Research On Enterprises' Information Security

Following with the technology and information development, the database in the enterprise is more and more widely used and companies increasingly rely on the application of IT to enhance their own competitive advantage and operational efficiency. However, information security issues enterprises are facing significant economic losses. So in the knowledge society, information is becoming an important asset of enterprises. The safety of information is relative with the company's asset safety and the company's life and this paper is meaningful for the control of company information safety.This paper takes the information security problems existing in enterprises as objects, uses Stakeholder theory and COSO theory to analyze the companies' information securities problems and the cause of the problems. The main problems are:staff awareness of information security is not strong, the operating mechanism is not perfect, responsibility system is hard to place, the lack of strategic thinking and decision-making, the conflict of original and present management. When it comes to the solutions to these problems, this paper uses stakeholder theory to analyze the problems and give the following conclusion: the staff's incentive to maintain information security is not enough; the management of enterprise management personnel are not in place; shareholders' ignoring the information security management. In the final analysis, stakeholder rights and powers of the asymmetry is due to the value of information for most enterprises have not yet emerged and the constraints of enterprise information security technology. And then, this paper take H Company as the example to illustrate the discussion above and gave the following conclusion of H information security management:Clear organizational framework for enterprise information security control is the basis for implementing information security controls; Independent information security management department to enhance the status and independence of corporate information security; Information security as part of the corporate human resource management can enhance staff awareness of information security by performance appraisal and staff training. During information security management processes, strategy and process integration is an important condition for enterprise information security level development.