Based On 27001:2013 Research Construction Of Information Security Management System Of University Library

According to the latest international standard for information security management,it's both the current need and long-term plan to build information security management system for college libraries to dissolve the risks.Starting with information security risks faced by these libraries,this thesis explains the intension and extension of the information security and analyses the present situation in the field as well as the significance of national policies and risk aversion for teaching and research security in colleges.Moreover,this thesis combs the current research status of information security management system,establishes research emphasis and difficulties and makes clear about the research ideas and methodologies.Based on the investigation of college libraries' status and their demand for information security,the demand for security in college libraries can be summarized into five levels: the physical level,the system level,the data level,the network level and management level.This thesis comprehensively interprets the latest international information security management standards “ISO 27001:2013” and explores the guidance,practicability and operability of the standard;Besides of the above research,on accordance with the standard of “ISO 27001:2013” and realistic of college libraries' situation,this thesis proposes a management system of college library security that is an “organism” composed of eight parts,including information security strategic planning,information security structure,information assets management,information security risk assessment,access control,information security protection management,information security events control and information security culture and each of them is expounded in this thesis as well as their relationships.Building such a system should obey the following principles,“balance between investment and risk”,“balance between technology and management” and “synchronization in both the information system and information security management system construction”.Informationization will go wider and deeper continuously,while the risk will exist perpetually.