Research On Information Security Management Of M Company

With the rapid development of computer and network information, as well as deepeningof mobile Internet applications, enterprises as main components of modern economic society,a lot of important information in its information systems of business operations increasinglyrely on open, interconnected a network environment. The recent outbreak of "PRISM" makesthe whole international community for the information technology enterprise informationsecurity management is concerned. Information technology services business as a provider ofproducts, technologies and services, reliability of the security of its products and technology,outsourcing processes management of information security in compliance, informationsecurity is effective, has become the primary issues of concern to business select IT servicesoutsourcing provider.The research object of this papers is M company that is an IT Service OutsourcingProvider, based on the perspective of information security management responsibility,exploring the details of information security management framework ESF, find out the defectsexisted in information security management, analyze root causes, and made correspondingsuggestions and measures of improvement plan to help M company enhance informationsecurity management, reinforced enterprise information security management responsibilities.This article included4parts. Chapter one introduced the background and significance ofanalysis as well as the theories and method. Chapter two introduced the detailed situation ofinformation security management of M company. Chapter three, used MAST tool andinvestigation survey to diagnosis problem, and analyzed root causes. Chapter four, based onthe issues to given the solutions and measures from M company internal.In the description section of the status, information security management framework as astarting point with M IT Service Provider, respectively introduced the company’s informationsecurity management from three levels. First, security governance, risk management andcompliance. The second is the operation security and service security management. The thirdis IT infrastructure security framework. To ensure have a comprehensive understanding forinformation security management of M company.In inquiry problem of part, using information security management assessment tool"MSAT" to analysis enterprise information security management framework of specificprotection policy and business environment risk indicators from four aspects, which are ITinfrastructure security, application security, operation security and the personnel security. themain problems are: IT infrastructure security measures vulnerability, and the human factors on information security threat, and internal security audit become a mere formality, and IToutsourcing service management is not in place.In analyzing the causes section, combined with M company information securityoperations management situation, the main reason is: different management cognition oninformation security, staffs security management disjointed, internal control and security auditmanagement is irregularities, weak responsibility on IT outsourcing services management.Last, in order to better fulfill enterprise responsibilities and strengthen informationsecurity management, IT service outsourcing provider M company need to madeimprovement security strategy and measures respectively from four aspects: improve internalIT infrastructure security strategies and defense measures, and strengthened employeesinformation security awareness, training and education, tie the personnel securityresponsibilities with functions of regulations management. enhance enterprise security auditframework; strengthened enterprise outsourcing service regulatory of self-discipline, enhancecorporate social responsibility（CSR）management system, combined enterprise profit andinformation security management responsibility put on the same page and pace, establish agood image of enterprise citizens, to create a favorable environment for the sustainabledevelopment of enterprises.