies Projects
| Company | Scope |
| Advance Bank, Munich | Security Qualification of Internet Banking |
| Arab Bank, Amman, Jordan | Security Concept and Security Qualification of Internet Banking |
| Basler Kantonalbank, Basel, Switzerland | IT Security Policy |
| BKS, Klagenfurt, Austria | Security Qualification of Internet Banking |
| BTV, Innsbruck, Austria | Security Qualification of Internet Banking |
| Commerzbank, Frankfurt | Security Qualification of a Banking Application |
| Credit Suisse, Zurich, Switzerland | Firewall Checks |
| Deutsche Bank, Frankfurt | Security Qualification of the Internet Connection |
| Deutsche Post AG, Darmstadt | Network Audit of a Trust Center on the basis of the German Digital Signature Act Security Qualification of electronic Courier |
| Deutsche Telekom AG, Bonn | Several evaluations acc. ITSEC of products (soft- and hardware) and systems, Network Audit of a Trust Center on the basis of the German Digital Signature Act Medical Data Communication |
| E–Plus Mobilfunk GmbH, Dusseldorf | Security Concepts for Mobile Communication Services Company Security Concept |
| German Parliament, Bonn/Berlin | IT Security Concept of the German Parliament at the new Location in Berlin |
| Oberbank, Linz, Austria | Firewall Checks |
| Oberfinanzdirektion of Bavaria, Munich | Security Qualification of the Electronic Tax Assessment |
| Reg-TP, Mainz | Network Audit of the German Root Trust Center on the basis of the German Digital Signature Act |
| Rentenanstalt SwissLife, Zurich, Switzerland | Security Analyses |
| TC Trust Center, Hamburg | Security Qualification of a Trust Center on the basis of the German Digital Signature Act |
| UBS AG, Zurich, Switzerland | Study: Security in Fibre Channels |
| Vodafone, Dusseldorf | Security Consulting |
| VRR GmbH, Gelsenkirchen | Security Checks of TicketInside |
others:
Security analyses of LAN’s and internet–connections of many companies
IT-Training in German and English
DIDC Co., Ltd., Taiwan 台灣票券集保中心
推行Security Qualification之預期效益
- 建立明確並符合國際規範的網路安全防護體系。
- 建立完整之電腦網路系統之書面作業程序。
- 建立自我檢測與維護網路系統安全之能力。
- 國際(歐盟各國)認可,目前唯一針對網路系統整體安全提出完整方法論與實作驗證。