基于精益化的电力企业信息安全风险管理研究

发布时间：2017-12-31 00:02

本文关键词：基于精益化的电力企业信息安全风险管理研究　出处：《华北电力大学》2013年硕士论文　论文类型：学位论文

【摘要】：电力行业是我国能源行业的最重要组成部分,而电力企业管理信息系统逐渐成为电力企业信息化的发展核心。与此同时,随着电力企业对管理信息化的依赖程度越大,电力企业信息安全问题也就越多越严重。如何有效保障电力企业信息安全已经成为一项非常紧迫的任务,对信息安全存在的风险进行有效的管理显得日益重要。目前,国外学者对电力企业信息安全风险管理从定性和定量两种角度进行了大量研究,但大多都聚焦于对电力企业信息安全风险进行识别或评估,围绕风险评估进行相关方法的讨论,将精益化管理思想整合于电力企业信息安全风险管理的研究几乎没有。本文首先根据电力企业信息系统的具体特点,分析了典型电力企业信息系统的信息安全CIAA需求目标组合,从情景分析、威胁分析、漏洞分析三个角度对电力企业信息安全风险进行了分类,并提出了将风险管理运用于电力信息安全管理时的基本原则。其次,根据精益原则,提出并解释了精益电力信息安全风险管理的概念,重点分析和阐释了精益电力信息安全风险管理中浪费的含义和种类,并提出了精益电力信息安全风险管理的五大基本原则以及相关组织机构和责任落实情况。最后,在逐个分析传统信息安全风险管理模型各步骤特点和问题的基础上,有针对性的应用精益化管理思想对各流程的问题给出了解决方案和改进建议,提出了基于精益化的电力企业信息安全风险管理各个子模型,并综合构建了基于精益化思想的电力安全风险管理模型总模型,同时进一步详细总结和阐释了该模型的管理原则。
[Abstract]:The electric power industry is the most important part of the energy industry in our country, and the electric power enterprise management information system has gradually become the core of the development of the electric power enterprise informatization. With the greater reliance of electric power enterprises on information management, the more and more information security problems of electric power enterprises, how to effectively protect the information security of electric power enterprises has become a very urgent task. It is increasingly important to effectively manage the risk of information security. At present, foreign scholars have carried out a large number of qualitative and quantitative research on the information security risk management of electric power enterprises. However, most of them focus on the identification or evaluation of information security risks in power enterprises, and discuss the relevant methods of risk assessment. There is almost no research on integrating lean management ideas into information security risk management of electric power enterprises. Firstly, according to the specific characteristics of electric power enterprise information system, this paper analyzes the information security CIAA requirement target combination of typical electric power enterprise information system, and analyzes the situation and threat. This paper classifies the information security risk of electric power enterprise from three angles of vulnerability analysis, and puts forward the basic principles of applying risk management to power information security management. Secondly, according to the lean principle. This paper puts forward and explains the concept of lean power information security risk management, and emphatically analyzes and explains the meaning and category of waste in lean power information security risk management. And put forward the five basic principles of lean power information security risk management and the implementation of relevant organizations and responsibilities. Finally. On the basis of analyzing the characteristics and problems of each step of the traditional information security risk management model one by one, this paper puts forward the solutions and improvement suggestions for the problems of each process by applying the lean management idea. Each sub-model of power enterprise information security risk management based on Lean is put forward, and the general model of power security risk management based on lean thought is constructed synthetically. At the same time, the management principle of the model is summarized and explained in detail.
【学位授予单位】：华北电力大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：F270.7;F426.61;TP309

【参考文献】