爪哇手x永續魔法

A.17.1 永續資訊安全 Information security continuity 目標：永續資訊安全應嵌入進組織的永續經營管理系統中。   Objective: Information security continuity shall be embedded in the organization’s business continuity management systems. A.17.1.1 永續資訊安全之計劃   Planning information security continuity 組織應決定在不利的情況下，例如危機或災難期間，資訊安全與永續資訊安全管理之需求。   The organization shall determine its requirements for information security and the continuity of information security management in adverse situations, e.g. during a crisis or disaster.

A.16.1 資訊安全事故與改進之管理   Management of information security incidents and improvements 目標：確保資訊安全事故的管理採用一致且有效的方法，包括安全事件與弱點之傳遞。   Objective: To ensure a consistent and effective approach to the management of information security incidents, including communication on security events and weaknesses. A.16.1.1 責任與程序 Responsibilities and procedures 管理責任與程序應加以建立，以確保對資訊安全事故做出迅速、有效且有條理的回應。   Management responsibilities and procedures shall be established to ensure a quick, effective and orderly response to information security incidents. A.16.1.2 資訊安全事件之通報 Reporting information security events 資訊安全事件應儘速地透過適當的管理管道通報。   Information security events shall be reported through appropriate management channels as quickly as possible. A.16.1.3 資訊安全弱點之通報   Reporting information security weaknesses 應要求使用組織的資訊系統與服務之員工與承包商，在系統或服務中觀察到或有可疑的資訊系統弱點時，必須記錄並回報。   Employees and contractors using the organization’s information systems and services shall be required to note and report any obse

A.15.1 供應商關係之資訊安全 Information security in supplier relationships 目標：確保對供應商可存取之組織資產的保護。 Objective: To ensure protection of the organization’s assets that is accessible by suppliers. A.15.1.1 供應商關係之資訊安全政策 Information security policy for supplier relationships 減少與供應商存取組織資產之風險的資訊安全需求應與供應商協議並文件化。   Information security requirements for mitigating the risks associated with supplier’s access to the organization’s assets shall be agreed with the supplier and documented. A.15.1.2 供應商協議內闡明安全措施   Addressing security within supplier agreements 應與每個可能存取、處理、儲存、傳遞或為組織之資訊提供資訊基礎設施元件的供應商建立並協議所有相關的資訊安全需求。   All relevant information security requirements shall be established and agreed with each supplier that may access, process, store, communicate, or provide IT infrastructure components for, the organization’s information. A.15.1.3 資訊與通信技術供應鏈 Information and communications technology supply chain 與供應商之協議應包含解決資訊與通信技術服務以及產品供應鏈相關的資訊安全風險之需求。 Agreements with suppliers shall include r

A.14.1 資訊系統之安全需求   Security requirements of information systems 目標：確保資訊安全是整個資訊系統生命週期整體的一部份。此亦包含在公共網路上提供服務之資訊系統的需求。 Objective: To ensure that information security is an integral part of information systems across the entire lifecycle. This also includes the requirements for information systems which provide services over public networks. A.14.1.1 資訊安全需求分析與規格 Information security requirements analysis and specification 新資訊系統或對現存資訊系統的改善之需求，應將資訊安全相關需求包含在內。 The information security related requirements shall be included in the requirements for new information systems or enhancements to existing information systems. A.14.1.2 保護公共網路上之應用服務   Securing application services on public networks 新資訊系統或對現存資訊系統的改善之需求，應將資訊安全相關需求包含在內。   The information security related requirements shall be included in the requirements for new information systems or enhancements to existing information systems. A.14.1.3 保護應用服務交易   Protecting application services transactions 涉及到應用服務交易之資訊應加以保護，以防止

1. Java 12.0.2 2. MySQL 5.7.27 install https://unicenta.com/pages/install-unicenta-opos/ configuration https://unicenta.com/pages/configure-unicenta-opos/

透過以下連結下載到 Zip 檔。有找了一下，只有 32 位元的安裝檔。而下載到的 MySQL 的版本為 5.7.27。 https://dev.mysql.com/downloads/mysql/5.7.html#downloads 之前都是套件安裝 MySQL，都有 UI 可啟動與停止。第一次遇上手動啟動。 找到以下網頁，說要執行 mysqld https://tableplus.com/blog/2018/10/how-to-start-stop-restart-mysql-server.html 執行後出現以下錯誤 非官方的不可靠，那找官方的文件總可以吧。 https://dev.mysql.com/doc/mysql-startstop-excerpt/5.5/en/windows-server-first-start.html mysql 網站說要加 --console，結果如下。 用上面第一個錯誤訊息搜尋，找到的第一個連結如下。 https://www.cnblogs.com/yYang365/p/5105060.html 說第一次執行要加 --initialize -insecure ，這樣會建立無密碼的 root@localhost 最後整理一下無安裝版的 mysql 啟動程序。 1. 自 mysql 官網下載需要的版本。 2. 解壓縮至欲存放的目錄。 3. 用系統管理員身份執行命令提示字元。 4. 將目錄切換至 MySQL 目錄下的 bin 目錄下。 5. 執行 mysqld --initialize-insecure 6. 再次執行 mysqld 可用 MySQL Workbench 測試是否能正確連線。

A.12.4 記錄與監控 Logging and monitoring 目標：記錄事件並產生證據。 Objective: To record events and generate evidence. A.12.4.1 事件記錄 Event logging 記錄使用者活動、異常、錯誤與資訊安全事件的事件日誌應加以製作、保存並定期地審閱。 Event logs recording user activities, exceptions, faults and information security events shall be produced, kept and regularly reviewed. A.12.4.2 日誌資訊之保護 Protection of log information 記錄設施與日誌資訊應加以保護，以防止篡改與未經授權的存取。 Logging facilities and log information shall be protected against tampering and unauthorized access. A.12.4.3 管理者與操作者日誌 Administrator and operator logs 系統管理者與系統操作者活動應加以記錄，且該日誌應加以保護並定期地審閱。 System administrator and system operator activities shall be logged and the logs protected and regularly reviewed. A.12.4.4 時間同步 Clock synchronization 在組織或安全領域內的所有相關資訊處理系統之時間應與單一參照時間來源同步。 The clocks of all relevant information processing systems within an organization or security domain shall be synchronised to a single reference time source. A.12.5 運作中軟體之控制 Control of operational software 目標：確保