| Modern information technology is just like a two-side sword to enterprises. On one hand, the accurateness, effectiveness and interconnection of information system make a wider space for the development of enterprises. On the other hand, the information security risks caused by the application of IT become a focus that the enterprises have to address.Information and information systems are facing more multiple and more frequent threats. The attack frequency is higher and that need shorter reaction time. In that case the traditional passive security management can't guarantee information security any longer. Enterprises should pay more attention to the idea of constructing architecture of information security guided by risk management, which is a rational attitude to deal with information security.The enterprise information security risk management is a dynamic and periodic process. Based on risk analysis, information security risk management must also implement selected security measures with better monitor and control. During the risk management project process, the enterprise should follow the principle of cost-benefit and take good use of all kinds of resources.Based on the summary of IS risk management theory and the experience of IS risk management practices, an enterprise information security risk management framework is proposed;and this framework composes two parts: process framework and implementation framework. Enterprises can use this framework to manage information security risks in a better way.Finally, a case is introduced with the supervision of the implementation framework in the domestic S company information security risk evaluation and management project. |
PDF Full Text Request