电力系统信息安全基线标准体系的构建

Construction of Information Security Baseline Standardization System for Power Systems

为消减电网设备自身的安全脆弱性,进一步深化信息安全管理,文章提出了构建信息安全基线标准体系的原则和分层集成的安全基线标准体系架构,重点从强化意识、构建体系、建立制度3方面论述了如何构建信息安全基线标准体系。山东电力集团公司信息安全基线建设实践证明,该体系可以建立符合各信息安全监管部门和应用部门的规范和标准,形成一整套可推广的落地自查、检查方案,从而有效支撑等级保护,并提升企业信息安全管理的规范化、标准化和精益化水平。

To reduce security vulnerability of power devices and deepen the information security management, a hierarchical architecture of information security baseline standardization system, as well as the construction principles, are proposed. Then we analyze how to construct the system from aspects of awareness strengthening, system building, and rules and regulations establishment. The practice of Shandong Electric Power Corporation shows that, the information security baseline standardization system can not only produce various information security specifications and standards to fulfill the compliance requirements by security administration authorities and business sectors, but also can be extended to form a complete set of self-examination and inspection programs. In such a way, the system can effectively support the graded protection of power grid. and further enhance the standardization and lean level of enterprise information security management.