| Theoretical research of information security systems already has quite fruitful, also released a variety of information security standards. This paper mainly studied how to manage implementation of information security in the enterprise, that the actual production process for the enterprises in the information security risks exist, the use of information security theory and with reference to international and domestic standards, designed to fit the actual business information security system, and running through the system improve resistance to information security risks.Firstly, this paper describes the theory of information security. Secondly, in-depth study of several major information security risk management systems based on the analysis of the mechanism for the formation of enterprise information security risks and find relevant information for the enterprise security management system standards. Thirdly, the IS027001-based system of the enterprise information security risk assessment, and the establishment of relevant information security system in accordance with relevant standards, comprehensive construction enterprise information security system. This process follows the ISO27001PDCA principle, which focuses on the design of the underlying assets in the combined enterprises as the core asset security (CIA) assignment form analysis assets possibility of threat and vulnerability of assessment, assessment of the results of risk disposal, the establishment of the system in the process of enterprise information security. |
PDF Full Text Request