Analysis And Design Of The Information Security Management Metrics Scheme For Enterprise

With the rapid development of information technology, improvement in the level of enterprise information, the vulnerability of information systems is more and more prominent, security issues is appeared more and more serious, and also attracted wide attention, so for the information system security metrics are imperative, and is the critical foundation status in information security.The information security management metrics are an ongoing process collect and evaluation data and information, and used to the evaluation of the safety performance for the current period and the trend of the duration of the safety performance.The research for information system security metrics have a history of more than two decades abroad, and the developed countries have already established the state certification institution and the authentication system risk metrics, the risk metrics system to study and develop the standard for metrics, metrics and metrics techniques, and the standard system, technology system, organizational structure and operational system related to information systems security metrics are already quite mature.The research of our information system security metrics started a few years, mainly focused on the establishment of the organizational structure and operational system, and appropriate standards and technology system is still in the research stage, it has broad research and development. Whether at home or abroad, in the information system security metrics, the security model, the standard choice of metrics method, the process of implementation has been the focus of research.In this paper, I mainly where the company based on its own, combined with modern enterprise information system of the actual situation, analyze the information security behavior, and how to use the metrics to clarify a safe way of organization behavior. By measuring the safety, analyze the data the result, and express the security of information systems for digitalize. After explained that the purpose of risk management is to improve the future, not to explain the past.This article describes following parts:1. To analysis the requirement for the enterprise information system security metrics. Combing the company’s network status, and for network security issues that exist in the improvement of proposed solutions.2. For information system security metrics schemes are summarized design. Combined with the present situation of information system applications, and explain the design framework for information system security metrics scheme.3. Analysis the information system security metrics scheme analysis, and design to the information security metrics of detailed scheme.4. After the information system security metrics design, for the information system security situation put forward the improvement plan.Security metrics for risk management through the provision of services and policy decisions for the enterprise-that safety metric is the risk of doing risk management decision-making support. It will be further elaborated in the modern business environment, how to quantify, classify, and measure information security operations.