SlideShare a Scribd company logo

大學與​信息安全​

Download as PPTX, PDF
Chuan Lin
Chuan Lin

How ancient Chinese Classics, Great Learning, remains relevant in modern information security profession. This presentation will show side by side of what was true back in 400 BC, can also apply to modern day 21st Century. It is also the first book on MaaS (Management as a Service). 大學的三綱跟(ISC)2和SAN的守則沒有什麼不同。​ 十資安域和技術信息的知識是對於信息安全專業有必要地。但個人的道德標準是有預期但不多指示、只要按照各種法律/裁決像HIPAA、SOX、GLBA、安全港等就算了。​ 我相信大學是信息安全(InfoSec)專業倫理有用的指南。​

Technology
1 of 28
大學 & 資訊安全 Great Learning & Information Security how ancient Chinese Classic remains relevant in modern information security Chuan Lin, CISSP
Great Learning Background Who Wrote it • Zengzi, a disciple of Confucius, wrote Great Learning back around 450 BC – 436 BC. • And in Song Dynasty (960 AD – 1270 AD), Cheng Brothers and their student, Zhu Xi corrupted the original text and its meaning. • In recent times, Master Nan Huai Jin and Captain Chang Teh-Kuang (ret.) are among recent Chinese scholars attempted to bring Great Learning back to lost Chinese generation. What is it • It is the first self-help book that withstood the test of time and the first book on Management as a Service (MaaS).
Great Learning Background II When was it written • It was written sometime between 450 – 436 BC during the Spring and Autumn Period of Chinese history when China was in a feudal sovereignty that consisted of hundred city states owned loyalty to Zhou Dynasty. Where was it flourish? • At the time it was written, Great Learning was just another school of thought that contended with hundred others ideas. Later, it has became one of three main core philosophies of China.
Great Learning Background III Why is it matter? • Its opening statement is no different than the mission statement from (ISC)2 and SAN Code of Ethics. • While the knowledge of 10 domains and technical information are necessary for the information security professional (InfoSec Pro), a person’s ethical standard is expected but not much direction is given other than to follow various laws/ruling like HIPAA, SOX, GLBA, Safe Harbor, etc. • I believe Great Learning can be a useful guide for InfoSec Pro ethic.
大學和資訊安全專業的目標 Goals of Great Learning/InfoSec Pro What do we want to accomplish with our lives and our career?
“ ” 大 學 之 道 、 在 明 明 德 、 在 親 民 、 在 止 於 至 善 。 The Dao of Great Learning is to illustrate illustrious virtues, to renovate the people, and to rest in the highest excellence. Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. - (ISC)2 Code of Ethics
大學之道、在明明德、在親民、在止於至善。 The Dao of the Great Learning is to illustrate illustrious virtues, to renovate the people, and to rest in the highest excellence. GAIC Code of Ethic • Respect for the Public • Respect for the Certification • Respect for my Employer • Respect for Myself SANS Code of Ethic • I will strive to know myself and be honest about my capability • I will conduct my business in manner that assures the IT profession is considered one of integrity and professionalism. • I respect privacy and confidentiality.
明明德的七證 7 Steps to Illustrating Illustrious Virtues Seeking Self Improvement First
“ ” 知 止 定 靜 安 慮 得 to know to c e ase to still to c alm to quie t to pond e r to obtain 7 Steps to Illustrating Illustrious Virtues How can these seven internal self improvement have impacts on oneself and one’s InfoSec career in modern time?
知to know Self Improvement • 在商業世界、我們培訓、以利用該公 司的戰略優勢同時和糾正該公司的弱 點。 • 在工程的環境、我們培訓、以查找和 糾正任何產品缺陷在上去市場之前。 • 我們不是應該要在別人或自己啟動零 天攻擊之前找出和糾正自己的弱點嗎? InfoSec Professional • To know a company’s security status; where are its strengths; where are its weaknesses. • To know the company's business goal, its chain of command, its culture, its behaviors, and its processes. • To know their defenses-in-layers structure, their logs control, their state of readiness, their state of responsiveness, and etc.
止to cease Self Improvement • 止是為了防止丟失個人控制。 • 止個人的惡習以通過逐漸減少、重定 方向到更健康的代替、或通過恆心的 切斷方法。 • 止個人的惡習以通過形成新的習慣, 自我獎勵、和參加支援組。 InfoSec Professional • To Cease is to prevent the lost of control. • To Cease internal risks through reduction, mitigation, avoidance, or elimination. • To Cease through log controls, separation of duty, enforcement of least privilege, secured software development lifecycle, and employees security awareness.
定to still Self Improvement • 定能讓我們知道自己的長處和 弱點 • 定能讓我們制止自己的積習和 增強自己的特長 • 定能給我們信心對抗外來的壓 力和打擊。 InfoSec Professional • To know about a company’s security status. • To cease a company’s risks. • This will give InfoSec Pro the confidence to remain level headed when external threats appear.
靜to calm Self Improvement • 心靜因為你不必擔心你的 缺點被別人利用。 • 心靜能過濾你的心思。 • 心靜通向身體健康。 InfoSec Profession • To calm is when a company does not have to worry about its information been misused. • To calm allows a company to plan its business strategy. • To calm allows a company to become healthy.
安to quiet Self Improvement • 靜才能安。心亂則身不能安。 社會動亂則國不能安。 • 心輕安、身輕安。 • 靜能讓你想清楚、安能讓你做 事不受干擾。 InfoSec Profession • To Calm allows to be quiet. When information is exposed, then a company can not maintain Quiet. • Management desires Quiet; employees desire Quiet. • Stillness allows a company to plan; Quietness allows a company to carry out its plan without disruption.
