The Establishment And Implementation Of Beijing XX Enterprise Information Security Management System Based On The ISO27001

With the development of network technology, the national economy which depends on the information technology is in the ascendant, many small and medium-sized enterprise which rely on the internet economy have experienced a rapid growing period. In leading the modern society, the information resource has been the main current resource. Information security has become one of the basis of enterprise operation. Nowadays, in this era of highly developed information dissemination, information, especially the sensitive information has been related to the survival of enterprise. It has quietly become a corporate assets. Because of the importance of information security, an enterprise should pay more attention to the information security. Data information is the foundation of modern business-critical support and business development, including not only corporate financial data computer-generated data, including corporate culture, brand, intellectual property, employee information, customer information, etc. Information assets like other important business assets have same great value, indeed it needs proper protection.This dissertation describes the establishment and implementation of the enterprise management system of BeijingXX. We used the ISO/IEC27001 International Standard and the "PDCA" method, established the Information Security Management System (ISMS) which suitable for the development of the company, made the enterprise information security management system in the management of the virtuous cycle, insisted on the improvement of the methods of framework for information security management, PDCA and the Information Security Management System. The dissertation studies the current situation and security requirement of BeijingXX enterprise, effectively analyzes the gap, puts forward feasible methods of risk assessment in combination of qualitative and quantitative ways which based on the characteristics of the enterprise information security management program files which cover 11 safely control fields,39 control categories, formulates the information security policy, conducts continuous information security awareness training, and so on. During the process of establishing the enterprise’s ISMS, we designed a series of forms, bought a series of equipment such as firewall, UPS Switch, domain-control server, and development the NAS storage server, which made risk controllable and promoted the information security.With the help of the successful implementation or the enterprise Information Security Management System, we can promote the enterprise information security, effectively protect the information security of data transmission, storage and control, establish and improve the enterprise’s information security guarantee system, make the enterprise’s business sustainable development. And then the enterprise’s ISMS got ISO/IEC 27001 certificate. We will effectively protect the enterprise’s core competitiveness, enhance the information security awareness of employees, maintain the enterprise reputation and enhance the company’s cohesion.In this paper, the construction of the success for SMEs and implementation of information security management system provides a typical case.