Analysis And Optimization Of Information Security Management System In TC Company

With the development of the information technology,such as cloud computing,the big data,and artificial intelligence,the situation of information security is becoming more and more complex.So the information security management of enterprise is becoming particularly important.However,TC's information security management system is unsystematic and poor management in most of the enterprise.So,how to analyze,optimize and establish the excellent information security management system to guarantee the information security of TC is extremely urgent.This paper describes the process of analysis the status and problems of company's current information security management system,finding the gap between the control levels of ISO27001-2013 standard,making the optimization strategies in TC.Firstly,the author summarized the fourteen security control domains of the ISO27001-2013 standard into five security management layers.There are policy and organization layer,basic security layer,security operation layer,security maintenance layer,and security compliance layer.Secondly,according to the overall measurement system solutions of information security management,the author makes the method of information security management system in line with the actual situation of TC.Thirdly,based on the ISO27001-2013 standard,the author evaluates and analyzes the status of the TC's information security management system from five security management levels and fourteen security control domains.And author finds that there are serval problematic control items in fourteen security management system.Then author analyzes the causes and impacts of problematic control items.Finally,the author makes the optimization strategies to improve TC's information security management system.And the author evaluates the system after the implementation of the optimization strategy,and proves the effectiveness of the strategies.This paper can help TC to find out the gap between the current information security management system and international standards,and enhance the company's information security management level.At the same time,the optimization strategy helps TC find out the key areas in information security system construction and optimization in the future..In addition,the process of analysis and optimization also provide reference for other knowledge-intensive enterprises,which want to establish and optimizate the information security management system.