慮to ponder Self Improvement • 慮、謂處事精詳。 慮、謂精思。 • 想、謂頭腦裡粗淺現象。 思、謂頭腦裡細緻現象。 • 慮能讓你計畫人生大事。 InfoSec Profession • Pondering is planning InfoSec carefully. Pondering is to have InfoSec awareness at the back of employees mind. • Thought about current InfoSec need. Pondering about future InfoSec need. • Pondering allows both a company and an InfoSec Pro to plan out long range strategy.
得Obtaining Self Improvement • 高峰耀德狀態: 無于恐懼個人缺陷 有一個可操作的生活計畫 實現身體和心靈的平衡 InfoSec Profession • Peak security awareness state: COBIT’s Optimizing Process ITIL’s Optimized Maturity Assessment Level Security Awareness Roadmap: Metrics Framework
內聖外王I n t e r n a l S a g a c i t y, E x t e r n a l S o ve r e i g n t y How To Renovate People and Rest at Highest Excellences Or How to Manage Self Before Managing Others
格物 致知 誠意 正心 脩身 Investigation of Things Knowledge Sincerity Rectification Self Cultivation • Before managing others, first make sure you have successfully managed yourself. • You must be able to withstand the scrutiny of others. • Your actions, your behaviors, and your words will be constantly observed and judged. • This is especially true in the age of Facebook, Twitter, and Instagram where every little transgression will be caught on recording devices and spread like fire through media. • There are people who love nothing more than to tear down a hypocrite.
格物Investigation of Things Self Improvement • 與天地相似、故不違。 知周乎萬物、而道濟天下、故不過。 旁行而不流、樂天知命、故不憂。 安土敦乎仁、故能愛。 • 範圍天地之化而不過、曲成萬物而不遺, 通乎晝夜之道而知、故神無方、而易無 體。 • 顯諸仁、藏諸用、鼓萬物而不與聖人同 憂、盛德大業、至矣哉! InfoSec Profession • Information Security (InfoSec) is about providing data availability, confidentially, and integrity. • Ideally, InfoSec Professional (InfoSec Pro) needs to get involve at the start of all projects because of information security concern . • Externally, InfoSec Pro needs to know what regulations, laws, and audits are required for a project. • Internally, InfoSec Pro needs to know what technical, administrative, and physical constraints required for a project.
致知Knowledge Self Improvement • 知幾其神乎!窮神知化、德之盛 也。 • 和順於道德而理於義。窮理、 盡性、以至於命。 • 將以順性命之理。 InfoSec Profession • InfoSec Pro shares risk and vulnerability assessment with key consultants, managers, programmers, and other project members. • They need to take into account of InfoSec Pro concerns into project designs. • Any data leak will be detriment to the company image, reputation, confidences, and not to mention, possible lawsuits.
誠意Sincerity Self Improvement • 所謂誠其意者、毋自欺也、如惡惡 臭、如好好色、此之謂自謙。 • 曾子曰:「十目所視、十手所指、 其嚴乎。」 • 湯之盤銘曰:「苟日新、日日新、 又日新。 」 InfoSec Profession • InfoSec Pro shows sincerity toward data preservation through sharing security knowledge and advocating security awareness. • Every word and action will affect how employees view Information Security and its Awareness. • Dao of Hacking Improves, Technology Improves, InfoSec Improves.
正心Rectification Self Improvement • 正其心者: • 身有所忿懥、則不得其正 • 有所恐懼、則不得其正 • 有所好樂、則不得其正 • 有所憂患、則不得其正 InfoSec Profession • InfoSec Pro has to rectify his heart to prevent preoccupation of the followings: • Anger • Fear • Desire • Worry • These prevent him from doing his job.
脩身Self Cultivation Self Improvement • 人生是一小天地。 • 富潤屋、德潤身、心廣體 胖 • 斐君子、如切如磋、如琢 如磨。 InfoSec Profession • A company is its universe. • Wealth enriches a company, virtues enrich employees, enterprises broaden that expand ventures. • InfoSec Prof is constantly trimmed and scrubbed; he is frequently been cut and polished
齊家 治國 平天下 Maintain Family Regulate State (Company) Pacify Heaven Below (the Gird) • 大學是第一個管理作為一項服 務 (Management as a Service or MaaS) 的經典。 • 只對個人修養興趣嗎? 讀完脩身 • 只對維持家庭/部門興趣嗎? 讀完 齊家 • 只對維持政府/公司興趣嗎? 讀完 治國 • 只對維持天下/跨國公司興趣嗎? 讀完平天下 • External Sovereignty is less about utilized latest and greatest technology and more about managing people. • Social Engineering is the battle of hearts and minds that can get pass through the world most secured firewall, IDS, IPS, and defense in layers. • Despite advanced technology, people’s heart and soul still remained the same. They can enforce or enfeeble information security.
齊家Maintain Family Self Improvement • 所謂齊其家在修其身者: • 人之其所親愛而闢焉 • 之其所賤惡而闢焉 • 之其所畏敬而闢焉 • 故:「人莫知其子之惡.莫知 其苗之碩。」 InfoSec Profession • Maintaining a department comes about after self-cultivation. • It should be free from • Favoritism • Disapproval • Fear • These will decrease employees security awareness.
治國Regulate State (Company) Self Improvement • 一家仁、一國興仁; • 一家讓、一國興讓; • 一人貪戾、一國作亂; • 其機如此、此謂一言僨事、一 人定國。 InfoSec Profession • When a department behaves securely, entire company promotes vigilance. • When a department limits its access, entire company promotes data control. • When a man neglected and corrupted, entire company becomes vulnerable. • Hence, a word can instigate a threat; a man can secure a company.
平天下Pacify Heaven Below (the Gird) Self Improvement • 君子有絜矩之道 • 道得眾則得國、失眾則失 國 • 言悖而出者、亦悖而入;貨 悖而入者、亦悖而出。 InfoSec Profession • An InfoSec Professional lives and breathes the Code of Ethic. • Practice InfoSec, others engages, and company enacts. Disregard InfoSec, others forgets, and company neglects. • Law of Consequence can be found in personal, social, career, financial and political aspects.
Great Learning & InfoSec Recaps • As the first self-help book, it has withstood the test of time. As the first book on MaaS (Management as a Service), it shows how to serve others by first improving oneself. • Instructions for management is no different than instructions for self improvement. It is all about Lead by Example. • Despite advanced technology, people’s heart and soul still remained the same. They can enforce or enfeeble information security.

