摘要
提出一种基于风险管理的信息安全管理体系,然后以中山供电局为实例,介绍电力系统信息安全风险管理体系的建立和推广过程、体系运转时遇到的问题与采用的方法,体系的审核方法等。重点介绍体系中的管理方法工具的运用,例如风险评估所采用的资产风险值CIA评估方法、体系落地时采用的"两单",体系运转的"四大机制"等,并在实际应用中通过检验,具有较高的指导和参考价值。
Presents a information security management system based on risk mangement, and making Zhongshan Power Supply Bureau as an example, describes the information security management system building process, system operation problems encountered with the use of the method, system audit approach and so on. Mainly introduces the information security management system management tools in use, such as risk assessment values used by CIA asset risk assessment methods, "two tables", "the four mechanisms" used in system. These tools have been tested all through the actual inspection, has the higher guidance and reference value.
出处
《现代计算机》
2011年第18期42-47,共6页
Modern Computer
关键词
信息安全
电力系统
风险管理
Information Security
Power System
Risk Management
