| With the rapid progress of information technologies, enterprises and personals more and more depend on the information products and services. The confidentiality, integrity and availability of information become more and more important for business operation and are just what the information security management should achieve. There are so many factors which impact enterprises IS, it is a quite complex process to manage it.In this paper, based on both risk evaluation and analysis, risk evaluation theory and fuzzy comprehensive evaluation method are introduced to solve such an issue with multi-objects, multi-layers and multi-principles. Then, the evaluation methods are applied to a real enterprise, its IS conditions of all the aspects are analyzed in details, and the general risk rate level is obtained.Based on both risk evaluation results and the P~2DR model, an Information Security Management System are established to reduce and/or clear off the risk. The paper establishes a complete securities management model involving management and technical factors.The case and research of the paper has some universality on information system, network and management, so, it can offer some experiences and references for the similar enterprise to improve their information security. |
PDF Full Text Request