| In recent decades, information security has grown rapidly and played crucially important role in enterprises. Particularly, as rapid development of network technology and Internet, information security's focus gradually shift from physical information management to the full range of information security management. Nowadays, as representative of electronic information security, network security and software security take a more and more important part in modern information security management in enterprises.The growth of network technology and software industry greatly benefits people in various ways. However, it also brings high security risk, stress and challenges. Enterprises have to pay much more attention to protecting assets from being threatened in electronic information security level.For most small and medium-sized IT enterprises, they don't have sufficient budget, awareness or experience to build up a consummate information security management system. Whereas, most likely, their core competitiveness relies on patent products or creative service, which are relatively easy to be attacked internally. It becomes struggling to balance budget, flexibility and performance in security strategy.This thesis analyzes small and medium-sized enterprises'characteristics and typical security threat, raises a risk based information security management mechanism. According to the specific requirement of company, corresponding security technique and strategy will be introduced to support security constitution and implementation. Typical practices include but not limited to assets classification and prioritization; policy targeted implementation and supervision; taking advantage of open source security tools; monitoring and logging; physical structure optimization and system virtualization.This thesis describes a clear picture of typical framework of information security; it can help to work out a practical strategy and solution by analyzing and controlling risk of company. |
PDF Full Text Request