| In recent years,enterprise information security risks occur frequently,which results in the dramatically decrease of corporate profit,the loss of competitive advantage and social influence,and these security incidents bring enormous loss.However,companies often have problems including incomplete management system,slow emergency response,and lack of systematic information security risk management strategy.Therefore,this dissertation studies the enterprise information security plan and aims to provide scientific base for the enterprise information security response.The main content of this dissertation is as follows:(1)This dissertation summarizes the factors of enterprise information security risk including information leakage by human,lack of equipment secrecy,environmental risks,management risks and network security risks.Then,the dissertation proposes an evaluation system based on AHP and rough set approach.(2)The dissertation proposes six elements of risk response,including the adequacy of emergency preparation,emergency response time,collaboration of employees,punishment to information leakers,coordination between departments and remedial measures.Subsequently,it propose a “3 dimension” model of enterprise information security response which includes the time dimension,strategic dimension and implementing dimension.Afterwards,the dissertation utilizes Q-learning algorithms and cellular automata to simulate the game played by the competitor,enterprise and employees.(3)This dissertation proposes a general process of enterprise information security risk response including the six stages as follows: emergency preparation,leakage monitoring,response at different levels,operations recovery,elimination of the leak source and experience-based improvement.The usage of the system dynamics method to simulate and verify the process of risk response shows that the proposed approach dealing with the process is scientific and reasonable.Then,it proposes a “Coordination-Unification” mode of the emergency plan compilation.(4)This dissertation examines the MS Company by using the evaluation model proposed.The results suppose that information leakage by human,management risks,lack of equipment secrecy are the top three information security risk factors.Additionally,deliberate enterprise documents leakage by senior managers,imperfect enterprise information security management system,and deliberate information leakage by technicians are the three major risks which MS Company needs to take care.Finally,the dissertation proposes an information security risk emergency plan for the company,which is proved to have extensive applications.The innovation point of this dissertation includes:(1)Propose a model which simulates the game played by the competitor,enterprise and employees based on Q-learning algorithms and cellular automata.(2)Propose a model which can be used in evaluating the enterprise information security risk based on AHP and rough set approach.(3)Propose the “3 dimension” model of enterprise information security response and “Coordination-Unification” mode of the emergency plan compilation. |
PDF Full Text Request