县级供电公司信息安全管理研究
发布时间:2019-03-11 11:20
【摘要】:随着县级供电公司信息化建设不断加快,信息安全管理滞后带来的影响越发明显,在信息安全技术快速发展和信息安全形势日益严峻的今天,县级供电公司急需融合信息安全现状、信息安全管理标准和企业发展需求,解决信息安全管理与信息化建设不同步造成的信息安全防护能力不足的问题。本文通过将国际信息安全管理标准ISO/IEC 27001与县级供电公司信息安全体系建设相融合,借鉴国家电网公司信息安全体系结构,设计出适用于县级供电公司信息安全建设的新体系和新方法。本文主要介绍了如何通过对县级供电公司从管理和技术两个方面进行全面的信息安全风险评估,识别公司面临的信息安全风险,并与国家电网公司信息安全体系、ISO/IEC 27001中的信息安全管理要求相比较,查找不足,从管理角度完善县级供电公司信息安全组织建设、运维管理建设和管理制度建设,从技术角度完善边界安全、网络安全、主机安全和应用安全建设,从而形成完整的信息安全体系,全面提升县级供电公司信息安全防护水平,为公司生产、经营和管理提供强有力的基础保障。
[Abstract]:With the rapid development of information technology in county-level power supply companies, the lag of information security management has brought more and more obvious impact. Today, with the rapid development of information security technology and the increasingly severe situation of information security, County-level power supply companies need to integrate the current situation of information security, information security management standards and enterprise development needs, to solve the information security management and information construction caused by the lack of information security protection capacity. This paper combines the international information security management standard ISO/IEC 27001 with the construction of information security system of county-level power supply companies, and draws lessons from the information security architecture of State Power Grid Corporation. This paper designs a new system and method for information security construction of county-level power supply companies. This paper mainly introduces how to identify the information security risks faced by the county-level power supply companies from the aspects of management and technology, and how to identify the information security risks faced by the company and the information security system of the State Power Grid Corporation. Compared with the requirement of information security management in ISO/IEC 27001, we can find the deficiency, perfect the information security organization construction, operation and maintenance management construction and management system construction of county-level power supply company from the management point of view, perfect the border security and network security from the technical point of view. The construction of mainframe security and application security, thus forming a complete information security system, comprehensively improving the level of information security protection of county-level power supply companies, and providing a strong basic guarantee for the production, operation and management of the company.
【学位授予单位】:大连海事大学
【学位级别】:硕士
【学位授予年份】:2015
【分类号】:TP309;F426.61
本文编号:2438238
[Abstract]:With the rapid development of information technology in county-level power supply companies, the lag of information security management has brought more and more obvious impact. Today, with the rapid development of information security technology and the increasingly severe situation of information security, County-level power supply companies need to integrate the current situation of information security, information security management standards and enterprise development needs, to solve the information security management and information construction caused by the lack of information security protection capacity. This paper combines the international information security management standard ISO/IEC 27001 with the construction of information security system of county-level power supply companies, and draws lessons from the information security architecture of State Power Grid Corporation. This paper designs a new system and method for information security construction of county-level power supply companies. This paper mainly introduces how to identify the information security risks faced by the county-level power supply companies from the aspects of management and technology, and how to identify the information security risks faced by the company and the information security system of the State Power Grid Corporation. Compared with the requirement of information security management in ISO/IEC 27001, we can find the deficiency, perfect the information security organization construction, operation and maintenance management construction and management system construction of county-level power supply company from the management point of view, perfect the border security and network security from the technical point of view. The construction of mainframe security and application security, thus forming a complete information security system, comprehensively improving the level of information security protection of county-level power supply companies, and providing a strong basic guarantee for the production, operation and management of the company.
【学位授予单位】:大连海事大学
【学位级别】:硕士
【学位授予年份】:2015
【分类号】:TP309;F426.61
【参考文献】
相关期刊论文 前4条
1 蒋明;吴斌;;电力营销系统信息安全等级保护的研究与实践[J];电力信息化;2009年03期
2 李巍;刘树吉;;辽宁电力信息安全防护体系研究与实践[J];电力信息化;2011年04期
3 李杨,聂晓伟,杨鼎才;基于BS7799标准风险评估实施性研究[J];计算机应用研究;2005年07期
4 M. Marsadek;A. Mohamed;;Risk based security assessment of power system using generalized regression neural network with feature extraction[J];Journal of Central South University;2013年02期
相关会议论文 前1条
1 高鹏;范杰;郭骞;;电力系统信息安全技术督查策略研究[A];2012年电力通信管理暨智能电网通信技术论坛论文集[C];2013年
相关博士学位论文 前1条
1 肖英;信息保障及其评价指标应用基础研究[D];武汉大学;2006年
相关硕士学位论文 前2条
1 肖应霖;关于项目风险管理方法论在企业信息安全管理体系中的应用[D];上海交通大学;2011年
2 刁勇;增强信息安全的ASP模式研究[D];大连海事大学;2009年
,本文编号:2438238
本文链接:https://www.wllwen.com/qiyeguanlilunwen/2438238.html