Recommended

LibBest Library Information System
LibBest Library Information SystemLibBest Library Information System
LibBest Library Information SystemNeo Chen
 
Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...
Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...
Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...Etu Solution
 
Great Learning & Information Security - English edition
Great Learning & Information Security - English editionGreat Learning & Information Security - English edition
Great Learning & Information Security - English editionChuan Lin
 
Part II: LLVM Intermediate Representation
Part II: LLVM Intermediate RepresentationPart II: LLVM Intermediate Representation
Part II: LLVM Intermediate RepresentationWei-Ren Chen
 
易经与资安 中文版
易经与资安 中文版易经与资安 中文版
易经与资安 中文版Chuan Lin
 
非關技術: 淺談如何參與社區開發
非關技術: 淺談如何參與社區開發非關技術: 淺談如何參與社區開發
非關技術: 淺談如何參與社區開發Wei-Ren Chen
 
Magazine Where Paris, chinese edition, juin 2014, leader sur les touristes "p...
Magazine Where Paris, chinese edition, juin 2014, leader sur les touristes "p...Magazine Where Paris, chinese edition, juin 2014, leader sur les touristes "p...
Magazine Where Paris, chinese edition, juin 2014, leader sur les touristes "p...Where Paris Editions
 
Code style 2014-07-18-pub
Code style 2014-07-18-pubCode style 2014-07-18-pub
Code style 2014-07-18-pubpersia cai
 

Recommended

LibBest Library Information System
LibBest Library Information SystemLibBest Library Information System
LibBest Library Information SystemNeo Chen
 
Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...
Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...
Big Data Taiwan 2014 Track1-3: Big Data, Big Challenge — Splunk 幫你解決 Big Data...Etu Solution
 
Great Learning & Information Security - English edition
Great Learning & Information Security - English editionGreat Learning & Information Security - English edition
Great Learning & Information Security - English editionChuan Lin
 
Part II: LLVM Intermediate Representation
Part II: LLVM Intermediate RepresentationPart II: LLVM Intermediate Representation
Part II: LLVM Intermediate RepresentationWei-Ren Chen
 
易经与资安 中文版
易经与资安 中文版易经与资安 中文版
易经与资安 中文版Chuan Lin
 
非關技術: 淺談如何參與社區開發
非關技術: 淺談如何參與社區開發非關技術: 淺談如何參與社區開發
非關技術: 淺談如何參與社區開發Wei-Ren Chen
 
Magazine Where Paris, chinese edition, juin 2014, leader sur les touristes "p...
Magazine Where Paris, chinese edition, juin 2014, leader sur les touristes "p...Magazine Where Paris, chinese edition, juin 2014, leader sur les touristes "p...
Magazine Where Paris, chinese edition, juin 2014, leader sur les touristes "p...Where Paris Editions
 
Code style 2014-07-18-pub
Code style 2014-07-18-pubCode style 2014-07-18-pub
Code style 2014-07-18-pubpersia cai
 
Information security
Information securityInformation security
Information securityYogeshwari M Yogi
 
圖書館趨勢觀察
圖書館趨勢觀察圖書館趨勢觀察
圖書館趨勢觀察Ted Lin (林泰宏)
 
Qlync RD 第三屆讀書會候選清單
Qlync RD 第三屆讀書會候選清單Qlync RD 第三屆讀書會候選清單
Qlync RD 第三屆讀書會候選清單Li-Wei Yao
 
開放街圖: 集合群眾之力的製圖 (OpenStreetMap: A crowdsoucing map )
開放街圖: 集合群眾之力的製圖 (OpenStreetMap: A crowdsoucing map )開放街圖: 集合群眾之力的製圖 (OpenStreetMap: A crowdsoucing map )
開放街圖: 集合群眾之力的製圖 (OpenStreetMap: A crowdsoucing map )Dongpo Deng
 
Design Pattern Explained CH1
Design Pattern Explained CH1Design Pattern Explained CH1
Design Pattern Explained CH1Jamie (Taka) Wang
 
千里之行 Begin with a Single Step
千里之行 Begin with a Single Step千里之行 Begin with a Single Step
千里之行 Begin with a Single StepCalvin C. Yu
 
被遺忘的資訊洩漏 / Information Leakage in Taiwan
被遺忘的資訊洩漏 / Information Leakage in Taiwan被遺忘的資訊洩漏 / Information Leakage in Taiwan
被遺忘的資訊洩漏 / Information Leakage in TaiwanShaolin Hsu
 
程式の工業革命 初稿
程式の工業革命 初稿程式の工業革命 初稿
程式の工業革命 初稿HoShi YoRu
 
Asp.net mvc 概觀介紹
Asp.net mvc 概觀介紹Asp.net mvc 概觀介紹
Asp.net mvc 概觀介紹Alan Tsai
 
Social Cognition
Social CognitionSocial Cognition
Social CognitionBrandon Cahall
 
Entity framework + Linq 介紹
Entity framework + Linq 介紹Entity framework + Linq 介紹
Entity framework + Linq 介紹Alan Tsai
 
Sys Security
Sys SecuritySys Security
Sys Security橘毛 貓
 
跨平台佈署建築資訊模型應用系統
跨平台佈署建築資訊模型應用系統跨平台佈署建築資訊模型應用系統
跨平台佈署建築資訊模型應用系統PN Wu (小平)
 
Network Security Research Paper
Network Security Research PaperNetwork Security Research Paper
Network Security Research PaperPankaj Jha
 
Can Leadership be Taught
Can Leadership be TaughtCan Leadership be Taught
Can Leadership be TaughtMuhammadUmair645
 
Avia "a fork in the road"
Avia "a fork in the road"Avia "a fork in the road"
Avia "a fork in the road"Troy Callender
 
Self image and performance Feb13,2013
Self image and performance Feb13,2013Self image and performance Feb13,2013
Self image and performance Feb13,2013Dave Langston
 
