Research On Information Security Management Of Z Company

With the rapid development of information technology and application,information technology has been frequently used in the daily learning,research and development,manufacturing and management activities.Informationalization not only brings convenience but also security risks to people.Information security problems and relevant information security risks are gradually increased.Z Company,as the leader of China's modern locomotive and rolling stock industry,is an important state-owned core high-speed rail company,not only related to the survival and development of the company,but also related to the national industry development safety,people's life and property safety event.Therefore,ensuring the core technology security,establishing and improving the information security system,preventing and putting an end to information leakage,is not only to guarantee China's rail transit high-end equipment industry development,but also to revitalize and enhance the national industrial development needs and research.Establishing a complete set of information security management and security system management system and strengthening the risk management are important safeguard measures for the development Z Company.Information technology,as an important supporting tool,will better support and meet the business development needs and provide the necessary decision support.To some extent,a secure and reliable information application system is the basis for the survival of modern companies,and is one of the company's sources of development,not just the company's business support platform.Through measures such as documents review,on site interview,questionnaire,technology investigation,the information security problems has been found.Problems are classified as unclear security organization,lacking of information asset classification management,imperfect information security management system,security vulnerabilities existed in core business information system.Finally,the reasons have been analyzed respectively and they are: less attention has been paid at company's level;the management system is not practical;security management personnel are not responsible;technical security measures are not in real use.It is not possible to collect all the information assets,nor to divide the important grade of information assets and so on.Through the research and analysis,a sustainable information security management system(three-in-one goal: information security management,information security technology,information safe operation)has been proposed by taking information security technology as the carrier,management standards as the basis,technical control as the core.And innovative information security management systems such as ISO27000,IT services,level protection and integration have been put forward.The problem of information security risks faced by Z Company is also prevalent in other companies.The research results of this thesis could be of reference value for other companies.