| With the development of science and economy,the globalization speeds up day and day meanwhile information spreads all over the world as well.Information not only become the important resource of every country,but also affect people’s way of life. The information development and utilization become the focus of research of all countries.The USA become information security systems by using the information technology and resource effectivelly,so it promotes their own economy and the rapid development of science and technology. With the rapid development of the information age,information security problem become obvious day and day,such as the computer viruses,hackers,etc.This is not only related to the individual,enterprise,industry,and even mean for national security.At present,China also faces the similarly chanlenge.Enterprise introduces information system into organize,in order to reduce cost and increase benefit but network virus,high crime rate seriously affect the business."No rules no round".We should establish a series of relevant standards and laws to promote the development of enterprise. The meaning of the standard is the summary of science,technology and practice,that is to say,in order to get the best order,we set common and repeated rules about the actual or potential problem.The TCSEC of USA is the first safety assessment criteria in the history of IT which is used for assessment criteria of the operating system. Along with the development of information era, information security technology and management standard cause widespread concern all over the world in the1990s. With the development of economy, our country related department pay more attention to the development and utilization of information resources,so we make some progress about the construction of information security system, equally adopting many international information safety standards. The construction of information security range is very wide, including political, economic, cultural and national security, and information security is also very difficult standardization work.There are still some gap between our country and the international many nations,so we need to do more to strengthen our information safety construction.The ISO specially reserve ISO27000series standard for information security management, containing ISO27000, SO27002,027003ISO27001, SO27004, SO27005, SO27006etc and ISO27001is the basic standard. SSE-CMM is the information safety engineering capability maturity model and it focus on implementation process and the process maturity of information security. ISO27001and SSE-CMM can draw lessons from each other in information security construction.The final aim of ISO27001is to build a relatively perfect information security management system and formulate the relevant control measures to achieve. The specific process area of SSE-CMM can also help organizers to set up a perfect information security system.This paper mainly contains five parts. The first chapter is about the introduction, the main research significance, ways and innovation; The second chapter is basic theory research and mainly introduce the domestic and foreign relevant information safety standards and content present situation;The third chapter is specific analytical content of ISO27000series standard and SSE-CMM, mainly, elaborating the standard generation, development, implementation process;The fourth chapter compares the two series standards.According to the comparing research of the two series standards,the five chapter provides some advice for their complementary.Finally this paper finds that both of the information security need is determined through risk assessment. Thus the two series of standards can be conbinded each other. |
PDF Full Text Request