7 habits of_highly_effective_p
7 habits of_highly_effective_p7 habits of_highly_effective_p
7 habits of_highly_effective_pimmeca
 
Seven habbits training]
Seven habbits training]Seven habbits training]
Seven habbits training]BChange
 
Power-Packed Productivity with Tim Wade
Power-Packed Productivity with Tim WadePower-Packed Productivity with Tim Wade
Power-Packed Productivity with Tim WadeTim Wade
 
Mercedes pp servant - leadership revised 10-24-12
Mercedes pp servant - leadership revised 10-24-12Mercedes pp servant - leadership revised 10-24-12
Mercedes pp servant - leadership revised 10-24-12dsclibrarydaytona
 
Mokita training
Mokita trainingMokita training
Mokita trainingDavid Zahn
 

More Related Content

Viewers also liked

Qlync RD 第三屆讀書會候選清單
Qlync RD 第三屆讀書會候選清單Qlync RD 第三屆讀書會候選清單
Qlync RD 第三屆讀書會候選清單Li-Wei Yao
 
開放街圖: 集合群眾之力的製圖 (OpenStreetMap: A crowdsoucing map )
開放街圖: 集合群眾之力的製圖 (OpenStreetMap: A crowdsoucing map )開放街圖: 集合群眾之力的製圖 (OpenStreetMap: A crowdsoucing map )
開放街圖: 集合群眾之力的製圖 (OpenStreetMap: A crowdsoucing map )Dongpo Deng
 
Design Pattern Explained CH1
Design Pattern Explained CH1Design Pattern Explained CH1
Design Pattern Explained CH1Jamie (Taka) Wang
 
千里之行 Begin with a Single Step
千里之行 Begin with a Single Step千里之行 Begin with a Single Step
千里之行 Begin with a Single StepCalvin C. Yu
 
被遺忘的資訊洩漏 / Information Leakage in Taiwan
被遺忘的資訊洩漏 / Information Leakage in Taiwan被遺忘的資訊洩漏 / Information Leakage in Taiwan
被遺忘的資訊洩漏 / Information Leakage in TaiwanShaolin Hsu
 
程式の工業革命 初稿
程式の工業革命 初稿程式の工業革命 初稿
程式の工業革命 初稿HoShi YoRu
 
Asp.net mvc 概觀介紹
Asp.net mvc 概觀介紹Asp.net mvc 概觀介紹
Asp.net mvc 概觀介紹Alan Tsai
 
Entity framework + Linq 介紹
Entity framework + Linq 介紹Entity framework + Linq 介紹
Entity framework + Linq 介紹Alan Tsai
 
跨平台佈署建築資訊模型應用系統
跨平台佈署建築資訊模型應用系統跨平台佈署建築資訊模型應用系統
跨平台佈署建築資訊模型應用系統PN Wu (小平)
 
Network Security Research Paper
Network Security Research PaperNetwork Security Research Paper
Network Security Research PaperPankaj Jha
 

Viewers also liked (14)

Information security
Information securityInformation security
Information security
 
圖書館趨勢觀察
圖書館趨勢觀察圖書館趨勢觀察
圖書館趨勢觀察
 
Qlync RD 第三屆讀書會候選清單
Qlync RD 第三屆讀書會候選清單Qlync RD 第三屆讀書會候選清單
Qlync RD 第三屆讀書會候選清單
 
開放街圖: 集合群眾之力的製圖 (OpenStreetMap: A crowdsoucing map )
開放街圖: 集合群眾之力的製圖 (OpenStreetMap: A crowdsoucing map )開放街圖: 集合群眾之力的製圖 (OpenStreetMap: A crowdsoucing map )
開放街圖: 集合群眾之力的製圖 (OpenStreetMap: A crowdsoucing map )
 
Design Pattern Explained CH1
Design Pattern Explained CH1Design Pattern Explained CH1
Design Pattern Explained CH1
 
千里之行 Begin with a Single Step
千里之行 Begin with a Single Step千里之行 Begin with a Single Step
千里之行 Begin with a Single Step
 
被遺忘的資訊洩漏 / Information Leakage in Taiwan
被遺忘的資訊洩漏 / Information Leakage in Taiwan被遺忘的資訊洩漏 / Information Leakage in Taiwan
被遺忘的資訊洩漏 / Information Leakage in Taiwan
 
程式の工業革命 初稿
程式の工業革命 初稿程式の工業革命 初稿
程式の工業革命 初稿
 
Asp.net mvc 概觀介紹
Asp.net mvc 概觀介紹Asp.net mvc 概觀介紹
Asp.net mvc 概觀介紹
 
Social Cognition
Social CognitionSocial Cognition
Social Cognition
 
Entity framework + Linq 介紹
Entity framework + Linq 介紹Entity framework + Linq 介紹
Entity framework + Linq 介紹
 
Sys Security
Sys SecuritySys Security
Sys Security
 
跨平台佈署建築資訊模型應用系統
跨平台佈署建築資訊模型應用系統跨平台佈署建築資訊模型應用系統
跨平台佈署建築資訊模型應用系統
 
Network Security Research Paper
Network Security Research PaperNetwork Security Research Paper
Network Security Research Paper
 

Similar to 大學與​信息安全​

Avia "a fork in the road"
Avia "a fork in the road"Avia "a fork in the road"
Avia "a fork in the road"Troy Callender
 
Self image and performance Feb13,2013
Self image and performance Feb13,2013Self image and performance Feb13,2013
Self image and performance Feb13,2013Dave Langston
 
7 habits of_highly_effective_p
7 habits of_highly_effective_p7 habits of_highly_effective_p
7 habits of_highly_effective_pimmeca
 
Seven habbits training]
Seven habbits training]Seven habbits training]
Seven habbits training]BChange
 
Power-Packed Productivity with Tim Wade
Power-Packed Productivity with Tim WadePower-Packed Productivity with Tim Wade
Power-Packed Productivity with Tim WadeTim Wade
 
