Research On Information Security Management Mechanism Of Small-and-medium-sized Enterprises Based On The Iso/iec27001 System

Nowadays economy can not function without information and network,with the nformation and network more and more important to the society economy, small-and-medium-sized enterprises more depend on the network and information technique.One item data investigated by International Data Corperation show:there are 57.7% small-and-medium-sized enterprises implement informationization in china.with the network application deepen,the information security problem become more imptant to small-and-medium-sized enterprises.The small-and-medium-sized enterprises play an important role in our country's economy, informationization promote the small-and-medium-sized enterprises'development.By the small-and-medium-sized enterprises more depend on the network technology and information , its information security problems are appearing. The small-and-medium-sized enterprises'information security problems seems on the surface to be attacked by outside, but the essential matter is the defect of the small-and-medium-sized enterprises'information security management,leading the small-and-medium-sized enterprises confronted with more kinds and frequent information security accident.Compare with the big-sized enterprises,the defects on the management,capital and technology make the small-and-medium-sized enterprises confronted with information security threatener.Considering information security condition and problem in our country's small-and-medium-sized enterprises ,using the experience of other countries for reference and making use of the ISO/IEC 27001 information security managment system's process means and contral measures , this paper advance a new model about the security managment of small-and-medium-sized enterprises.This model has two parts : one is information security defend mechanism;the other is the information security guarantee system.The information security defend mechanism emphasize the function of the"education"to the information security dynamic defend.The information security guarantee system is the base of information security defend mechanism , and it include organization,management and technology three aspects .The information security defend mechanism and information security guarantee system could ensure the model work well.This paper have some significance and advance some frondose measures,but how to solve middle-small size enterprises'information security problem, and establish a perfect and more applied information security system pending further study.