| For an enterprise, information asset has the same value as other enterprise asset. Information security management is protecting information to avoid the intimidating from all aspects. Information security management is not an anti-emergency action, not also temporary action; not only the physical protection of depending equipments, not also only the technical defending method. Information Security Management System,ISMS is a system that is a part of enterprise management totally. Information Security Management System is the basic guarantee of daily operation and continuous development and is also the very important step of strategy and management for an enterprise. By establishing and implementing the information security management system of an enterprise, this paper is trying to regulate the employee's behavior of an enterprise, to guarantee the implementation of all technical methods from management point of view, to manage to implement all hard & soft technologies generally to avoid information security accident occurrence. In the meantime, it can release attack to save time for recovering the blank of security for an enterprise and take trouble shooting action or accident action in order to avoid loss when the computer system is in trouble by being attacked.The paper has six chapters totally as follows:Chapter 1 is introduction part. Firstly, it analyses and researches the background of the topic and makes the brief introduction of the researched issues: information security, information security management and enterprise information security management system. It also states the meaning of enterprise information security management system establishment and briefly introduces the researched content finally.Chapter 2: the relevant theoretical overview of enterprise information resource security management. Firstly it briefly summarizes enterprise information resource and introduces enterprise information resource from information resource concept point of view, and also make brief summary and classification for enterprise information resource (enterprise internal structure status information, customer group information, competitor information). Secondly, by analyzing the meaning of information security, it introduces the concept of information security management in order to make the paper's topic clearer.Chapter 3: Enterprise information security environment analysis. This chapter mainly analyzes the internal and external environment of enterprise information security, which is the research and analysis on all internal information security requirements of an enterprise. The analysis goes the whole process of enterprise information security management system research and only to clarify the enterprise information security requirements, it can implement information security management and establish information security management system with clear purpose. According to enterprise's characteristics, the paper analyzes the information security requirement from physical security, system security, internet security, data security, application security etc. As the external environment of enterprise information security, it mainly makes analysis from state's laws & regulations, information security management standards and information security atmosphere etc.Chapter 4: The element analysis of enterprise information resource security management. The information security management standards ISO/IEC17799:2005 as a powerful standard of information security management field is the assistant information security management tool which is accepted by all over the world. The chapter takes this standard as reference to classify the elements into 11 aspects and 4 parts: organization and personnel security management(safety policy, organization information security, HR security and conformity), environment and asset security management(physics and environment security, asses management), communication operation and system development security management(communication and operation management, information system establishment & development and maintenance) and emergency action security management(information security accident management, business continuity management).Chapter 5:The establishment for an enterprise information security management system. Firstly it analyses and researches the organization of enterprise information resource security management system, which consists 6 parts: information security planning, enterprise information security strategy, enterprise risk management, enterprise information security risk evaluation, enterprise information security accident management and enterprise information resource security management system-technology security system. The model of enterprise information resource security management system is classified by four layers which are planning layer, controlling layer, monitoring layer and responding layer.Chapter 6: The evaluation on enterprise information resource security management system. The aim of the evaluation on enterprise information resource security management system is to make ISMS be updated and development continuously. The purpose of ISMS is to make ISMS be optimized or improved as possible as it can through evaluation. The evaluation provides the evidence of decision and necessary management procedure of decision for decision maker of information security management to let them make better decision.Chapter 7: Conclusion and expectation. Information security can be achieved by implementing a set of proper controlling system, which consists a series of strategies, actions, processes, organizations and software/hardware functions etc. The running of four levels of enterprise information security management system is not finished one time, but ascending and developing and its effectiveness is moving up one new step by each cycle. |
PDF Full Text Request