Mercedes pp servant - leadership revised 10-24-12
Mercedes pp servant - leadership revised 10-24-12Mercedes pp servant - leadership revised 10-24-12
Mercedes pp servant - leadership revised 10-24-12dsclibrarydaytona
 
Mokita training
Mokita trainingMokita training
Mokita trainingDavid Zahn
 
Neron India Values Introduction
Neron India Values IntroductionNeron India Values Introduction
Neron India Values IntroductionNeron
 
being a social entrepreneur (story, methodology & examples)
being a social entrepreneur (story, methodology & examples)being a social entrepreneur (story, methodology & examples)
being a social entrepreneur (story, methodology & examples)Rama Chakaki
 
Influence, Power, Integrity and your career in IT
Influence, Power, Integrity and your career in ITInfluence, Power, Integrity and your career in IT
Influence, Power, Integrity and your career in ITLivingstone Advisory
 
Personality Development.pptx
Personality Development.pptxPersonality Development.pptx
Personality Development.pptxsatish445957
 
7 Habits of Highly Effective People Training
7 Habits of Highly Effective People Training7 Habits of Highly Effective People Training
7 Habits of Highly Effective People TrainingJavier Juri
 
Asenz Presentation Full(Craig McDowell)
Asenz Presentation Full(Craig McDowell)Asenz Presentation Full(Craig McDowell)
Asenz Presentation Full(Craig McDowell)Craig McDowell
 
Leadership In The 21st Century Training by NACD
Leadership In The 21st Century Training by NACDLeadership In The 21st Century Training by NACD
Leadership In The 21st Century Training by NACDAtlantic Training, LLC.
 
Engagement, Leadership, Quality
Engagement, Leadership, QualityEngagement, Leadership, Quality
Engagement, Leadership, QualityKevin Callahan
 
Innovation as management axis towards the top. Madrid. Fundacion Rafael del p...
Innovation as management axis towards the top. Madrid. Fundacion Rafael del p...Innovation as management axis towards the top. Madrid. Fundacion Rafael del p...
Innovation as management axis towards the top. Madrid. Fundacion Rafael del p...Ideas4all
 

Similar to 大學與​信息安全​ (20)

Can Leadership be Taught
Can Leadership be TaughtCan Leadership be Taught
Can Leadership be Taught
 
Avia "a fork in the road"
Avia "a fork in the road"Avia "a fork in the road"
Avia "a fork in the road"
 
Self image and performance Feb13,2013
Self image and performance Feb13,2013Self image and performance Feb13,2013
Self image and performance Feb13,2013
 
7 habits of_highly_effective_p
7 habits of_highly_effective_p7 habits of_highly_effective_p
7 habits of_highly_effective_p
 
Seven habbits training]
Seven habbits training]Seven habbits training]
Seven habbits training]
 
Power-Packed Productivity with Tim Wade
Power-Packed Productivity with Tim WadePower-Packed Productivity with Tim Wade
Power-Packed Productivity with Tim Wade
 
Mercedes pp servant - leadership revised 10-24-12
Mercedes pp servant - leadership revised 10-24-12Mercedes pp servant - leadership revised 10-24-12
Mercedes pp servant - leadership revised 10-24-12
 
Mokita training
Mokita trainingMokita training
Mokita training
 
Neron India Values Introduction
Neron India Values IntroductionNeron India Values Introduction
Neron India Values Introduction
 
being a social entrepreneur (story, methodology & examples)
being a social entrepreneur (story, methodology & examples)being a social entrepreneur (story, methodology & examples)
being a social entrepreneur (story, methodology & examples)
 
How to build character
How to build characterHow to build character
How to build character
 
Influence, Power, Integrity and your career in IT
Influence, Power, Integrity and your career in ITInfluence, Power, Integrity and your career in IT
Influence, Power, Integrity and your career in IT
 
Personality Development.pptx
Personality Development.pptxPersonality Development.pptx
Personality Development.pptx
 
7 Habits of Highly Effective People Training
7 Habits of Highly Effective People Training7 Habits of Highly Effective People Training
7 Habits of Highly Effective People Training
 
Asenz Presentation Full(Craig McDowell)
Asenz Presentation Full(Craig McDowell)Asenz Presentation Full(Craig McDowell)
Asenz Presentation Full(Craig McDowell)
 
Leadership In The 21st Century Training by NACD
Leadership In The 21st Century Training by NACDLeadership In The 21st Century Training by NACD
Leadership In The 21st Century Training by NACD
 
6. leadership in-the_21st_century
6. leadership in-the_21st_century6. leadership in-the_21st_century
6. leadership in-the_21st_century
 
Habits to Succeed
Habits to Succeed Habits to Succeed
Habits to Succeed
 
Engagement, Leadership, Quality
Engagement, Leadership, QualityEngagement, Leadership, Quality
Engagement, Leadership, Quality
 
Innovation as management axis towards the top. Madrid. Fundacion Rafael del p...
Innovation as management axis towards the top. Madrid. Fundacion Rafael del p...Innovation as management axis towards the top. Madrid. Fundacion Rafael del p...
Innovation as management axis towards the top. Madrid. Fundacion Rafael del p...
 

