摘要
结合供电企业实施合规管控过程中遇到的典型问题,如信息安全等级保护测评、IT治理、安全督查、一体化风险评估、入网安评、安全基线核查各种标准的关注点、执行单位、检查要求各不相同,供电企业在一段时间内面临着多个单位不同要求或不同标准的检查,信息安全加固工作应接不暇,安全人员容易疲于奔命的问题,提出多标准合规管控的概念,探寻一条可以减轻合规管控过程中工作繁重、重复的道路,研究一种把多个合规标准整合和统一的方法论。
Briefly analyses the challenges and problems that the power enterprises may encounter in the areas of classified protection assessment, IT governance, security inspection, integrated risk assessment, network security evaluation and internet security baseline while implementing multi-standard compliance management and control, such as coping with multiple evaluations with different requirements and standards at the same time, heavy workload for security reinforcement engineers. Based on the analysis, presents the concept of multi-standard management and control, the solution to reduce the workload and unnecessary duplication of tasks while implementing multi-standard compliance management and control, and researches on a methodology to integrate and unify multiple standards of compliance.
出处
《现代计算机》
2015年第12期46-50,共5页
Modern Computer
关键词
信息安全
合规管控
多标准
安全加固
体系文件
Information Security
Compliance Management and Control
Multi-Standard
Security Reinforcement
System Document
