本文選題：ISO27001　切入點(diǎn)：信息安全　出處：《山東大學(xué)》2015年碩士論文

【摘要】：隨著互聯(lián)網(wǎng)技術(shù)發(fā)展風(fēng)起云涌,依托于信息技術(shù)的國民經(jīng)濟(jì)正方興未艾,依賴于互聯(lián)網(wǎng)經(jīng)濟(jì)的中小企業(yè)也如雨后春筍般蓬勃發(fā)展。信息已成為了當(dāng)今社會(huì)主流的發(fā)展資源,信息安全變成了企業(yè)賴以運(yùn)行的基礎(chǔ)保障之一。如今,在這個(gè)信息傳播高度發(fā)達(dá)的時(shí)代,對(duì)于一個(gè)企業(yè)來說,信息,尤其是敏感信息很大程度上決定了企業(yè)的興衰甚至是生死存亡,它已悄然地變?yōu)榱艘豁?xiàng)企業(yè)的重要資產(chǎn)。數(shù)據(jù)是現(xiàn)代企業(yè)關(guān)鍵業(yè)務(wù)發(fā)展的支撐和基礎(chǔ),不僅包括企業(yè)財(cái)務(wù)數(shù)據(jù)、計(jì)算機(jī)產(chǎn)生的數(shù)據(jù),還包括企業(yè)文化、品牌、知識(shí)產(chǎn)權(quán)、雇員信息、顧客信息等,像其它重要的商業(yè)資產(chǎn)那樣,信息資產(chǎn)具有重要的價(jià)值,因此需要進(jìn)行妥善管理和保護(hù)。本文描述了北京XX企業(yè)信息安全管理體系的規(guī)劃和實(shí)施過程。運(yùn)用"PDCA"過程方法論,基于ISO/IEC270011國際標(biāo)準(zhǔn),建立了適合公司發(fā)展戰(zhàn)略的信息安全管理體系(Information Security Management System)(簡稱ISMS),將北京XX企業(yè)信息管理置于不斷安全的良性循環(huán)中；本文對(duì)ISO/IEC27001標(biāo)準(zhǔn)、風(fēng)險(xiǎn)管理、"PDCA"過程方法論、信息安全管理體系的很多案例做了大量的研究,依據(jù)標(biāo)準(zhǔn)調(diào)研了北京XX企業(yè)的信息安全管理現(xiàn)狀,并對(duì)差距進(jìn)行有效的分析,依據(jù)企業(yè)信息資產(chǎn)的特點(diǎn)設(shè)計(jì)了定性和定量相結(jié)合的風(fēng)險(xiǎn)評(píng)估方法,設(shè)計(jì)了企業(yè)的信息安全管理體系框架,編寫了可覆蓋11個(gè)安全域,39個(gè)控制目標(biāo)的信息安全管理的程序文件,制訂了有效信息安全管理的有效策略,對(duì)公司員工進(jìn)行連續(xù)的信息安全意識(shí)培訓(xùn)等,并在組織ISMS體系實(shí)施過程中,采用相應(yīng)的技術(shù)手段來配合：購買了防火墻、UPS、交換機(jī)、域控服務(wù)器以及自主研發(fā)了NAS存儲(chǔ)服務(wù)器等設(shè)備,使得信息資產(chǎn)所面臨的風(fēng)險(xiǎn)降至可接受范圍之內(nèi)。組織信息安全管理體系成功的實(shí)施運(yùn)行,更好的促進(jìn)企業(yè)的信息資產(chǎn)安全,有效地保護(hù)了信息數(shù)據(jù)的安全傳輸、存儲(chǔ)、控制,建立健全公司的信息安全保障體系,使公司業(yè)務(wù)能夠可持續(xù)的發(fā)展運(yùn)行。企業(yè)的信息安全管理體系取得了IS027001認(rèn)證,保護(hù)了公司的競爭力、提高了公司員工的信息安全意識(shí)、維護(hù)了公司在客戶心中的信譽(yù)、增強(qiáng)了公司發(fā)展的凝聚力。本文為中小企業(yè)成功的建設(shè)和實(shí)施信息安全管理體系提供了一個(gè)典型的案例。
[Abstract]:Along with the development of Internet technology raging like a storm relying on information technology, the national economy is just unfolding, depend on the Internet economy of small and medium-sized enterprises such as bamboo shoots after a spring rain rapid development has become the development of resource information. The mainstream of today's society, information security has become one of the enterprises rely on basic guarantee operation. Now, in this highly developed era of information dissemination, for an enterprise, information, especially the sensitive information largely determines the rise and fall of the enterprise and is of vital importance, it has quietly become an important asset for an enterprise. The data is the key business support and basis for the development of modern enterprises, including not only the financial data of the enterprise, the computer generated data, including corporate culture, brand, intellectual property rights, employee information, customer information, like other important business assets, has the important value of information assets Therefore, the need for proper management and protection. This article describes the Beijing XX enterprise information security management system planning and implementation process. Using the "PDCA" process methodology, ISO/IEC270011 based on international standards, establish the information security management system for the company's development strategy (Information Security Management System) (ISMS), the virtuous cycle of information management in Beijing XX enterprises continue to secure the ISO/IEC27001; standard, risk management, the "PDCA" process and methodology, many cases of information security management system has done a lot of research, based on the investigation of the standard of information security management status of Beijing XX enterprises, and carry out effective analysis on risk assessment methods based on the characteristics of gap. The design of enterprise information assets both qualitative and quantitative, design the framework of enterprise information security management system, compile the covering 11 security The domain of information security management, the 39 control objectives of the program file, formulate effective strategies for effective information security management, information security awareness training for the employees of the company, and in the organization of ISMS system in the implementation process, the use of appropriate technical means to buy: firewall, UPS, switches, domain control independent research and development of NAS server and storage server equipment, makes the risk of information assets to the acceptable range. The implementation of operation organization of information security management system successfully, and better promote the information safety of enterprise assets, effectively protect the safety of information transmission, data storage, control, establish and improve information security system the company, the company can develop sustainable operation. Information security management system of enterprises and achieved IS027001 certification, to protect the company's competitiveness, improve the public The information security consciousness of the staff has maintained the company's reputation in the customer's mind and enhanced the cohesion of the company's development. This article provides a typical case for the successful construction and implementation of information security management system for small and medium-sized enterprises.

