Nowadays, in the field of information security, more and more people become aware of the fact that information security is not merely a matter of technology, but rather a matter of management. This paper is mainly focusing on the managerial aspect of information security. It is designed to provide the administrative body of an organization with a set of essential elements of information security management. It also provides a common language and a system framework of information resource protection , comprehensible and acceptable to both information specialists and high level management. In addition, the paper puts forward on the basis of detailed analysis a platform for the implementation of information security management. And some security principles proposed for organization-level and system-level respectively. However, due the limited reference and time constraint, there are still some points in the paper needed to be further studied in terms of depth and detail.
|