| With the rapid development of the world science technology and the extensive applicaiton of information technology, especially the fast pace of China's national economic and informatization of society, ground and global rule in network and information systems's affection is growing up,information security has become an important part of national security.Information security management plays an important role of information security work.Information Security Management System (ISMS) as an important part of the building theBased on the studies of both ISO/IEC 27001 ISMS standerd, relative national standerds, academic research results, and the capability mutual model (CMM) in the software engineering field, an ISMS-CMM framework is presented in this thesis. The framework is then explored systematically.The nine-hirarechies ISMS-CMM framework is analysised in refined grids with respect to Down-Up methodology. In the beginning of the thesis, four types of harm ISMS organizations have been regnized and evaluated. The main concerns in the thesis are focused on the five types of ISMS organizations combining the capability mutual model theory and the assessments of the targets, contents, procedures, and effiences for the five-type ISMS organizations have been discussed.The foundation of ISMS, PDCA Daming Ring, is explored based on its role playing in difererent levels of ISMS and diagram of ISMS-PDCA is designed. Moreover a so called distribution of control points is classified to cooperate with the CMM theory in software engineering and the finer the distribution of control points, the more mutual of the ISMS.Finally, the research results of the thesis have been applied successfully in practical ISMS activities to verify the efficience of ISMS-CMM and the consequence results have been admitted by an expert team from State Information Security Organization. |
PDF Full Text Request