 ==>> 点击下载文档 |
本文从理论和实际两个方面重点研究了发电企业网络和信息安全管理项目安全风
险管理体系和实际执行方法和步骤。首先概括了国内外关于企业网络和信息安全管理的
研究成果,包括网络和信息发展成果,发展过程中存在的问题等相关理论依据;阐述和
总结了网络和信息安全管理在实际企业应用过程中规避安全风险困难的原因,提出对企
业网络和信息安全管理风险管控的建议;然后结合 PDCA 理论依据和现实实际针对京能
集团网络和信息安全管理项目实际情况进行了网络和信息安全管理风险控制和效果评
价,并提出了具体的针对京能集团网络和信息管理过程中可能产生的风险的评价指标体
系。接着笔者根据京能集团下属公司唯一设有信息中心的部门的实际情况,将分析信息
中心的网络和信息安全风险管理的目前状态,运用 AHP 法,评价估算当前网络和信息
安全风险管理过程的风险情况,制定出相关的规范,并对理论应用的效果进行评估。最
后,笔者总结了网络和信息安全管理风险管控的效果,验证了这个安全风险管理体系和
安全风险应对的策略的有效性。并通过模糊综合评价方法进行了风险控制效果的综合评
价。本文通过对京能集团网络和信息安全管理风险管理的研究,实证了国有大型企业网
络和信息安全管理项目的风险管理是怎样由被动转变为主动的,也希望能给国内类似企
业网络和信息安全管理项目的管理人员以启示和借鉴
关键词:网络和信息化;安全管理;PDCA;层次分析法;模糊综合评价法华北电力大学硕士学位论文
II
Abstract
From the end of last century to the present, earth-shaking changes have taken place in
China&39;s Internet. From the end of last century only an Internet cable speeds of 64 KBPS, until
now has the world&39;s largest 4G network, within the scope of the Internet population in the
world. Internet business is booming, so far, the world&39;s top 10 Internet listed company, China
accounts for more than half. Although the Internet rapid development, but for the network
security, our country still have plently of room for improvement. How to accurately recognize
and to respond effectively the project risk, has become the current enterprise network and
information technology problems needed to resolve in the process of project implementation,
it is undoubtedly has a certain practical significance of research.
This paper mainly studies, from both theoretical and practical perspectives, the safety
risk management system of power generation enterprise network and informatization safety
management (NISM) projects as well as the actual implementation methods and procedures of
this risk management system. It starts with a review of domestic and foreign research findings
in enterprise NISM, covering network and informatization advances, problems exist in the
advance process, and relevant theoretical references. An explanation as well as a summary is
provided of the reasons for the challenging task of steering clear of safety risks in actual
implementation of NISM in enterprises, and suggestions are made for controlling enterprise
NISM risks. Then, NISM risk control is performed, on the basis of PDCA theory, over the
NISM project of Beijing Energy Investment Holding Co., Ltd. (BEIH) with regard to the
actual situation of this enterprise, and the control effectiveness is evaluated. An evaluation
indicator system is proposed with respect to the risks likely to arise from BEIH NISM process.
The paper then case studies the sole department under BEIH that comes with an information
center. An analysis is provided of the NISM situation of the information center. AHP is
employed in evaluating the risks in the current NISM process and an appropriate strategy is
developed. The application effect of theoretical work is assessed. Finally, this paper
summarizes the effect of NISM control and verifies the effectiveness of the safety risk
management system and the safety risk response strategy. The risk control effectiveness is
evaluated using fuzzy comprehensive evaluation method. This paper, by investigating into
BEIH NISM risk management, confirms how the risk management of a state-owned large
enterprise NISM project changes from passive to active. It may hopefully offer some
inspiration and reference to people working on a similar NISM project in Chinese enterprises.
Keywords: Network and Information Technology, Security Management, PDCA, Analytic
Hierarchy Process, Fuzzy Comprehensive Evaluation Method华北电力大学硕士学位论文
III
目 录
摘要...... I
ABSTRACT. II
第 1 章 绪论.1
1.1 研究背景及意义 1
1.2 国内外研究综述 3
1.2.1 国外研究现状......... 3
1.2.2 国内研究现状......... 5
1.3 研究内容 ......... 6
第 2 章 相关基本理论和现状分析........8
2.1 网络和信息安全风险管理理论..... 8
2.1.1 信息安全 ... 8
2.1.2 网络安全 ... 9
2.1.3 企业信息化 .......... 10
2.1.4 信息安全风险....... 10
2.2 京能集团简介. 11
2.2.1 集团基本情况....... 11
2.2.2 基础设施现状....... 11
2.2.3 业务应用现状....... 12
2.3 网络和信息化安全管理现状分析 ........... 13
2.3.1 京能集团网络和信息化特点 13
2.3.2 网络和信息安全管理存在的问题 ..... 15
2.4 PDCA 循环的构建原理 . 16
2.5 模糊层次分析模型....... 17
2.6 本章小结
。。。以上简介无排版格式,详细内容请下载查看
