A保险公司信息技术外包中的信息安全风险控制研究
发布时间:2019-07-01 14:57
【摘要】:最近20年以来,信息化已经逐渐成为所有企业发展的动力之一,所有的企业都非常重视信息化建设工作。在此过程中,信息技术外包由于其经济性、时效性和专业性得到了很多企业的青睐,成为企业信息化不可或缺的手段之一。但信息技术外包过程中,不可避免地会使外包方接触了解企业的数据或资料,信息安全问题成为企业非常关心的问题之一。 本文探讨的正是在实现信息技术外包过程中如何控制信息安全风险。本文以一家保险集团公司(文中简称“A公司”)为例,分析了该企业在信息技术外包中遇到的信息安全问题及其成因,并结合信息技术外包和信息安全风险管理的有关理论提出了一些控制理念,重点包括制订合适的外包策略、对信息安全风险进行全面的分析和分类以及构建事先、事中和事后三道防线。A公司以此控制理念为基础,结合自身实际,在日常管理中加以细化,形成了自己的一套控制方法,取得了较好的效果。本文最后以A公司近期实施的W项目为例,验证了这些控制方法的有效性。
[Abstract]:Since the last 20 years, informatization has gradually become one of the power of all enterprise development, and all enterprises attach great importance to the work of information construction. In this process, the outsourcing of information technology has been favored by many enterprises because of its economy, timeliness and professionalism, and becomes one of the indispensable tools for enterprise information technology. However, in the process of information technology outsourcing, it is inevitable to make the outsourcing party contact with the data or information of the enterprise, and the information security problem becomes one of the most important issues of the enterprise. This paper discusses how to control information security in the process of information technology outsourcing In this paper, an insurance group company (hereinafter referred to as" "Company A" ") is taken as an example to analyze the information security problems encountered by the enterprise in the outsourcing of information technology and its causes, and put forward some control measures in combination with the related theories of information technology outsourcing and information security risk management. Read, focus on the development of appropriate outsourcing strategies, comprehensive analysis and classification of information security risks, and the construction of pre-and post-and post-incident three-way defence The line. A is based on this control idea, and in combination with its own reality, it is refined in the day-to-day management, and a set of control methods are formed, and the better effect is achieved. In the end of this paper, the W project implemented by A Company is taken as an example to verify the effectiveness of these control methods.
【学位授予单位】:华东理工大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:F272.3;F842.3
本文编号:2508578
[Abstract]:Since the last 20 years, informatization has gradually become one of the power of all enterprise development, and all enterprises attach great importance to the work of information construction. In this process, the outsourcing of information technology has been favored by many enterprises because of its economy, timeliness and professionalism, and becomes one of the indispensable tools for enterprise information technology. However, in the process of information technology outsourcing, it is inevitable to make the outsourcing party contact with the data or information of the enterprise, and the information security problem becomes one of the most important issues of the enterprise. This paper discusses how to control information security in the process of information technology outsourcing In this paper, an insurance group company (hereinafter referred to as" "Company A" ") is taken as an example to analyze the information security problems encountered by the enterprise in the outsourcing of information technology and its causes, and put forward some control measures in combination with the related theories of information technology outsourcing and information security risk management. Read, focus on the development of appropriate outsourcing strategies, comprehensive analysis and classification of information security risks, and the construction of pre-and post-and post-incident three-way defence The line. A is based on this control idea, and in combination with its own reality, it is refined in the day-to-day management, and a set of control methods are formed, and the better effect is achieved. In the end of this paper, the W project implemented by A Company is taken as an example to verify the effectiveness of these control methods.
【学位授予单位】:华东理工大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:F272.3;F842.3
【参考文献】
相关期刊论文 前8条
1 蔡华利;张翠英;;企业软件外包风险管理研究[J];中国管理信息化(综合版);2006年04期
2 王庆喜;金融服务外包风险及其对策[J];华东经济管理;2005年05期
3 方德英,李敏强;IT项目风险管理理论体系构建[J];合肥工业大学学报(自然科学版);2003年S1期
4 邢东涛;;商业银行IT业务外包过程中若干问题的探讨[J];黑龙江科技信息;2009年02期
5 梁新弘;论信息技术(IT)外包的动因、风险及防范[J];科技管理研究;2004年01期
6 聂规划,周晓光,张亮;企业信息技术外包的风险与防范[J];科技进步与对策;2002年04期
7 单宝;企业业务外包战略的确立与实施[J];上海商业;2004年11期
8 余秦勇;;信息安全风险管理研究[J];信息安全与通信保密;2006年07期
,本文编号:2508578
本文链接:https://www.wllwen.com/jingjilunwen/bxjjlw/2508578.html
