| The rapid development of information technology has changed people's work and life. The importance of information is widely accepted and many companies have particularly concerned about it and treat it as an important asset. The ISMS (Information Security Management System) is an effective way to solve the information security issues systematically. ISMS is part of organization overall management system, in which organization establishes the information security policy and the goal within the entirety or specifically appointed range, as well as achieves these goals. As a representational information security management system standard in the world, ISO/IEC27001 has got more and more countries'ratification.The dissertation does a lot of research about the theory of ISO27001 and the risk management. The dissertation studies the current situation and security requirement of a modern enterprise, puts forward feasible methods of risk assessment, designs a risk assessment process. During the process of establishing the enterprise's ISMS, design a series of forms and some adaptive methods according to the enterprise's characteristic, which made risk assessment applied successfully to the ISMS process. And then the enterprise's ISMS got ISO27001 certificate.The dissertation combines the enterprise information asset characteristic and the information security needs, as well as the realization feasibility, and designs a set of qualitative and quantitative risk analysis methods. The value of information assets'CIA, threads and vulnerabilities were analyzed by qualitative method, which made it operable to identify and assess a large amount of assets. The value of asset and risk were work out by quantitative method, which provided the following risk management the exact basis.The dissertation achieves the complete identification of information assets and form lists of enterprise information assets, after analyze the business information flow. In the IC manufacture enterprise, customer's IC design is the source of product line and is the core of information security management system. So to select IC design relative business to analyze business information flow ensured the critical assets were identified completely and efficiently.In the risk assessment using the vulnerability as main line and ISO27001 standard control points, designs the method of identifying asset vulnerability and threat, which help enterprise to know well and control information risk.The dissertation selects enterprise's production management system--- REMS as typical sample to do risk assessment in the ISMS implementation process. According the assessment result, REMS belongs to high-risk software assets and need to add risk control and improve its security management. In the risk control plan designs the development flow, viz. system development life cycle. And then in the life cycle, combines ISO27001 standard and"touch point"development model to implement security management on REMS. The"touch point"development model gives security management architecture based on software development life cycle. And ISO27001 standard points out the detailed implementation guidelines from all sides of software development.After the establishment of ISMS and the adoption of ISO27001 certification, improved the enterprise's confidentiality, integrity and availability of information security, formed a sustainable improvement information security management environment. |
PDF Full Text Request