企业实施信息安全保障体系的探索和实践

Exploration and Practice of Enterprise Information Security Assurance System

现代企业的生存与发展高度依赖网络信息系统支持,确保网络的通畅、信息系统安全可靠就显得尤其重要。本文从信息安全综合治理战略理念出发,结合当前企业IT运维管理现状和安全风险防范的新思路、新方法,从组织体系、制度体系和技术体系三个层面论述建立和实施信息系统安全运行治理防控保障体系,实现信息系统可持续改进运行。

The survival and development of modern enterprise is highly dependent on the network information system support, so it is particularly important to ensure unobstructed network and safe and reliable information system. Based on the concept of information security comprehensive management strategy, and combined with the current enterprise IT operations management present situation and the new ideas and new methods of safety risk prevention, this paper discusses the establishment and implementation of information system security prevention and control system from the organization system, institutional system and technology system, so as to realize sustainable improvement of information system.