Enterprise Information System Risk Management Based On Business Continuity

With the rapid development of network and information technology, the applicationof enterprise information system is increasingly. Information system can not onlygreatly reduce the operating costs of enterprises but also improve the managementefficiency and work quality, so modern production management puts forward higherand higher requirements to information system. At the same time, the internal andexternal environment that enterprises facing are more and more complex and changefaster and faster."911" incident, the Japanese tsunami, WenChuan earthquake andother sudden disasters to the destruction of the local enterprise information systemmake the national and global supply chain suffered a severe test, and then leading tothe reshuffle of the industry, which indicates that any uncertainty is likely to bedamage to the information system, or interrupts enterprise’s normal production andbusiness operations. Therefore, reviewing the risk management of enterpriseinformation system from the perspective of business continuity not only can improvethe enterprise management of related content, but also be able to guide theconstruction of enterprise information systems and operations better, reduce disasterlosses and damage, which has great theoretical and practical significance.This article systematicially combs the domestic and foreign research of riskassessment method, risk management standard, risk management tools on enterpriseinformation system, and introduces the main connotation of enterprise businesscontinuity management, information system recovery level, recovery index andrecovery measure, and also discusses five main factors of risk management of theenterprise information system: professional ethics, risk management culture, seniormanagers, organizational structure and the division of responsibilities. To build aenterprise information system risk evaluation index system based on businesscontinuity innovatively, the requirement of business continuity management is addedinto the evaluation process of enterprise information system risk management. Theindex system can comprehensively evaluate the risks of enterprise information systemfrom the following five aspects: the organization’s risk management, the hardware and software risk, technology risk and environment risk.Finally, based on the analysis of domestic and international main methods aboutthe information system risk assessment, this article establishes the model of enterpriseinformation system risk assessment based on business continuity by combining greyevaluation model and the entropy model, and then by using Delphi method and actualsurvey to obtain relevant data of M company carried on the empirical analysis.According to the results of the analysis on the current risk management informationsystem of M company, we put forward the corresponding policy recommendations.