| Based on marketability, globalization, information-inclination that the insurance enterprises are facing now, business activities and information technology are changing continuously. The winner of the severe competition must be the enterprise of fast reaction rate, high efficiency and high flexibility. ERP system is not only a management tool of alleviating workload and promoting work efficiency, but also a key competitive element and essential management platform of enterprise. With the further application of ERP system, its information security problems are attracting people's attention. Information security risk assessment is first and the most important step of treating the problem. Evaluation work has passed many years, formed a series of evaluation criteria and method. Yet there still exist some problems that need to be solved. First, the criteria and methods are general, exist some fuzzy concept, lacking the implementing criterion in the item implementing process. Second, we own less risk assessment experience in china at present, which will influence cost, result and effect of risk valuation. Third, the national criterion just evaluate the risk of a single asset, and neglect the influential action among different assets. Aiming at the above-mentioned circumstance, the author study common information safety standard and method, according to GB/T 20984-2007, combined with research and requirements analysis for feature of information security in insurance enterprises. The author put forward to risk assessment program for insurance enterprise's ERP.At last the author validates feasibility and practicality with an experiment. The assessment results and control measures were confirmed by related departments. |
PDF Full Text Request