摘要
文章比较分析了基于国际标准ISO/IEC17799的信息安全体系与当前电网企业信息安全管理体系的差异,在此基础上基于ISO/IEC17799标准体系框架进行了电网企业信息安全管理新模式设计,并从设备安全、物理环境、访问控制以及政策与规章制度等方面给出了电网企业信息安全基于标准体系的应用分析。应用分析结果表明,信息安全管理新模式的应用能够提升信息安全运行水平,消除信息安全隐患。
On the basis of deeply analyzing and comparing the difference between ISO/IEC17799 standard based information security system and the current grid enterprise information security management system, this paper designs a new mode of information security management for power enterprises. From equipment safety, physical environment, access control, and policy and regulatory aspects, the application analysis of information security based on standard system of power grid enterprise is presented. The application results show the application of new mode has improved the level of information security, and eliminated the potential risk of information security.
引文
[1]ISO/IEC17799—2005.信息安全管理规范[S].2005.
[2]王艳玮,汪杨.ISO/IEC17799在校园网信息安全管理中的应用[J].科学与管理,2009,29(1):51-54.WANG Yan-wei,WANG Yang.The application of ISO/IEC17799in campus network information security management[J].Science and Management,2009,29(1):51-54.
[3]谢崇斌.基于ISO17799信息安全管理体系风险评估[D].西安:西安电子科技大学,2004.
[4]张浩.基于ISO/IEC27001的信息安全体系与国家电网公司现有体系的比较研究[J].电力信息化,2009,7(5):43-46.ZHANG Hao.A comparative study of ISO/IEC27001 based information security system and the existing system of State Grid[J].Electric Power IT,2009,7(5):43-46.
[5]ISO/IEC17799—2000.Information technology:Code of practice of information security management[S].2000.