企业信息安全管理体系建设研究

互联网时代的今天,企业所面临的信息安全风险形式日趋严峻,如何构建一个适合自身的信息安全管理体系对企业的持续发展和保障企业核心竞争力具有重大意义。本文对我国企业面临的信息安全现状和原因进行了梳理分析,并以信息安全管理模型为基础,总结提出了信息安全管理体系建设中建立ISMS、实施和运行ISMS、监控和评审ISMS及保持和改进ISMS的具体过程,希望为企业建设信息安全管理体系提供指导与帮助。

In the Internet age,the information securit y risk that enterprises are facing is becoming more and more serious.How to construct a suitable information security management system is of great signif icance to the sustainable development of enterprises and the protection of the core competitiveness of enterprises.This paper analyzes the present situation of information security faced by enterprises in China and its reasons.Based on the information security management model,this paper summarizes and puts forward the specif icprocess including the establishment,implementation and operation of ISMS.the monitoring and reviewing of ISMS as well as the maintaining and improvement of ISMS in the construction of information security management system,hoping to provide guidance and help for enterprises to implement and run information security management system.