Shulou(Shulou.com)06/01 Report--

In the last article, we learned about the important role of information security planning. this paper mainly talks about several aspects that need to be considered as a whole.

I. Information Security Planning depends on Enterprise Informatization Strategic Planning

Information strategic planning is based on the development goals, development strategies and business needs of various departments of the organization, combined with industry informatization demand analysis, environmental analysis and mastery of the development trend of information technology. Define the vision, mission, goal and strategy of organizational informatization construction, plan the future framework of organizational informatization construction, and provide a complete blueprint for the implementation of informatization construction. Comprehensively and systematically guide the process of organizational informatization construction. Information security planning relies on enterprise informatization strategic planning, which plays an escort role in the implementation of informatization strategy. The goal of information security planning should be consistent with the goal of organizational informatization, and it should be more specific and closer to security than the goal of organizational informatization. All the discussions on information security planning should be carried out and deployed around this goal.

Second, information security planning needs to focus on technical security, management security and organizational security considerations.

The methods of information security planning can be different and the emphasis can be different, but it needs to be comprehensively considered around technical security, organization and management security, operation and maintenance security. The content of the plan should basically cover: determining the tasks, objectives and strategies of information security, as well as strategic departments and strategic personnel, and on this basis to formulate the overall plan of information security for physical security, network security, system security, operation and maintenance security, and personnel security. Physical security includes environmental equipment security, information equipment security, network equipment security, physical distribution security of information assets equipment and so on. Network security includes network topology security, network access security and so on. System security includes operating system security, application software security, application policy security and so on. The security of operation and maintenance should be guaranteed at the control level and management level, including backup and recovery system security, vulnerability checking and system patch functions, password management, etc. Personnel safety includes the organization of safety management, personnel safety education and awareness mechanism, personnel recruitment and turnover management, third-party personnel safety management and so on.

III. The influence of information security planning on information systems and information resources.

The final effect of information security planning should be reflected in the security protection of information systems and information resources, so the planning work needs to focus on the development, utilization and protection of information systems and information resources. it includes four aspects: blueprint, current situation, demand and measures. First of all, the planning of information system and information resources needs to start with the blueprint of information construction, make clear the overall goal of organizational informatization development strategy and the implementation goal of each stage, and work out the development goal of information security; second, make an overall, comprehensive and comprehensive analysis of the current situation of the organization's information work, and find out the advantages and disadvantages in the past work. Third, put forward the demand for the next few years according to the goal of information construction, and this demand had better be broken down into several small aspects for future implementation and implementation; fourth, it is necessary to document the specific measures and methods in the implementation stage and improve the implementation of the planning work.

Information security planning serves the strategic goal of enterprise informatization. If information security planning is done well, the realization of organizational informatization will be guaranteed. Information security planning is the basic work of organizational informatization development strategy, which is not optional but very important. Because the tasks and objectives of organizational informatization are different, the contents of information security planning are different, and the scale of construction is very different. therefore, information security planning can not find very targeted help from professional books or research materials, and it is impossible to give a standardized template for information security planning. In this paper, the framework and method of information security planning are put forward, and a construction principle, construction content and construction idea of information security planning are given.

The above is a summary of the work of Shandong Software Evaluation Center for many years. I hope it can bring help to everyone, and I hope to correct the deficiencies.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.