Research On Optimization Strategy Of Information Security Management Of SC Branch

Enterprise management relies more on computer and other information systems than before with the enhancement of enterprise informatization level,and the wide application of e-mail,enterprise management information system,remote office,etc.Information system brings convenience to enterprise management,but it also causes information security problems.In recent years,the problem of enterprise information security has become more serious than before.Many enterprises have gotten big losses for their management problems of information security.It is an urgent problem to be settled on how to build a safe and reliable information security management system for enterprises.Information security is system engineering,the problem of information security can only really solve through the combination of technology and management,it cannot solve through simple technical means because the problem of information security is not only related to information technology,but also involves the personnel management who are using the information.Only these information security issues are quantified and given weight,we can clearly know the current information security level of the enterprise and which information security issues need to be urgently solved.Although there are international standards for information security,they cannot be used directly because these standards lack quantitative measures and weight analysis.SC branch is an electronic manufacturing company mainly engaged in contract manufacturing for foreign customers.Products are used in communications,automotive,medical,financial and other industries.Customer's requirements for information security of SC branch are higher than before with their increasing attention to information security management.In recent years,customers have increased the audit frequency of information security management of SC branch,and even entrusted a third-party information security professional agency to audit SC branch.The level of information security management directly affects if can retain the existing customer's orders and get new customer's orders or not.For a long time,there is no systematic information security management plan in SC branch,information security management of SC branch is mainly done by one department-the information department.It only makes some improvement actions based on the problems found by customer information security management audit,but these problems are not completely solved.After the customer audit passes for a period of time,these problems recur,or one customer raised information security issue has been solved,another customer found other information security issues.It has become an urgent problem to be solved by SC branch on how to find out these real problems of SC branch's information security management systematically,and how to distinguish the severity of these problems and provide suggestions for SC branch's management to improve the level of information security management.Control items and control measures for information security management measurement and evaluation index system of SC branch have been established based on ISO27001 and GB / T 36627-2018 standards and fully considering the requirements of SC branch's strategic customers and combining with its own actual situation.SC branch has completed the construction of information security management measurement and evaluation index system after these control items and control measures have been established and each specific index is quantified and given weight using AHP.Gives optimization suggestions for information security management to improve the information security management level of SC branch through the comparison of the index and actual situation of SC branch,finds out these existing problems of information security management of SC branch,and analyses these root causes of these problems.Implements these information security management optimization strategies and evaluates the effect of the implementation to provide reference for other related enterprises' information security management building.