More from Chuan Lin

大学与​信息安全​
大学与​信息安全​大学与​信息安全​
大学与​信息安全​Chuan Lin
 
Revisit the Three Kingdoms Issue 06
Revisit the Three Kingdoms Issue 06Revisit the Three Kingdoms Issue 06
Revisit the Three Kingdoms Issue 06Chuan Lin
 
黄帝内经与信安上部
黄帝内经与信安上部黄帝内经与信安上部
黄帝内经与信安上部Chuan Lin
 
黃帝內經與資安上部
黃帝內經與資安上部黃帝內經與資安上部
黃帝內經與資安上部Chuan Lin
 
Yellow Emperor Internal Canon on Information Security - part 1
Yellow Emperor Internal Canon on Information Security - part 1Yellow Emperor Internal Canon on Information Security - part 1
Yellow Emperor Internal Canon on Information Security - part 1Chuan Lin
 
Revisiting the Three Kingdoms, Issue 05
Revisiting the Three Kingdoms, Issue 05Revisiting the Three Kingdoms, Issue 05
Revisiting the Three Kingdoms, Issue 05Chuan Lin
 
项目资安禅 - Project Management, Information Security & Chan
项目资安禅 - Project Management, Information Security & Chan项目资安禅 - Project Management, Information Security & Chan
项目资安禅 - Project Management, Information Security & ChanChuan Lin
 
專案、資安、禪 - PMP, InfoSec and Chan
專案、資安、禪 - PMP, InfoSec and Chan專案、資安、禪 - PMP, InfoSec and Chan
專案、資安、禪 - PMP, InfoSec and ChanChuan Lin
 
PMP, InfoSec & Chan
PMP, InfoSec & ChanPMP, InfoSec & Chan
PMP, InfoSec & ChanChuan Lin
 
Revisit the Three Kingdoms issue04
Revisit the Three Kingdoms issue04Revisit the Three Kingdoms issue04
Revisit the Three Kingdoms issue04Chuan Lin
 
孙子项目管理法
孙子项目管理法孙子项目管理法
孙子项目管理法Chuan Lin
 
孫子專案管理
孫子專案管理孫子專案管理
孫子專案管理Chuan Lin
 
Sunzi's Art of PMP
Sunzi's Art of PMPSunzi's Art of PMP
Sunzi's Art of PMPChuan Lin
 
Revisit the Three Kingdoms 03
Revisit the Three Kingdoms 03Revisit the Three Kingdoms 03
Revisit the Three Kingdoms 03Chuan Lin
 
三十六社交工程计 上-简体
三十六社交工程计 上-简体三十六社交工程计 上-简体
三十六社交工程计 上-简体Chuan Lin
 
三十六社交工程計-上-繁體中文
三十六社交工程計-上-繁體中文三十六社交工程計-上-繁體中文
三十六社交工程計-上-繁體中文Chuan Lin
 
Revisit the Three Kingdoms 02
Revisit the Three Kingdoms 02Revisit the Three Kingdoms 02
Revisit the Three Kingdoms 02Chuan Lin
 
Romance of Three Kingdoms Vol1 Issue1
Romance of Three Kingdoms Vol1 Issue1Romance of Three Kingdoms Vol1 Issue1
Romance of Three Kingdoms Vol1 Issue1Chuan Lin
 
Thirty-Six Stratagems of Social Engineering, Part I
Thirty-Six Stratagems of Social Engineering, Part IThirty-Six Stratagems of Social Engineering, Part I
Thirty-Six Stratagems of Social Engineering, Part IChuan Lin
 
易經與資安-中文
易經與資安-中文易經與資安-中文
易經與資安-中文Chuan Lin
 

More from Chuan Lin (20)

大学与​信息安全​
大学与​信息安全​大学与​信息安全​
大学与​信息安全​
 
Revisit the Three Kingdoms Issue 06
Revisit the Three Kingdoms Issue 06Revisit the Three Kingdoms Issue 06
Revisit the Three Kingdoms Issue 06
 
黄帝内经与信安上部
黄帝内经与信安上部黄帝内经与信安上部
黄帝内经与信安上部
 
黃帝內經與資安上部
黃帝內經與資安上部黃帝內經與資安上部
黃帝內經與資安上部
 
Yellow Emperor Internal Canon on Information Security - part 1
Yellow Emperor Internal Canon on Information Security - part 1Yellow Emperor Internal Canon on Information Security - part 1
Yellow Emperor Internal Canon on Information Security - part 1
 
Revisiting the Three Kingdoms, Issue 05
Revisiting the Three Kingdoms, Issue 05Revisiting the Three Kingdoms, Issue 05
Revisiting the Three Kingdoms, Issue 05
 
项目资安禅 - Project Management, Information Security & Chan
项目资安禅 - Project Management, Information Security & Chan项目资安禅 - Project Management, Information Security & Chan
项目资安禅 - Project Management, Information Security & Chan
 
專案、資安、禪 - PMP, InfoSec and Chan
專案、資安、禪 - PMP, InfoSec and Chan專案、資安、禪 - PMP, InfoSec and Chan
專案、資安、禪 - PMP, InfoSec and Chan
 
PMP, InfoSec & Chan
PMP, InfoSec & ChanPMP, InfoSec & Chan
PMP, InfoSec & Chan
 
Revisit the Three Kingdoms issue04
Revisit the Three Kingdoms issue04Revisit the Three Kingdoms issue04
Revisit the Three Kingdoms issue04
 
孙子项目管理法
孙子项目管理法孙子项目管理法
孙子项目管理法
 
孫子專案管理
孫子專案管理孫子專案管理
孫子專案管理
 
Sunzi's Art of PMP
Sunzi's Art of PMPSunzi's Art of PMP
Sunzi's Art of PMP
 
Revisit the Three Kingdoms 03
Revisit the Three Kingdoms 03Revisit the Three Kingdoms 03
Revisit the Three Kingdoms 03
 
三十六社交工程计 上-简体
三十六社交工程计 上-简体三十六社交工程计 上-简体
三十六社交工程计 上-简体
 
三十六社交工程計-上-繁體中文
三十六社交工程計-上-繁體中文三十六社交工程計-上-繁體中文
三十六社交工程計-上-繁體中文
 
Revisit the Three Kingdoms 02
Revisit the Three Kingdoms 02Revisit the Three Kingdoms 02
Revisit the Three Kingdoms 02
 
Romance of Three Kingdoms Vol1 Issue1
Romance of Three Kingdoms Vol1 Issue1Romance of Three Kingdoms Vol1 Issue1
Romance of Three Kingdoms Vol1 Issue1
 
Thirty-Six Stratagems of Social Engineering, Part I
Thirty-Six Stratagems of Social Engineering, Part IThirty-Six Stratagems of Social Engineering, Part I
Thirty-Six Stratagems of Social Engineering, Part I
 
