Shulou(Shulou.com)06/01 Report--

In the previous article, we made clear the goal of information security construction. This paper describes the necessity of information security construction planning. The following is a summary of the experience of Shandong Software Evaluation Center for many years. If you have any questions, you are welcome to clap bricks.

I. concept

According to the needs of users, according to the current situation of user network security, planning and feasibility analysis, product selection, investment budget and other information security construction scheme design.

II. The significance of Information Security Planning

Information security planning is a comprehensive project involving management, laws and regulations, technology and so on. The overall goal of information security is the sum of physical security, network security, host security, application security, data security and security management. The ultimate goal of information security is to ensure the confidentiality, integrity and availability of organizational information, as well as organizational control of information resources.

Information security planning is to comprehensively and completely plan the application of information system and related information architecture under the guidance of organizational information strategic planning and on the basis of organizational information resource planning. determine the security framework, management model and construction steps of the information system. The network and information environment built by enterprises under the guidance of information security planning can make all kinds of business solutions, application systems and data avoid the threat of negative factors under the control and restriction of security mechanism. Information security planning should not only plan for the next few months, but also a process of planning how to achieve the security construction goals under the guidance of organizational information vision planning in the next few years. Information security planning is more important than purchasing information security products alone. Only when the overall deployment of information security has a plan, direction, purpose and cooperation, can it constitute a real sense of information security.

III. The scope of information security planning

Information security planning is an important part that must be considered in the information system under construction and already built. Information security planning is mainly based on the results of risk assessment and extracted security requirements to describe the implementation of the corresponding security objectives, measures and steps. According to the idea of "network security", information security planning needs to be comprehensively considered from many aspects such as management, organization and technology, which should involve comprehensive management, technical specifications, operation and maintenance and other aspects of control measures.

Information system security is a dynamic development process, in the past, most of the security problems can be solved by relying on technology, but now it is not sustainable and effective to rely on the accumulation of security products to deal with the rapid development and changes. The construction of information security is a complex system engineering. It is necessary to change the concept and build an omni-directional security strategy with the support of security products, so as to make it a sustainable, dynamic and gradual process with security guarantee. Therefore, at present, when the security equipment has a certain scale, standardized management has become the core content of information security planning, and the planning of standardized management must be put in the first place in information security planning. Normative management includes risk management, security policies, rules and regulations and security education, which are important components of information security planning. Information security planning needs a planning basis, which is the organization's information strategic planning, and at the same time, it also needs a reasonable layout of organization and personnel structure to ensure that nothing can be accomplished without the cooperation of suitable personnel. therefore, attention must be paid to the key link of the establishment of organizational structure and rational deployment of personnel in security planning.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.