Research On Information Security Management System Of The People's Bank Of China Qianxian-Branch Based On ISO/IEC 17799

With the development of the information revolution,information technology has become the leading force in the development and innovation of the industry.In the overall situation of the modernization construction of today's society,the leading role of information technology is increasingly becoming prominent.Information security is not only the security of the information itself.In recent years,the extensive application of information technology has played a positive and powerful role in promoting the steady and rapid development of China's social economy.Information technology also brings huge information security risks.The People's Bank of China is the country's highest monetary policy formulation,enforcement and financial management agency,so it is imperative to firmly maintain the bottom line of information security management of the People's Bank of China.In this paper,we take the People's Bank of China Qianxian County Sub-branch as an example,summarizing and analyzing the practical problems of current information in the sub-branch.Firstly,we asses information security risk according to factors based on the results of the analysis,and calculate the weight of the risk factors,then find out the situation of the risk in the sub-branch.Secondly,basing on the international standard,ISO/IEC 17799 information security guidelines,we systematically design and improve the information security management system,and put forward the feasible improvement scheme and subsequent security measures.The original system framework is relatively simple,not considering the potential problem of the actual operation fully.The new information security framework is based on the actual information security risk situation of the branch,Analytic hierarchy process(AHP)and fuzzy evaluation method,combining with the actual situation of the branch,respectively improve five aspects :the organizational framework,post management,asset management,rules and regulations,personnel management.Then we explain the detailed implementation process of the scheme is worked out from four aspects: the formulation of the policy,the evaluation policy,the management content and the circular improvement.The use of objective management scientifically decompose the overall security objectives of the branch to the various departments and staff,layer by layer.A strong association is created between branch,units and staff,so as to lay a practical theoretical foundation for realizing the three-dimensional information security,the step unity of the two wings,fully guarantee the post work and the security demand is.Lastly,the implementation process of the improved scheme is described,such as the leaders' high evaluation,staff supplement and education.This paper comprehensively and concretely study the principles,route,scheme and measure guarantee involved in the improvement process of the whole information security management system,aiming at the actual demand of information security management of branch.A set of system engineering theory and information security risk assessment tools are designed,which meets the actual management requirements and needs,realizing the management responsibility : ensuring the security and stability of the system,guaranteeing the smooth operation of the business and servicing for innovation of branch work.The study on the improvement process of the whole information security management system is of great significance for reference to the information security management of the central bank at the grass-roots level in our country.