【學(xué)位授予單位】：山東大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類號(hào)】：TP309

【相似文獻(xiàn)】

相關(guān)期刊論文 前7條

1 馮曉娜;韓曉紅;劉文云;;電子商務(wù)環(huán)境下基于ISO27001的企業(yè)信息安全管理體系研究[J];現(xiàn)代情報(bào);2011年02期

2 胡靈娟;;大型數(shù)據(jù)中心ISO27001信息安全管理體系貫標(biāo)認(rèn)證實(shí)踐[J];中國金融電腦;2012年05期

3 春增軍;;基于ISO27001的企業(yè)信息安全保障體系的構(gòu)建設(shè)想[J];情報(bào)雜志;2009年05期

4 吳以四;;ISO27001指導(dǎo)企業(yè)信息安全管理安全管理進(jìn)入標(biāo)準(zhǔn)時(shí)代[J];信息系統(tǒng)工程;2006年09期

5 黃水清;陳雙喜;任妮;;基于ISO27001的數(shù)字圖書館信息安全風(fēng)險(xiǎn)評(píng)估模型研究[J];現(xiàn)代圖書情報(bào)技術(shù);2009年06期

6 魯興華;;基于ISO27001的我國商業(yè)銀行的信息安全管理體系的探討[J];現(xiàn)代企業(yè)教育;2013年24期

7 ;[J];;年期

相關(guān)碩士學(xué)位論文 前7條

1 劉晶晶;基于ISO27001的北京XX企業(yè)信息安全管理體系的建立與實(shí)施[D];山東大學(xué);2015年

2 張曉銘;關(guān)于ISO27001信息安全風(fēng)險(xiǎn)評(píng)估方法的探討[D];首都經(jīng)濟(jì)貿(mào)易大學(xué);2007年

3 朱璇;基于ISO27001的信息安全管理體系的研究和實(shí)現(xiàn)[D];上海交通大學(xué);2009年

4 張桂明;東莞出入境檢驗(yàn)檢疫局ISO27001認(rèn)證輔導(dǎo)項(xiàng)目管理研究[D];西南交通大學(xué);2009年

5 周佑源;基于ISO27001的信息安全風(fēng)險(xiǎn)評(píng)估研究與實(shí)現(xiàn)[D];北京交通大學(xué);2007年

6 饒玉輝;基于ISO27001的京東方信息安全管理體系建設(shè)[D];北京郵電大學(xué);2012年

7 熊健;基于ISO27001的數(shù)字圖書館信息安全風(fēng)險(xiǎn)評(píng)估研究[D];南京農(nóng)業(yè)大學(xué);2009年

，

本文編號(hào)：1676546