發(fā)布時(shí)間：2018-09-11 09:18

【摘要】：信息技術(shù)(Information Technology, IT)已成為經(jīng)濟(jì)社會(huì)發(fā)展的強(qiáng)有力因素,近年來更是朝著云計(jì)算、大數(shù)據(jù)等高度集成化專業(yè)化的方向發(fā)展,眾多依賴信息系統(tǒng)進(jìn)行生產(chǎn)業(yè)務(wù)管理的企事業(yè)單位和政府部門逐漸的傾向?qū)T基礎(chǔ)設(shè)施和IT信息系統(tǒng)部分或全部的外包給專業(yè)化的數(shù)據(jù)中心建設(shè)和運(yùn)維。承載著眾多客戶信息系統(tǒng)的數(shù)據(jù)中心的作用與地位越來越重要,然而高質(zhì)量的運(yùn)維管理則是數(shù)據(jù)中心的生存之道,其中如何管控好數(shù)據(jù)中心各方面存在的風(fēng)險(xiǎn)將愈發(fā)顯得重要。 本文通過理論與實(shí)踐相結(jié)合的方式,研究了如何全方位的對(duì)數(shù)據(jù)中心客戶服務(wù)項(xiàng)目進(jìn)行風(fēng)險(xiǎn)分析與控制的方法應(yīng)用。首先依照國際和國內(nèi)相關(guān)標(biāo)準(zhǔn)來建立數(shù)據(jù)中心信息安全管理體系,通過專家訪談、實(shí)地勘察、查閱文檔、發(fā)放調(diào)查問卷等方法對(duì)數(shù)據(jù)中心客戶服務(wù)項(xiàng)目中所涉及的信息資產(chǎn)進(jìn)行風(fēng)險(xiǎn)識(shí)別、風(fēng)險(xiǎn)評(píng)估,并根據(jù)風(fēng)險(xiǎn)評(píng)估的結(jié)果進(jìn)行針對(duì)性的風(fēng)險(xiǎn)控制,并持續(xù)不斷的進(jìn)行改進(jìn)。其次通過召開風(fēng)險(xiǎn)研討會(huì)和發(fā)放調(diào)查問卷的方法來識(shí)別數(shù)據(jù)中心客戶服務(wù)項(xiàng)目變更所帶來的風(fēng)險(xiǎn),根據(jù)層次分析法建立風(fēng)險(xiǎn)層次結(jié)構(gòu)模型并計(jì)算出各風(fēng)險(xiǎn)因素的權(quán)重,從而可以根據(jù)權(quán)重大小進(jìn)行相應(yīng)的風(fēng)險(xiǎn)管控。兩種方法相互結(jié)合就可以更加全面的對(duì)數(shù)據(jù)中心客戶服務(wù)項(xiàng)目進(jìn)行全方位的風(fēng)險(xiǎn)分析與控制,保證在數(shù)據(jù)中心運(yùn)行的客戶信息系統(tǒng)安全穩(wěn)定的運(yùn)行,使客戶依賴信息系統(tǒng)運(yùn)行的各項(xiàng)業(yè)務(wù)管理活動(dòng)達(dá)到持續(xù)性的目的。文中最后通過以某個(gè)客戶實(shí)際的案例進(jìn)行舉例闡述,詳細(xì)描述了實(shí)際工作中如何將信息安全風(fēng)險(xiǎn)管理和項(xiàng)目變更風(fēng)險(xiǎn)管理相結(jié)合的對(duì)數(shù)據(jù)中心客戶服務(wù)項(xiàng)目進(jìn)行全方面的風(fēng)險(xiǎn)分析與控制,從而達(dá)到客戶對(duì)信息系統(tǒng)風(fēng)險(xiǎn)管控的要求,并驗(yàn)證了本文運(yùn)用方法的有效性和可行性。 本文的研究意在促進(jìn)數(shù)據(jù)中心風(fēng)險(xiǎn)管理水平的提高,從而提高數(shù)據(jù)中心的整體的運(yùn)維服務(wù)質(zhì)量,希望能夠加快我國數(shù)據(jù)中心行業(yè)風(fēng)險(xiǎn)管理的步伐與科學(xué)化,為整個(gè)IT外包服務(wù)業(yè)及其它相關(guān)行業(yè)開展風(fēng)險(xiǎn)管理提供借鑒和參考依據(jù)。
[Abstract]:Information technology (Information Technology, IT) has become a powerful factor in economic and social development. In recent years, it has become a highly integrated and specialized direction such as cloud computing, big data, etc. Many enterprises and government departments that rely on information system for production management tend to outsource some or all of IT infrastructure and IT information system to specialized data center construction and operation. The role and status of the data center, which carries many customer information systems, is becoming more and more important. However, high quality operation and maintenance management is the survival way of the data center, and how to manage the risks in all aspects of the data center will become more and more important. Through the combination of theory and practice, this paper studies how to apply the method of risk analysis and control to customer service project in data center. First of all, in accordance with the relevant international and domestic standards to establish a data center information security management system, through expert interviews, field surveys, access to documents, The information assets involved in the customer service project of the data center are identified, assessed, and the risk control is carried out according to the results of the risk assessment, and continuous improvement is made. Secondly, by holding the risk seminar and issuing questionnaire to identify the risk caused by the change of customer service project in the data center, the model of risk hierarchy structure is established according to AHP and the weight of each risk factor is calculated. Thus can carry on the corresponding risk control according to the weight size. The combination of the two methods can more comprehensively analyze and control the risk of the customer service project in the data center, and ensure the safe and stable operation of the customer information system running in the data center. Enable customers to rely on information systems to run the various business management activities to achieve the purpose of sustainability. At the end of this paper, an example is given to illustrate the actual situation of a customer. This paper describes in detail how to combine information security risk management and project change risk management to analyze and control all aspects of data center customer service project. In order to meet the customer's requirements of information system risk management, and verify the effectiveness and feasibility of the application of this method. The purpose of this paper is to promote the improvement of risk management level of data center, so as to improve the overall operation and maintenance service quality of data center, and hope to accelerate the pace and scientific of risk management of data center industry in our country. For the whole IT outsourcing service industry and other related industries to carry out risk management to provide reference and reference.
【學(xué)位授予單位】：中國科學(xué)院大學(xué)(工程管理與信息技術(shù)學(xué)院)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2013
【分類號(hào)】：TP308

