摘要
介绍了ISO7498-2、ISO17799、ISO27001和ISO/IEC18028-2等四个信息安全保障的重要标准的相关内容。针对组织安全问题,提出了一个适合不同组织模型的整体安全保障体系。在该安全保障体系中,把一个组织作为一个整体对象,以整体安全作为组织安全保障的重要措施,构建了一个组织安全保障的过程模型。针对当前信息安全实施中的主要问题,结合信息安全管理系统的概念,提出了一个智能化的组织安全管理体系框架。
In this paper, several important standards, including ISO7498-2, ISO17799, ISO27001 and ISO/IEC18028-2, are described. An integrated security ensuring architecture which is adapted to different organization models is proposed in order to solve the problems of organization security. Using the architecture, an organization is looked as an entity and as a whole. Integrated security is the most important method to ensure the security of an organization and a process model is proposed. Combining with the concept of Information Security Management Systems, an intelligent security management framework of organization is proposed also.
出处
《电子科技大学学报》
EI
CAS
CSCD
北大核心
2007年第5期838-841,共4页
Journal of University of Electronic Science and Technology of China
关键词
体系
智能
管理系统
组织
安全
architecture
intelligence
ISMS
organization
security
