摘要
本文以国家颁布的计算机信息系统安全保护等级划分准则等信息安全管理标准、规范为基线,把确保企业信息安全风险降低到可以接受程度作为安全目标,通过对企业信息安全需求的分析,介绍建立企业信息安全保证体系的基本思路,以及选择并实施有关信息安全管理措施的方法。
Based on the national standards and codes like 'Classified Criteria for Security Protection of Computer Information System',aiming to reduce the enterprise information safety risk to an acceptable level and through the analysis on enterprise information safety demand,this article introduces the basic principle of establishing an enterprise information safety protection system as well as the approach to the selection and implementation of relating information safety control measures.
出处
《土木建筑工程信息技术》
2011年第2期86-90,共5页
Journal of Information Technology in Civil Engineering and Architecture
基金
"十一五"国家科技支撑计划资助课题(2007BAF23B03)
关键词
信息安全管理体系
计算机信息系统安全保护等级划分准则
Information Safety Control System
Classified Criteria for Security Protection of Computer Information System
