| Enterprise information security is directly related to the survival and evelopmentof the enterprise, to carry out the enterprise information security assessment is animportant means of enterprise information system security. It can help enterprise findsystem vulnerabilities in advance, analysis safety risk, take safety improvementmeasures in time through the enterprise information security assessment. Butenterprise information security assessment is still in its infancy, still have noready-made methods and standards for guidance. In order to further enhance the levelof enterprise information security assessment, a set of feasible enterprise informationsafety evaluation methods and analysis techniques is urgently needed. This thesisresearch aims at these problems.First,by analyzing the threats that the enterprise information system faced andthe current situation and development tendency of domestic enterprise informationsafety and safety assessment, it points out problems and deficiencies of enterpriseinformation security assessment in China, discusses the research significance ofcarrying out enterprise information security assessment.Second, this thesis discusses the hierarchical model of large enterpriseinformation system safety and the system structure of security assessment. Itelaborates evaluation points, assessment method and assessment means of informationsecurity based on physical security, host Security, application system security,network security and data security.Third, this thesis studies the security risk source of DMZ in enterpriseinformation system on the basis of explaining the present situation of informationsystem of a large industrial and mining enterprise. It points out all kinds of securityproblems in evaluation, focuses on the19security vulnerabilities on network, hostsystem and its application in safety evaluation, and analyses the possible security risk.Fourth, this thesis discusses the improvement method for DMZ and the solutionto various loopholes of information system safety assessment. It analyzes theimprovement and reinforcement of information system security of a large industrialand mining enterprise from network security, host security, application security anddata security.Fifth, this thesis discusses the safety assessment results of information systemvulnerability in a large industrial and mining enterprise after improved. Assessment results indicates that all the originally existing loopholes in the information systemhave been solved after improved, and achieves the expected effect of improvement forenterprise information security assessment.Although this thesis aims at security evaluation of a specific large industrial andmining enterprise information system, the methods and ideas also apply to other typesof information system security evaluation, and it has strong promotion significance. |
PDF Full Text Request