易經與資安-中文
易經與資安-中文易經與資安-中文
易經與資安-中文
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

大學與​信息安全​

  • 1. 大學 & 資訊安全 Great Learning & Information Security how ancient Chinese Classic remains relevant in modern information security Chuan Lin, CISSP
  • 2. Great Learning Background Who Wrote it • Zengzi, a disciple of Confucius, wrote Great Learning back around 450 BC – 436 BC. • And in Song Dynasty (960 AD – 1270 AD), Cheng Brothers and their student, Zhu Xi corrupted the original text and its meaning. • In recent times, Master Nan Huai Jin and Captain Chang Teh-Kuang (ret.) are among recent Chinese scholars attempted to bring Great Learning back to lost Chinese generation. What is it • It is the first self-help book that withstood the test of time and the first book on Management as a Service (MaaS).
  • 3. Great Learning Background II When was it written • It was written sometime between 450 – 436 BC during the Spring and Autumn Period of Chinese history when China was in a feudal sovereignty that consisted of hundred city states owned loyalty to Zhou Dynasty. Where was it flourish? • At the time it was written, Great Learning was just another school of thought that contended with hundred others ideas. Later, it has became one of three main core philosophies of China.
  • 4. Great Learning Background III Why is it matter? • Its opening statement is no different than the mission statement from (ISC)2 and SAN Code of Ethics. • While the knowledge of 10 domains and technical information are necessary for the information security professional (InfoSec Pro), a person’s ethical standard is expected but not much direction is given other than to follow various laws/ruling like HIPAA, SOX, GLBA, Safe Harbor, etc. • I believe Great Learning can be a useful guide for InfoSec Pro ethic.
  • 5. 大學和資訊安全專業的目標 Goals of Great Learning/InfoSec Pro What do we want to accomplish with our lives and our career?
  • 6. “ ” 大 學 之 道 、 在 明 明 德 、 在 親 民 、 在 止 於 至 善 。 The Dao of Great Learning is to illustrate illustrious virtues, to renovate the people, and to rest in the highest excellence. Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. - (ISC)2 Code of Ethics
  • 7. 大學之道、在明明德、在親民、在止於至善。 The Dao of the Great Learning is to illustrate illustrious virtues, to renovate the people, and to rest in the highest excellence. GAIC Code of Ethic • Respect for the Public • Respect for the Certification • Respect for my Employer • Respect for Myself SANS Code of Ethic • I will strive to know myself and be honest about my capability • I will conduct my business in manner that assures the IT profession is considered one of integrity and professionalism. • I respect privacy and confidentiality.
  • 8. 明明德的七證 7 Steps to Illustrating Illustrious Virtues Seeking Self Improvement First
  • 9. “ ” 知 止 定 靜 安 慮 得 to know to c e ase to still to c alm to quie t to pond e r to obtain 7 Steps to Illustrating Illustrious Virtues How can these seven internal self improvement have impacts on oneself and one’s InfoSec career in modern time?
  • 10. 知to know Self Improvement • 在商業世界、我們培訓、以利用該公 司的戰略優勢同時和糾正該公司的弱 點。 • 在工程的環境、我們培訓、以查找和 糾正任何產品缺陷在上去市場之前。 • 我們不是應該要在別人或自己啟動零 天攻擊之前找出和糾正自己的弱點嗎? InfoSec Professional • To know a company’s security status; where are its strengths; where are its weaknesses. • To know the company's business goal, its chain of command, its culture, its behaviors, and its processes. • To know their defenses-in-layers structure, their logs control, their state of readiness, their state of responsiveness, and etc.
  • 11. 止to cease Self Improvement • 止是為了防止丟失個人控制。 • 止個人的惡習以通過逐漸減少、重定 方向到更健康的代替、或通過恆心的 切斷方法。 • 止個人的惡習以通過形成新的習慣, 自我獎勵、和參加支援組。 InfoSec Professional • To Cease is to prevent the lost of control. • To Cease internal risks through reduction, mitigation, avoidance, or elimination. • To Cease through log controls, separation of duty, enforcement of least privilege, secured software development lifecycle, and employees security awareness.
  • 12. 定to still Self Improvement • 定能讓我們知道自己的長處和 弱點 • 定能讓我們制止自己的積習和 增強自己的特長 • 定能給我們信心對抗外來的壓 力和打擊。 InfoSec Professional • To know about a company’s security status. • To cease a company’s risks. • This will give InfoSec Pro the confidence to remain level headed when external threats appear.
  • 13. 靜to calm Self Improvement • 心靜因為你不必擔心你的 缺點被別人利用。 • 心靜能過濾你的心思。 • 心靜通向身體健康。 InfoSec Profession • To calm is when a company does not have to worry about its information been misused. • To calm allows a company to plan its business strategy. • To calm allows a company to become healthy.
  • 14. 安to quiet Self Improvement • 靜才能安。心亂則身不能安。 社會動亂則國不能安。 • 心輕安、身輕安。 • 靜能讓你想清楚、安能讓你做 事不受干擾。 InfoSec Profession • To Calm allows to be quiet. When information is exposed, then a company can not maintain Quiet. • Management desires Quiet; employees desire Quiet. • Stillness allows a company to plan; Quietness allows a company to carry out its plan without disruption.
  • 15. 慮to ponder Self Improvement • 慮、謂處事精詳。 慮、謂精思。 • 想、謂頭腦裡粗淺現象。 思、謂頭腦裡細緻現象。 • 慮能讓你計畫人生大事。 InfoSec Profession • Pondering is planning InfoSec carefully. Pondering is to have InfoSec awareness at the back of employees mind. • Thought about current InfoSec need. Pondering about future InfoSec need. • Pondering allows both a company and an InfoSec Pro to plan out long range strategy.
