摘要
目前,信息安全受到了科研院所的普遍重视,但往往由于规划不科学,使得科研院所在信息安全实际操作中遇到许多本可避免的问题。提出一套以CMMI为基础的信息安全管理系统,将信息安全管理系统条文规范化,并通过规划、执行、检查及改进等步骤依次深入。实验结果表明,信息资源的安全与风险量化后,可明确信息安全管理目标,更方便信息管理及沟通。
Research institutes have focused on information security in recent years and have inevitably encountered otherwise avoidable problems in actual operation of information security management because of unscientific planning in this field. In this paper, we presented a CMMI-based information security management system, the standardized provisions and a deep analysis of planning, implementation, inspection and improvement for the system. The experimental results show that information security management objectives can be more conveniently applied to information management and communication as long as the security and risks of information resources are quantified.
出处
《佛山科学技术学院学报(自然科学版)》
CAS
2013年第2期55-57,共3页
Journal of Foshan University(Natural Science Edition)
基金
山西省教育科学"十二五"规划课题(GH-11170)
关键词
能力成熟度整合模式
信息安全
管理模式
capability maturity model integration
information security
management model