Study Of Organizational Factors And Management Model In Enterprise Information Security

With the rapid development of computer science and modern information technology,the construction of enterprise informatization is also unceasingly developed and improved. Allkinds of information system are used widely in a variety of industries. So the dependence oninformation system is instantly rising in many organizations. However, variety informationsecurity problem is following such as computer virus,“hackers”. Large amount of domesticand foreign literatures have found that the organizational factors have a significant impact onthe security of information system.This paper associates organizational factors with information security vulnerabilitieswhich are considered to be the safety performance index of information system. With the lifecycle of information system, this paper analyzes organizational factors’ interactionmechanisms to design, implementation, configuration, and operation vulnerability, indentifiesorganizational factors which cause these security vulnerabilities. These factors areorganization security objectives, organization structure, standards, resources, safety culture,communication and feedback, education and training.Through the analysis of the analytic hierarchy process and group decision making, thispaper collected the expert advice and scale, found that communication and feedback hasbiggest influence on information security vulnerability, then education and training, safetyculture, organization structure, resources, standards and organization security objectives.Specific key factors are the communication and feedback between security department andthe management, supervision, the communication and feedback between departments, theconsciousness and attitude of management team, CIS knowledge and skills training,responsibility assignment, individual consciousness and attitude, safety consciousness andvocational moral training, employee rules and regulations.According to the key organizational factors and the characteristics of informationsystem security management, this paper establishes an organization management model forenterprise information security based on time dimension, organization dimension, and logic dimension. At last, a case is analyzed by the theory method of organization factors mechanism.And related management advice has been given by the three-dimensional organizationmanagement model.