基于ISO 7001的电力信息安全风险评估模型

A Model of Information Security Risk Assessment in Power System Based on ISO 27001

目前,电力信息安全风险评估逐步受到重视。文章结合广东电网公司实施信息安全风险评估的经验,提出基于ISO27001的信息安全风险评估模型。该模型依据国际通用的信息安全管理体系ISO27001,引入信息安全三元理论,能够从管理、运行、技术3个层面全面评估信息安全风险。

Information security risk assessment in power system gained more attention gradually. This paper proposed an information security risk assessment model based on ISO 27001 combine with experience of information security risk assessment work in Guangdong Power Grid of CSG. This new model basis on the information security management system ISO 27001, draws trialism of information security into practice. This model could comprehensively assess the information security risk in aspect of management, operation and technology.