摘要
当前我国信息安全审计领域存在缺乏顶层设计、相关立法不到位、信息安全审计管理规章制度不完善等问题,导致信息安全审计实施不规范.为了建立完善的信息安全审计体系,促进信息安全审计快速健康发展,在明确信息安全审计定义的基础上,分析了其在我国的现状,并提出了信息安全审计应用中出现的问题及优化的系统架构,增设了信息安全审计管理的风险评估机制,对潜在安全事件形成风险处理计划,从而合理有效地实施信息安全审计.
At present,there is a lack of top-level design in the field of information security audit in our country.The relevant legislation is not complete>and the rules and regulations of information security audit management are imperfect,leading to the implementation of information security audit is not standard.Based on the clear definition of information security audit,this paper analyzes the current situation of information security audit in China,and puts forward the problems in the application.In order to implement the information security audit reasonably and effectively,this paper puts forward the optimized system architecture,and adds the risk assessment mechanism of information security audit management,which develops the risk management plans for potential security incidents.
作者
刘文
Liu Wen(Shihezi Audit Bureau,Shihezi, Xinjiang 832000)
出处
《信息安全研究》
2017年第10期946-953,共8页
Journal of Information Security Research
关键词
信息安全
信息系统审计
信息安全审计
信息技术审计
创新策略
information security (IS)
information system audit
information security audit
IT audit
innovation strategy
