| With the rapid development of large enterprises, information technology and the daily operation as well as the core business of enterprises gradually integrated in recent years, information systems have become an important means of support for the enterprise development. Information security is a requirement for the reliable and efficient operation of the enterprise information systems. To establish and improve enterprise information security assurance model ensure continuous, safe and efficient operation of enterprise information system, have become the basic demand to guarantee daily efficient operation of enterprises. Nuclear power enterprise information is an important guarantee and tool for nuclear power production. Various factors of nuclear power enterprise, which affect information security, can be divided into three categories, management, technology, and supervision. The study of the establishment of a sound information security assurance model of nuclear power enterprise has been one of the urgent works for nuclear power enterprise. Under the current situation of prudent development of nuclear power of the country, how to ensure the information security of nuclear power plants, and whether the idea of nuclear safety culture can be referred to carry on the work of information security of nuclear power plants, thus make information security an important component of nuclear security, are also important research contents of nuclear power security assurance.The paper summarized the related researches at home and abroad, and concludes the deficiencies of these researches as following:(1) Research and application of information security assurance of foreign enterprises are inadequate and with rare related literature.(2) The research of national information security assurance systems and industry information security assurance systems has been conducting since the state’ s ’No.27’ file. However, the current system is not improved and systematic; especially with no criteria of industry or enterprise information security assurance.(3) The nuclear safety culture has been improved and widely applied in the field of nuclear power after the Soviet Union Chernobyl nuclear accident. However, no study of the combination of nuclear safety culture and information security at home and abroad has yet appeared, and lacking in information security assurance with nuclear features. The main content of the research in this paper is how to establish the enterprise Information Security Management System and the Security technology system with research experience from home and abroad, integrate the management ideas of nuclear safety culture into the information security management model.In the course of the research, this paper follows the principle of the combination of inheritance and innovation, theoretical study and practical application. In this paper, series of methods are adopted as following:literature research, comparative analysis, model study and case study.The structure of paper is divided into six chapters.The first chapter:Introduction. Mainly introduces the background and significance of this paper, briefly analyze the current situation of information security research home and abroad. Research contents, methods and innovations of this paper are stated.The second chapter:Theoretical basis related. This chapter describes the information related to information security management, information security assurance, classified protection, nuclear safety culture, and related content of theoretical concepts of EA.The third chapter describes the construction of information security management and assurance model of nuclear power enterprise. The paper summarized and analyzed the main influencing factors of information security of nuclear power enterprise, and sum up into three categories:management, technology and supervision. According to the ideas and methods of establishment of nuclear power enterprise information security assurance model, the paper studied the construction of enterprise group information security assurance model, including system construction method, system objectives, system security objectives, system assurance content, supervision of audit measures, construction of three security defense lines and how to integrate the nuclear safety culture into information security, etc.The fourth chapter describes the implementation of information security architecture model of the nuclear power enterprise. The paper used EA methodology and referred to the Gartner EISA model to study and develop a information security architecture model of nuclear power enterprise, which including three abstraction levels---conception, logic and implementation---and three models from the viewpoints of management, technology and supervision. According to three kinds of problems in influencing management, technology and supervision of information security of nuclear power enterprise, the paper describes the specific contents of EISA model from three aspects of the management system architecture, technical system architecture and supervision system architecture. This chapter also contains the study of nuclear power enterprise information security and confidentiality system, research on security technology scheme under the information conditions and how to plan for the implementation of secure confidential scheme under the unified management of confidential departments in enterprises.The fifth chapter:Case study. In this paper, the study takes a certain nuclear power enterprise as an example, describes the specific contents of method, process and implementation of the information security assurance of that enterprise. Similarly, this chapter also describes the specific contents of nuclear power enterprise information, the implementation, maintenance and operation of each technology component from the respects of plan and task in management, technology and supervision. At the end of the chapter, the paper summarizes the effect of operation.The sixth chapter:Conclusion and prospect. Briefly concludes the main work and research of the paper and point out the problems existed as well as the next research direction.
|
PDF Full Text Request