摘要
随着信息技术的发展和应用的不断深入,信息安全日益受到国家、企业和社会公众的关注。中国政府已经提出了构建国家信息安全保障体系的设想,明确了政府、企业和公民各自应承担的责任与义务。企业的信息安全工作,主要关注点是如何保障信息技术应用和防止企业商业秘密泄露。同时,大型企业特别是地理位置分布广泛的企业集团,在信息安全方面存在很多难点。分析了国内、国际信息安全现状和发展趋势,概述了Gartner的企业信息安全体系架构设计思想和国内大型企业面临的信息安全需求;从管理、技术、控制三个视角和概念、逻辑、实现三个层面阐述了构建企业信息安全体系架构的概念、内容和方法,提出了一种大型企业信息安全体系架构模型——MCT(管理-控制-技术)模型;针对大型企业实际情况,陈述了如何应用MCT模型进行信息安全体系架构设计;最后给出了一套可实施的从设计层到实现层的转换方法,即以项目为单位来组织具体的信息安全体系建设工作。
With the development and continuously deepening application of information technology,information security has attracted more and more attentions from states,enterprises and the general publics.Chinese government has proposed building a national information security system and defined clearly the respective responsibilities and obligations of government,enterprises and citizens.In order to enhance the ability of information security and comply with laws and regulations,enterprises must construct a complete information security system.This paper investigated the situations and development trends of domestic and international information security practices and researches,summed up the experience of Gartner company in enterprise information security architecture,introduced the concepts,contents and methods to construct enterprise information security architecture in terms of management,control,and technology and from conceptual,logic,and implementation layer levels,put forward a large-scale enterprise information security architecture model—MCT (Management-Control-Technology) model,illustrated the designing of information security architecture for a large-scalar enterprise with the MCT model,and finally described a practical conversion method from design to implementation,that is how to use project-specific units to construct information security system.
出处
《勘探地球物理进展》
2008年第6期471-478,共8页
Progress in Exploration Geophysics
关键词
信息技术
信息安全
信息系统
信息技术基础设施
信息安全体系架构
information technology (IT)
information security
information system
IT infrastructure
information security architecture
