The Research And Realization Of Safety Control Systems For The Production And Operation Of The Mobile Network

With the rapid development of computer network technology, the basic social andglobal status of the communications network has become increasingly prominent, thestate, society and people increasingly rely on the communication network,communication network security has become an important work for sustainabledevelopment. China Mobile is facing increasingly stringent regulatory requirements ofinformation security, and a much more serious in the state, society, customers and itsown business operations and other security challenges, especially in recent years, theentire company has become the most significant information security risk managementand control issues, information security there are many inadequacies:(1) Security system is not perfect, password security, did not form a unifiedstandard, third-party security management, safety awareness education system missing,etc.; operation is not standardized security requirements and specifications could noteffectively delivered to all employees, both can not beguidance can not be givendeterrent.(2)To supervise the lack of resources and tools, the face of massive checkingobjects need adequate resources and systematic tool in order to achieve effectivesupervision; safety work is good or bad is difficult to evaluate, not a standard way tojudge the quality of the security work further support the safety decision-making.(3)Technical measures are not perfect, the lack of communication facilities and ITsystems security vulnerability protection measures, as well as the security of thenetwork traffic cleaning protective measures.This thesis is to address the problem, the only effective solution is based on theinformation security management and control framework, with reference tointernational best practice on the GRC system, but from a security complianceassessment, risk assessment evaluation methods to quantify both research establish aunified "Information security management and control" system and the "informationsecurity management and control" information system. Implement a comprehensivemanagement system, implementation of full implementation, check the tracking, a comprehensive evaluation of the results. Implement security controls systematic, unified,systematic and efficient.The main subject of the reference ISO27001information security managementsystem PDCA model, that plan (Plan), execute (Do), check (Check), rectification(Action) four aspects of the process. Combined with China Mobile’s own reality, theinformation security management and control system is mainly designed as safetyrequirements, control execution, safety checks, safety assessment, safety rectification,and several other aspects. Among them, the safety requirements to develop thecorresponding Plan, management and control to perform the corresponding Do, safetyinspection and safety assessment corresponds Check, safety rectification correspondingAction. Through the implementation of the above work in several stages to achieve aclosed-loop control of information security management, security management workwill ultimately flow through to full implementation.By building Chinese mobile information security management and control systems,will continue to improve China Mobile’s information security management and controlsystem and the gradual accumulation of the advanced experience of curing to theinformation system to better support the company’s management and controlmanagement, standardized management, institutional management, normalizationsupervision, to build a world-class information security system, China Mobile corporatesocial responsibility commitment to make greater contributions.