基于ISO/IEC17799标准体系的电网企业信息安全管理新模式

A New Model of Grid Enterprise's Information Security Management Using ISO/IEC17799 Standard System

文章比较分析了基于国际标准ISO/IEC17799的信息安全体系与当前电网企业信息安全管理体系的差异,在此基础上基于ISO/IEC17799标准体系框架进行了电网企业信息安全管理新模式设计,并从设备安全、物理环境、访问控制以及政策与规章制度等方面给出了电网企业信息安全基于标准体系的应用分析。应用分析结果表明,信息安全管理新模式的应用能够提升信息安全运行水平,消除信息安全隐患。

On the basis of deeply analyzing and comparing the difference between ISO/IEC17799 standard based information security system and the current grid enterprise information security management system, this paper designs a new mode of information security management for power enterprises. From equipment safety, physical environment, access control, and policy and regulatory aspects, the application analysis of information security based on standard system of power grid enterprise is presented. The application results show the application of new mode has improved the level of information security, and eliminated the potential risk of information security.