【作者】 梁军；

【导师】 单汨源；

【作者基本信息】 湖南大学 ， 工商管理， 2007， 硕士

【摘要】 进入信息时代,企业的各种经营活动越来越强烈地依赖信息资源和信息网络,而网络在为企业带来利益、价值和方便的同时,也带来了巨大的风险和隐患,如何通过信息安全建设来消除和降低风险,实现信息安全保障目标已经成为全球企业共同关注的焦点问题。电信内网又称电信IT网络,是承载电信企业核心业务和机密信息的内部网络,其安全性关系到企业的生存发展,在内网建立起完善的信息安全保障体系也是湖南电信急需解决的重要课题。论文从分析湖南电信外部环境及企业面临的萨班斯法案、战略转型、运营支撑系统集中化的信息安全建设的需求背景入手,按照风险评估方法,对湖南电信内网信息安全现状、面临的风险和安全建设中存在的主要问题进行了深入的剖析和研究,在风险评估的基础上,依据国内外公认的信息安全管理标准和典型信息安全模型,以信息安全管理理论为指导,借鉴国内外企业信息安全建设的最佳实践经验,对湖南电信内网的信息安全体系进行了总体架构,对四个要素:策略体系、组织体系、管理运作体系、技术体系的建设内容进行了详细规划。同时,制定了体系的建设流程,对建设中的关键问题:管理运作的方法、技术体系的建设给出了建议和实施方案,最后就体系的适宜性、充分性、有效性、可操作性和实现企业信息安全目标的可靠性进行了理性分析和综合评价。研究结果表明:湖南电信内网的信息安全体系具有层次化的策略体系、完善的组织架构、基于风险管理的运作体系、纵深防御的技术体系、在管理模式上符合PDCA的信息安全管理模式,在实施流程上体现了持续性、动态性、不断改进的建设思想,尤其强调了在信息安全管理运作上融入先进的、科学的现代管理方法,研究提出用规范化命名方法解决管理制度混乱分散、无法形成制度体系的问题;用集中化管理和分权管理的结合解决数据集中情况下统一安全管理的复杂性问题;用柔性管理解决安全意识贯彻难的问题;用统一的安全运营平台解决大型企业安全事件管理难的问题。文中设计的湖南电信内网信息安全体系和提出的建设方法是充分、有效、科学的,既能满足企业内网信息安全保障目标和未来发展需求,又体现了行业特点,对其他大型企业的信息安全建设具有很强的示范性和参考价值。更多还原

【Abstract】 Come into information age, more and more operating activities of enterprises depend on information resource and network, it brings benefits and profits and facilities to enterprises, on the other wise, it brings huge risk and potential safety hazards. How to reduce or even eliminate the risk through strengthening information security construction is a focal subject discussed by numerous domestic and overseas enterprises. Telecommunication internal network, is also called IT network, it is the internal load-carrying net which sending important business and secret information for telecommunication enterprises, its safety influences enterprise development greatly, it is also an important subject for HuNan telecommunication to build a perfect information security system.This thesis begins with the research on analysis on external conditions and internal factors such as sox bill and strategy transformation and information system centralization how to impact on the enterprises information security to HuNan telecommunication, then it researched on current situation and risk and main problems on HuNan telecommunication internal network security according to risk appraisal methods. Guided by official information security management standards and typical models and information security management principle and related scientific theories, and drawing on the experiences from both home and abroad, the author has constructed the HuNan telecommunication internal network information security system and designed the four key elements as strategy system and organization system and management system and technology system in details .The thesis also includes the construction process of the information security system and suggestion on how to solve the key problem such as the effective methods of management and the construction plan of technology system. At last, the author has also conducted rational analysis and all-round evaluation on the suitability, sufficiency, effectiveness, maneuverability and sustainability of the whole system.Research result indicates HuNan telecommunication internal network information security system has the hierarchical policy system and perfect organization system and effective operation system based on risk management and solid technology system and the PDCA management mode adopted. HuNan telecommunication expresses the management idea of continuous improvement in information security work, especially; the author emphasizes using advanced, scientific, modern managements methods during the information security management. Research suggested use the formal name method to solve rules and regulations disordered problem, use centralization management combined with decentralization management to reduce the complexity of security management under data centralization situation, use flexible management to solve security idea put into practice difficultly, use unified security center to solve the large enterprise security events management. The information security system and construction method suggested in this thesis is advanced, scientific, effective and accordant to the development needs of the HunNan telecommunication and indicated IT industry features, can be recommended to other large enterprises.更多还原