Study On The Information Security Engineering Management Process System Of Power Grid Corporation

With the more rapid pace of information construction in all industries, it has been widely used in the field of engineering, such as military project, power, iron & steel, automotive, telecommunication, etc. However, the following problem of information security management presents more and more seriously, which is the root cause of the increasingly information security events. At present, the research of information system security engineering theory is during the initial stage in the domestic. From the view of system engineering, it intends to solve the enterprise-level information security management problem by using the engineering concept, theory, technology and method.As the basic industry of the national economy, the electric power industry stands extremely important economic status, political and military significance, so that it is necessary to ensure its information security. Meanwhile, it is also of great practical significance to make the research of information system security engineering management.In this paper, the present situation of the power grid information security management was analyzed from the organization, regulation and human resource aspects. It concludes that five aspects of problems currently exist, including(1) the constraints of traditional management mode and system;(2) the lack of complete information security management organization;(3) the lack of overall plan of information security management process system;(4) weak consciousness of information security management;(5) the lack of professional information security management personnel.According to above problems and the information security needs of power grid corporation, also combined with the theory of SSE-CMM model and BS 7799 standard, it elaborates and establishes the management process flow(called IDCM for short) of initialization(I), design(D), construction(C) and maintenance(M) stage for the power grid information security management. The initialization stage includes the risk assessment management process and the requirement analysis management process. The design stage includes the system design management process. The construction stage includes the system implementation management process and the test & validation management process. The maintenance stage includes the maintenance management process and the emergency response management process.Through the practice of a website host security reinforcement project, it improves the current management situation of the information security engineering project, fills the vacancy of the information security management process, and forms the best practice of the information system security engineering management in the electric power industry. Meanwhile, the IDCM system has had more and more cases in various industries such as telecommunication, finance, automotive, iron & steel, energy and coal, which demonstrates the applicability and the operability of the system.Thus, as the current information security management system becomes more and more mature on the policy level, the establishment of IDCM management process system is an effective supplement on the operational level, which has important reference value to other engineering projects in the future.