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 劉玉雪;王章虎;;層次分析法(AHP)在風(fēng)險(xiǎn)分析與評(píng)價(jià)中的應(yīng)用[J];工程與建設(shè);2008年01期

2 嚴(yán)復(fù)海;黨星;顏文虎;;風(fēng)險(xiǎn)管理發(fā)展歷程和趨勢綜述[J];管理現(xiàn)代化;2007年02期

3 劉相鋒;;層次分析法在項(xiàng)目風(fēng)險(xiǎn)分析中的應(yīng)用[J];甘肅農(nóng)業(yè);2006年03期

4 陳升;孔曉峰;葉代亮;;ISO/27001：2005的再認(rèn)識(shí)和體會(huì)[J];電力信息化;2008年07期

5 謝喜麗;;項(xiàng)目風(fēng)險(xiǎn)管理發(fā)展歷程及趨勢[J];合作經(jīng)濟(jì)與科技;2010年14期

6 翟雪榮;劉志剛;卞春;;信息系統(tǒng)信息安全風(fēng)險(xiǎn)管理的發(fā)展趨勢分析[J];農(nóng)業(yè)網(wǎng)絡(luò)信息;2007年12期

7 莊劍;項(xiàng)目管理過程中的風(fēng)險(xiǎn)分析與控制[J];中國勘察設(shè)計(jì);2003年04期

8 楊曉兵;劉臣;;基于AHP和因果分析法的IT項(xiàng)目風(fēng)險(xiǎn)因素分析[J];科技創(chuàng)業(yè)月刊;2006年01期

9 劉成;;基于AHP的建筑施工企業(yè)ERP實(shí)施風(fēng)險(xiǎn)分析[J];科技管理研究;2009年09期

10 程瑜琦;朱博;;信息安全管理體系標(biāo)準(zhǔn)化概述[J];認(rèn)證技術(shù);2011年05期

，

本文編號(hào)：2236272