【摘要】：最近20年以來,信息化已經(jīng)逐漸成為所有企業(yè)發(fā)展的動(dòng)力之一,所有的企業(yè)都非常重視信息化建設(shè)工作。在此過程中,信息技術(shù)外包由于其經(jīng)濟(jì)性、時(shí)效性和專業(yè)性得到了很多企業(yè)的青睞,成為企業(yè)信息化不可或缺的手段之一。但信息技術(shù)外包過程中,不可避免地會(huì)使外包方接觸了解企業(yè)的數(shù)據(jù)或資料,信息安全問題成為企業(yè)非常關(guān)心的問題之一。 本文探討的正是在實(shí)現(xiàn)信息技術(shù)外包過程中如何控制信息安全風(fēng)險(xiǎn)。本文以一家保險(xiǎn)集團(tuán)公司(文中簡稱“A公司”)為例,分析了該企業(yè)在信息技術(shù)外包中遇到的信息安全問題及其成因,并結(jié)合信息技術(shù)外包和信息安全風(fēng)險(xiǎn)管理的有關(guān)理論提出了一些控制理念,重點(diǎn)包括制訂合適的外包策略、對(duì)信息安全風(fēng)險(xiǎn)進(jìn)行全面的分析和分類以及構(gòu)建事先、事中和事后三道防線。A公司以此控制理念為基礎(chǔ),結(jié)合自身實(shí)際,在日常管理中加以細(xì)化,形成了自己的一套控制方法,取得了較好的效果。本文最后以A公司近期實(shí)施的W項(xiàng)目為例,驗(yàn)證了這些控制方法的有效性。
[Abstract]:Since the last 20 years, informatization has gradually become one of the power of all enterprise development, and all enterprises attach great importance to the work of information construction. In this process, the outsourcing of information technology has been favored by many enterprises because of its economy, timeliness and professionalism, and becomes one of the indispensable tools for enterprise information technology. However, in the process of information technology outsourcing, it is inevitable to make the outsourcing party contact with the data or information of the enterprise, and the information security problem becomes one of the most important issues of the enterprise. This paper discusses how to control information security in the process of information technology outsourcing In this paper, an insurance group company (hereinafter referred to as" "Company A" ") is taken as an example to analyze the information security problems encountered by the enterprise in the outsourcing of information technology and its causes, and put forward some control measures in combination with the related theories of information technology outsourcing and information security risk management. Read, focus on the development of appropriate outsourcing strategies, comprehensive analysis and classification of information security risks, and the construction of pre-and post-and post-incident three-way defence The line. A is based on this control idea, and in combination with its own reality, it is refined in the day-to-day management, and a set of control methods are formed, and the better effect is achieved. In the end of this paper, the W project implemented by A Company is taken as an example to verify the effectiveness of these control methods.
【學(xué)位授予單位】：華東理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：F272.3;F842.3

【參考文獻(xiàn)】

相關(guān)期刊論文 前8條

1 蔡華利;張翠英;;企業(yè)軟件外包風(fēng)險(xiǎn)管理研究[J];中國管理信息化(綜合版);2006年04期

2 王慶喜;金融服務(wù)外包風(fēng)險(xiǎn)及其對(duì)策[J];華東經(jīng)濟(jì)管理;2005年05期

3 方德英,李敏強(qiáng);IT項(xiàng)目風(fēng)險(xiǎn)管理理論體系構(gòu)建[J];合肥工業(yè)大學(xué)學(xué)報(bào)(自然科學(xué)版);2003年S1期

4 邢東濤;;商業(yè)銀行IT業(yè)務(wù)外包過程中若干問題的探討[J];黑龍江科技信息;2009年02期

5 梁新弘;論信息技術(shù)(IT)外包的動(dòng)因、風(fēng)險(xiǎn)及防范[J];科技管理研究;2004年01期

6 聶規(guī)劃,周曉光,張亮;企業(yè)信息技術(shù)外包的風(fēng)險(xiǎn)與防范[J];科技進(jìn)步與對(duì)策;2002年04期

7 單寶;企業(yè)業(yè)務(wù)外包戰(zhàn)略的確立與實(shí)施[J];上海商業(yè);2004年11期

8 余秦勇;;信息安全風(fēng)險(xiǎn)管理研究[J];信息安全與通信保密;2006年07期

，

本文編號(hào)：2508578