面向业务:信息安全保障业务发展新趋势

如今信息安全在信息社会扮演极为重要的角色,直接关系到政府运作、企业经营和人们的日常生活,信息安全服务也已成为信息安全保障体系的重要内容。然而国内信息安全服务行业却存在很多问题,管理者的信息安全意识不足,安全服务以事件应急响应为主,忽视为客户提供主动、系统的面向业务的服务。针对这一现状,本文提出了基于业务的信息安全服务体系(Business-based Information Security Service System,BISSS),利用企业架构(Enterprise Architecture,EA)对机构及其信息系统进行分析,以信息系统的业务属性为出发点和依据,为客户提供覆盖整个信息系统生命周期的安全服务。

Nowadays, Information Security （IS） is playing an essential role in the information society, directly affecting the operation of governments, enterprises and people＇s daily lives. Information Security Service （ISS） has became an important part of IS system. However, there exist some common problems in ISS, such as managers are lack of awareness of information security; ISS always provides Event Emergency Response and neglects to provide proactive, systematic business-oriented security services to customers. To address this issue, we proposed a Business-based Information Security Service System （BISSS）, which uses Enterprise Architecture （EA） to analyze the organization and its information system. In the BISSS, business property of Information systems as a starting point and basis for ISS, it is possible to use the BISSS to provide Business-based ISS which covers the entire Information System Development Lifecycle （SDLC） for customers.