Research On Improvement Of Information Security Management System Of D Power Supply Company

Since the 18th National Congress of the Communist Party of China,General Secretary Xi Jinping has put forward a series of significant statements on cyber security issues on different occasions,providing scientific guidance and basic guidelines for China to achieve the goal of becoming a cyber power under the new situation.State Grid clearly lists network information security as one of the company’s four major securities(large power grid security,equipment security,personal safety,network information security)and one of the four major risks(grid security risk,business management and control risk,financial business risk,cyber security risk).According to the "bucket theory",there should be no weak links in the protection of network information security.As the world’s largest public utility company,how to effectively organize resources such as human resources,property resources,how to innovate management mechanisms,and continuously improve the ability to prevent and deal with information security incidents,and how to be invincible in offensive and defensive confrontation remain a problem that must be solved in current information security work.This paper first summarizes the research background and significance,analyzes the research status of information security management system at home and abroad,determines the research content and ideas,expounds the theories and models involved in the research,and lays a solid foundation for the follow-up research on the information security management system of D power supply company.Combined with the actual situation of the D power supply company,a third-level unit under the State Grid Corporation of China,questionnaires and other methods are issued on the current situation and shortcomings of the power supply company’s information security for investigation and analysis.In accordance with the analysis results,combined with domestic and foreign advanced information security research results and security management models,the P3DR2 information security management system model of the electric power industry has been innovatively put forward.By applying this model and combining with the PDCA cycle,the improvement plan of the information security management system of D power supply company is formulated,focusing on security strategy,personnel,protection,monitoring response and risk assessment.Besides,inspection evaluation and continuous improvement measures are proposed to ensure that the problems of D power supply company are properly resolved.Finally,by improving the information management system of D power supply company and providing guarantees in terms of organization,personnel and funds,the network security protection capability of D power supply company has been comprehensively improved.This paper uses ISO/IEC27000 series standards,refers to PDCA cycle and other management tools,perfects the improvement plan of D power supply company’s information security management system and achieves good results.The improvement plan and implementation method of the information security management system used by the D power supply company can also provide reference for other units of the State Grid Corporation of China and other enterprises in the power industry,and provide strong information security support for the construction of a safe,reliable and strong smart grid.