摘要
我国电信运营企业存在巨大的信息安全风险且缺乏风险管理意识、系统的管理方法和可参考的成熟经验。为解决信息安全风险管理方法问题,对信息安全风险管理体系进行研究。通过文献研究和现状调查,得出现阶段电信运营企业面临三大主要信息安全风险;结合复杂多变的风险现状,根据风险管理理论,提出PDCA循环模式是适合我国电信运营企业的风险管理模式;在此基础上构建基于PDCA循环的信息安全风险管理体系。
Telecom operating companies are faced with amount of information security risks. However, they are lack of awareness and systematical methods of managing information security risk. There is also little mature experience as refer- ence. In order to solve the problem of management method, information security risk management system is studied. Through literature research and the present situation investigation, three main information security risks of present stage for telecom operators were analyzed; according to the theory of risk management, together with complex and changing risks, PDCA cycle was considered to be suitable for telecom operators of China. And information security risk management system based on PDCA cycle for telecom enterprises was built. At last, implementation principles and methods of each module for the process of system construction were studied. It provides theoretical foundation for information security risk management work systematically.
出处
《科技管理研究》
CSSCI
北大核心
2016年第18期160-164,共5页
Science and Technology Management Research