The Construction Of Enterprise Information Security Management System Based On ISO27001

With rapid development of information technology and drastic changes of internal and external environment,status of enterprise information security is becoming more and more serious.How to establish an effective information security management system has become an issue of great concern to the management.As an important reference for the construction of information security,the body of standards plays an important role in establishing information security management system of the enterprise and improving the level of security management.In practice,mature process of building information security system based on standards has come into being,but there are also some problems and challenges in some specific stages of implementation.This article summarizes a general process of building information security management system based on ISO27001,introduces researches on the methods and processes of information security risk assessment,planning and construction of information security projects,measurement and evaluation of information security system: summarized the theory and concepts in risk assessment and compared various methods of assessment,then analyzed characteristics of information security construction projects,summarized the process?model and methods about measurement and evaluation of information security.Finally,combined with practice of the projects,made empirical studies on the design and application of information security risk assessment,information security project planning,and information security management system effectiveness measurement method,to provide references for related enterprises and employees.