  • 16. 得Obtaining Self Improvement • 高峰耀德狀態: 無于恐懼個人缺陷 有一個可操作的生活計畫 實現身體和心靈的平衡 InfoSec Profession • Peak security awareness state: COBIT’s Optimizing Process ITIL’s Optimized Maturity Assessment Level Security Awareness Roadmap: Metrics Framework
  • 17. 內聖外王I n t e r n a l S a g a c i t y, E x t e r n a l S o ve r e i g n t y How To Renovate People and Rest at Highest Excellences Or How to Manage Self Before Managing Others
  • 18. 格物 致知 誠意 正心 脩身 Investigation of Things Knowledge Sincerity Rectification Self Cultivation • Before managing others, first make sure you have successfully managed yourself. • You must be able to withstand the scrutiny of others. • Your actions, your behaviors, and your words will be constantly observed and judged. • This is especially true in the age of Facebook, Twitter, and Instagram where every little transgression will be caught on recording devices and spread like fire through media. • There are people who love nothing more than to tear down a hypocrite.
  • 19. 格物Investigation of Things Self Improvement • 與天地相似、故不違。 知周乎萬物、而道濟天下、故不過。 旁行而不流、樂天知命、故不憂。 安土敦乎仁、故能愛。 • 範圍天地之化而不過、曲成萬物而不遺, 通乎晝夜之道而知、故神無方、而易無 體。 • 顯諸仁、藏諸用、鼓萬物而不與聖人同 憂、盛德大業、至矣哉! InfoSec Profession • Information Security (InfoSec) is about providing data availability, confidentially, and integrity. • Ideally, InfoSec Professional (InfoSec Pro) needs to get involve at the start of all projects because of information security concern . • Externally, InfoSec Pro needs to know what regulations, laws, and audits are required for a project. • Internally, InfoSec Pro needs to know what technical, administrative, and physical constraints required for a project.
  • 20. 致知Knowledge Self Improvement • 知幾其神乎!窮神知化、德之盛 也。 • 和順於道德而理於義。窮理、 盡性、以至於命。 • 將以順性命之理。 InfoSec Profession • InfoSec Pro shares risk and vulnerability assessment with key consultants, managers, programmers, and other project members. • They need to take into account of InfoSec Pro concerns into project designs. • Any data leak will be detriment to the company image, reputation, confidences, and not to mention, possible lawsuits.
  • 21. 誠意Sincerity Self Improvement • 所謂誠其意者、毋自欺也、如惡惡 臭、如好好色、此之謂自謙。 • 曾子曰:「十目所視、十手所指、 其嚴乎。」 • 湯之盤銘曰:「苟日新、日日新、 又日新。 」 InfoSec Profession • InfoSec Pro shows sincerity toward data preservation through sharing security knowledge and advocating security awareness. • Every word and action will affect how employees view Information Security and its Awareness. • Dao of Hacking Improves, Technology Improves, InfoSec Improves.
  • 22. 正心Rectification Self Improvement • 正其心者: • 身有所忿懥、則不得其正 • 有所恐懼、則不得其正 • 有所好樂、則不得其正 • 有所憂患、則不得其正 InfoSec Profession • InfoSec Pro has to rectify his heart to prevent preoccupation of the followings: • Anger • Fear • Desire • Worry • These prevent him from doing his job.
  • 23. 脩身Self Cultivation Self Improvement • 人生是一小天地。 • 富潤屋、德潤身、心廣體 胖 • 斐君子、如切如磋、如琢 如磨。 InfoSec Profession • A company is its universe. • Wealth enriches a company, virtues enrich employees, enterprises broaden that expand ventures. • InfoSec Prof is constantly trimmed and scrubbed; he is frequently been cut and polished
  • 24. 齊家 治國 平天下 Maintain Family Regulate State (Company) Pacify Heaven Below (the Gird) • 大學是第一個管理作為一項服 務 (Management as a Service or MaaS) 的經典。 • 只對個人修養興趣嗎? 讀完脩身 • 只對維持家庭/部門興趣嗎? 讀完 齊家 • 只對維持政府/公司興趣嗎? 讀完 治國 • 只對維持天下/跨國公司興趣嗎? 讀完平天下 • External Sovereignty is less about utilized latest and greatest technology and more about managing people. • Social Engineering is the battle of hearts and minds that can get pass through the world most secured firewall, IDS, IPS, and defense in layers. • Despite advanced technology, people’s heart and soul still remained the same. They can enforce or enfeeble information security.
  • 25. 齊家Maintain Family Self Improvement • 所謂齊其家在修其身者: • 人之其所親愛而闢焉 • 之其所賤惡而闢焉 • 之其所畏敬而闢焉 • 故:「人莫知其子之惡.莫知 其苗之碩。」 InfoSec Profession • Maintaining a department comes about after self-cultivation. • It should be free from • Favoritism • Disapproval • Fear • These will decrease employees security awareness.
  • 26. 治國Regulate State (Company) Self Improvement • 一家仁、一國興仁; • 一家讓、一國興讓; • 一人貪戾、一國作亂; • 其機如此、此謂一言僨事、一 人定國。 InfoSec Profession • When a department behaves securely, entire company promotes vigilance. • When a department limits its access, entire company promotes data control. • When a man neglected and corrupted, entire company becomes vulnerable. • Hence, a word can instigate a threat; a man can secure a company.
  • 27. 平天下Pacify Heaven Below (the Gird) Self Improvement • 君子有絜矩之道 • 道得眾則得國、失眾則失 國 • 言悖而出者、亦悖而入;貨 悖而入者、亦悖而出。 InfoSec Profession • An InfoSec Professional lives and breathes the Code of Ethic. • Practice InfoSec, others engages, and company enacts. Disregard InfoSec, others forgets, and company neglects. • Law of Consequence can be found in personal, social, career, financial and political aspects.
  • 28. Great Learning & InfoSec Recaps • As the first self-help book, it has withstood the test of time. As the first book on MaaS (Management as a Service), it shows how to serve others by first improving oneself. • Instructions for management is no different than instructions for self improvement. It is all about Lead by Example. • Despite advanced technology, people’s heart and soul still remained the same. They can enforce or enfeeble information security.