Shulou(Shulou.com)06/01 Report--

As a kind of resource, information is of great significance for human beings because of its universality, sharing, value-added, processability and versatility. The essence of information security is to protect the information resources in the information system or information network from various types of threats, interference and destruction, that is, to ensure the security of information. According to the definition of the International Organization for Standardization, the meaning of information security mainly refers to the integrity, availability, confidentiality and reliability of information.

In the previous article, we talked about the idea of information security construction, this issue mainly introduces the methods of information security construction, this paper makes a simple statement on the goal of information security construction, hoping to bring help to you.

When carrying out the construction of information security, enterprises should, from the perspective of the overall IT planning of the enterprise, bring the information security work into an important work of the IT department to grasp it as a whole. Establish the information security policy, determine the information security strategy, construct the information security management system, technical system and operation and maintenance system, and constantly improve in the actual work. As shown in the information security architecture roadmap in figure 1.

Information security system planning map

Information system security is a dynamic development process, most of the security problems that can be solved by technology in the past, but now only rely on the accumulation of security products to deal with the rapid development of various means can not be sustainable and effective. The construction of information security is a complex system engineering. It is necessary to change the concept and build an omni-directional security strategy with the support of security products, so as to make it a sustainable, dynamic and gradual process with security guarantee. Therefore, at present, when the security equipment has a certain scale, standardized management has become the core content of information security planning, and the planning of standardized management must be put in the first place in information security planning. Normative management includes risk management, security policies, rules and regulations and security education, which are important components of information security planning. Information security planning needs a planning basis, which is the organization's information strategic planning, and at the same time, it also needs a reasonable layout of organization and personnel structure to ensure that nothing can be accomplished without the cooperation of suitable personnel. therefore, attention must be paid to the key link of the establishment of organizational structure and rational deployment of personnel in security planning.

The construction goal of information security can be summarized by "one goal, two means and three systems".

A target. The construction goal of information security is to provide comprehensive security services based on security infrastructure and under the guidance of security policy, covering all aspects of physics, network, system, data and application platform, as well as protection, detection, response, recovery and other links, to build a comprehensive, complete and efficient information security system, so as to improve the overall security level of the organization's information system. Provide solid information security for the business development of the organization.

There are two ways. Information security construction should include two means: security technology and security management. Among them, the safety technology means is the foundation of the security guarantee, and the safety management means is the key to the real benefit of the safety technology means. the correct implementation of management measures needs technical means to supervise and verify at the same time, the two complement each other and are indispensable.

Three systems. Information security construction finally forms three main systems, including security technology management and control system, security organization management and control system, and operation guarantee management and control system.

The above is a summary of the work of Shandong Software Evaluation Center for many years, and we also hope that experts and scholars will correct the shortcomings.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.