海委信息安全评估项目研究与实践

Research and Implementation of Information Security Assessment by Haihe River Water Conservancy Committee

介绍了国内外信息安全评估方法及相关标准发展,针对海委首次开展的信息安全评估工作情况,从评估目标、范围、方法和内容几方面进行了简要介绍,并通过技术和管理层面的差距分析找出了海委信息化系统中存在的问题,提出了整改方案,对今后海委信息化建设具有重要意义,为海委信息化等级保护奠定基础。

This paper makes an description about development of information security assessment approaches and corresponding standards both home and aboard.According to work situation of information security evaluation carried out by Haihe River Water Conservancy Committee for the first time,a concise introduction is made from aspects of assessment objective,scope,methods and content.Through a gap analysis about technology and management,existing problems of the information system by Haihe River Water Conservancy Committee are found,and an improvement program is also put forward.It will be of great significance to the promotion of the information explosion process of Haihe River Water Resources Committee,laying a foundation for grade protection of information.