摘要
江西电力SG186工程建成后,各业务部门的日常工作和管理决策高度依赖信息系统的持续稳定运行,但运维中的业务需求变化、软件升级、系统自身隐患、主机设备故障、网络漏洞、员工误操作或恶意操作等增加了信息系统运行的风险。文章从7个方面论述了如何建立以风险防控为中心的信息安全管理体系,利用宣传教育、内部沟通、规范标准、员工培训、绩效机制等多种方法有效提升了信息系统运行的稳定性,可以确保企业的信息安全。
With the SG186 project completed, the daily work and management decisions are highly dependent on the stable operation of information systems. However, there are many factors that may increase the operation risk of the information system, such as business requirement changing, software updating, system potential troubles, host equipment failure, network vulnerabilities, human errors or malicious operation. This paper discusses how to build a risk prevention-centered information security management system from seven aspects above mentioned.. Through various methods including propaganda and education, interaction, standard setting, staff training and performance mechanism, we can improve the information system operational stability and ensure the enterprises information security.
出处
《电力信息与通信技术》
2015年第8期89-93,共5页
Electric Power Information and Communication Technology
关键词
信息风险
信息安全
风险防控
information risk
information security
risk prevention
