| At present, the informationization already penetrates into social life each corner, changed humanity's life profoundly. The information is one kind of property, no matter to enterprises or organizations. As for the highest level, the information security relates to the security of the country; To the organizations and agencies, the information security relates to the normal operation and the sustained development; Speaking of individual, the information security is protects individual privacy and the property request inevitably. Regardless of being individual, the organization or the country, maintains the key the information property security is very important.Along with information technology playing more and more important role in the people's live, more and more security problems expose. If the information security question cannot obtain the very good solution, serious people's production life. along with gradual penetration which understood to the information security, the people discovered that solves the information security problem not to be able only to limit to the technology, more important also lies in the management. The safety work is only the information security control method, must let the safety work play the proper role, must have the suitable executive program support inevitably, otherwise, the safety work can only tend the ossification and the defeat. If the safety work is the information security construction material, that information security management is the genuine bond and the catalyst, only then the effective safety control will implement and realize safely from beginning to end The construction aspects, information security's long-term characteristic and the stability can have the guarantee. In real world majority security incident's occurrence and safe hidden danger existence, is in the technical reason, rather is the ill management creates, understands and takes seriously to manage regarding the information security crucial role, regarding achieved the information security goal to be especially important truly. We often said that the information security is three point technical seven point management, obviously manages regarding the information security importance.In the view of our country, information security condition has become serious day by day. Our country Government Department who is responsible for the work as well as the various trades and occupations already realized information security's importance, has released a series of laws and regulations and the corresponding policy one after another, the establishment organizations and agencies, the formulation related standard, promotes our national information security management level enhancement. For all this, our country's information security supervisory work still has many insufficiencies, mainly displays in:I .The research of national information security strategic lags behindFirst, the national information security strategic research lags far behind, which is the basic work of information security works. At present, various countries have been stepping up to study and to draw up the national information security strategy, but our country does not have the complete national information security strategy until now, the information security has not been promoted to the national security strategy level to consider truly.II .The imperfection of laws and rules Second, information security laws and regulations are imperfect. The perfect information security laws and regulations system is one of the basic work for the national information security, but those existing laws and regulations of our country are imperfect yet, the construction work has lagged far behind, and many questions have hindered our national information security supervisory work development.III.The confusion of management setupthird, information security work multi-thread management displays in the multi-thread management, the function overlapping, the responsibility is unclear, many departments who has certain management functions lacks the powerful synchronizing gear.IV. Insufficient support from government for the information securitety industryFourth, support from our government for the information security industry is insufficient , because of this, our country seriously dependents on overseas manufacturers both in hardware and software products. In addition, because of lacking information security national standards, even if the existing standards also have some shortages to execute, our national information security industry to the developed country disparity enlarges unceasingly.V .Problems in the development of three networks and one databasfifth, lacking of supervisement to the information technology product and the service. Although our country has already established many departments to carry on evaluation and safe authentication of the information technology product, it is still very actually weak to the information technology product's supervision, we are lacking safety examination and risk control to the foreign products.VI.Problems about daily managementSixth, information systems have not been run properly in daily works. Although the importance of information security management have been told all the time, but in our country, heavy technical, light management's phenomenon was still very serious.VII.Problems of computer-related crimesthe seventh, computer-related crimes are arising, and the bad information is in flood. Because the network environment is open, and anonymous, the status authentication is quite difficulte, and the people tend to be more irresponsible to his own talks and behaviors. These criminal activity and bad opinion threaten the computer information system's security seriously.Just took the information security management in our country important time, in the world other countries and the area already took the effective action to strengthen the information security supervisory work. For instance the US, in the legal formulation, the organizations and agencies establishment, between information security various departments the coordinated and coordinate, the security product purchase and so on many aspects has taken the effective measures, already formed the quite perfect information security management system; Britain formulated has promoted the famous BS7799 standard, obtained many national and the local approval; South Korea carries out the solid famous system in the network management aspect, strengthens the network management; The western nation is clear about the responsibility which and the duty generally the network service provider should undertake, coordinated the government for the enterprise to carry out the information security management to create the very good condition. The above is the valuable experience which our country may use for reference. in view of our country the question which existed in the information security management, this article target-oriented proposed solved these question some countermeasure suggestion.I .The proposal of our national information security management stragegyFirst, this article proposed promotes our national information security management strategy, and proposed a way to realizes the tentative plan. The strategic primary coverage includes: first, strengthens information security legislative work including the formulation comprehensive information security law, makes the urgently needed information security law, unified plan legislation, prominent usable three aspects.becauseII .To perfect the laws and the rules of information security managementsecond, change information security multi-thread management's malpractice our country many departments involve the information security the fundamental realities of the country to change with difficulty in the short time, based on our country "synthesis guard" the information security safeguard work basic policy, this article proposed is clear about Department concerned's authority and the responsibility, establishes the powerful coordinated management mechanism, to cease the bureaucracy three specific measures.III.The proper management system of our nationThird, strengthens is realizes our country's information security strategy to information security industry support dynamics , this article proposed that must strengthen to our national information security industry support dynamics, and from the information security product industry, the information security standard industry, the information security service industry three aspects gives to describe separately. after proposing above strategic content, this article also proposed the concrete implementation step, is divided the infrastructure, the key breakthrough, the full scale development three stages, realizes our country's information security management strategy gradually.because the information security management strategy is a long-term work, its effect requires the long time to be able to appear, faced some more urgent information security question regarding our country, this article proposed some easy to implement the policy suggested that included specifically:I .To perfect the supervision system to the networkFirst, because lacks the effective supervision, carries on the aspect which using the Internet on-line criminal cases and so on burglary, cheating appear unceasingly, this article proposed that through is further clear about the network service provider's responsibility establishment, guaranteed that the network service provider management responsibility and the management measure, strengthen ability which the Internet manages and so on specific measures, safeguards to our country's network security.II .The true-name management system on the networkSecond, on the Internet is flooding the massive ill health content, the false information is in flood, fabricates a rumor the slander, to mislead the instigation at will. These behaviors have encroached upon citizen's legitimate rights and interests, has harassed the social order. But implements the network solid famous system, both may protect the citizen privacy and individual information is not abused, and is advantageous to the maintenance national security, the social stability, safeguards and promotes Internet's healthy development. Implements the network solid famous system, may cease these questions effectively. Suggested that our country imitates South Korea's procedure, unifies our country concrete national condition, develops the network management solid famous system gradually.III.The daily management works on the information systemThird, the suggestion strengthens the information system through the risk assessment to transport Uygur management level to propose that from the risk management angle, the utilization science's method and the method, the threat which and the existence vulnerability system's analysis network and the information system face, the appraisal security incident, once has the harm degree which possibly creates, proposed that the target-oriented resistance threat's protection countermeasure and reorganizes the measure, and to guard against and melt the information security risk, or risk control in acceptable level, thus the safeguard network and the information security maximum limit provide the scientific basis. through takes the above measure, may the great degree raise our national information security management level, the alleviation present serious information security situation. |
PDF Full Text Request