摘要
I
摘要
信息技术的迅猛进步，带动了工业控制系统（Industrial Control System，以下简称
“ICS”）的不断发展。工控系统是现代工业的重要组成部分，如同人体的神经系统一样
起着重要作用，因此其故障或被攻击，将会给企业和社会均带来一定的负面影响

近年来，随着工控事故越来越多，其安全管理问题引起了广泛的关注。工控系统
安全包括物理安全、功能安全及信息安全等三个方面，由于信息安全容易被企业忽视，
所以本文提出运用信息风险管理理论和持续改进(Plan Do Check Action，简称“PDCA”)
的管理方法，加强工控系统中的信息安全管理，从而加强工业控制系统的安全技术控
制和完善安全管理

本文以 QD 公司为研究对象，简单分析了该公司的概况，论述了工控系统安全设
计、运维安全状况及安全管理现状等。该公司选用了世界上最先进的最高标准的系统
防护设计，引用世界上最先进的企业管理经验与管理理念，以及对安全 HSE(Health
Safety Environment ，简称“HSE”)的高度重视，确保了整个工厂的稳定可靠运行，创造
了国内一流的安全业绩

优秀的安全业绩，并不能代表工控系统信息安全管理没有问题，通过调查发现 QD
公司工控信息安全管理也存在一定的问题，公司员工对工控系统信息安全意识淡薄；
工控内部综合管理水平低下，对工控系统信息安全管理的制度执行不力；管理人员对
工控信息安全知识储备不足，工控系统管理人员和技术人员对系统信息安全管理的技
术、经验和能力不够；缺乏与政府相关部门、相应行业、产品厂商和企业之间的协调
配合等等

针对 QD 公司工控安全管理方面的不足，提出了相应的应对改善策略，利用新技
术与管理创新与时俱进的加强工控系统信息安全的管理。开展工控安全宣传，增强员
工安全意识；优化工控系统管理体系，严格执行管理制度；引入先进的培训机制，培
养专业工控人才；加强工控各部门之间沟通，提高协调配合意识。从而保障企业工控
系统安全与生产稳定，以减少工控安全事故、减少或避免企业损失等。最后对全文进
行了总结

关键词：工控系统；信息安全；信息安全管理广东工业大学硕士学位论文
II
ABSTRACT
Rapid development of information technology leads industrial control systems（ICS）
to rapid development of modern petroleum 、 chemical 、 energy and other important
infrastructure equipped with industrial control system . Industrial control system is an
important part of modern industry, as well as the body&39;s nervous system of industrial
enterprises plays an important role. Industrial control system failure or be attacked will
bring great losses and certain influence to the society.
Industrial control system accidents were increased, and the problems of information
security management are more and more outstanding. Industrial control system security
includes physical security, functions security and information security.，this paper mainly
discusses information security because information security are easily ignored by others.
For these reasons to write the paper. In this paper, firstly instruct industrial control system
security and information security ， and then instruct Risk Management and PDCA
management methods. By risk management theory and PDCA (Plan, Do, Check, Action)
continuous improvement of management methods, to strengthen the security of industrial
control system technology to control and improve the security management level, are
getting more and more important.
Based on QD Company as the research object, this paper deeply analyzes industrial
control system security design, operational safety status, and the current security
management situation. For ICS design, choose the manufacturing of the most advanced
which met international standards, ensured the stable and reliable operation of the entire
complex. Advanced management concept and awareness of great HSE importance
ensured the safety of the domestic first-class performance.
In-depth analysis and study and then found that there were some problems and
defects in management behind the outstanding HSE performance: Employees have no
enough awareness for the ICS information security; Performance and security audit
management is not enough; Technical personnel to the system of information security
management, is insufficient for experience and ability; Lack of coordination accordingly
with relevant government departments, industry, product manufacturers, and enterprises
and so on.
For industrial control system information security management problems and
deficiencies in QD Company and put forward some strategies to improve. To constructABSTRACT
III
safety culture of industrial control system to improve staff awareness for the
information security of industrial control system, To strengthen internal management and
implement strict and perfect management system ; To strengthen management personnel
and technical personnel of the talent team construction; Through various ways and
channels to strengthen enterprise、 ICS manufacturers 、 industry 、 the relevant
government departments to cooperate, improve management ability and management
level. To ensure ICS system safety & steady production and reduce ICS happening of
accident.
Keywords: industrial control system; information security; information security
management广东工业大学硕士学位论文
IV
目 录
摘要.....I
ABSTRACT .....II
目 录..IV
CONTENTS ... VI
第一章 绪论....1
1.1 研究背景及意义 ......... 1
1.1.1 研究背景 ........... 1
1.1.2 研究意义 ........... 2
1.2 工控行业安全发展及研究现状 ......... 3
1.2.1 工控行业安全发展情况 ........... 3
1.2.2 研究现状 ........... 4
1.3 研究内容与研究方法 . 5
1.3.1 研究内容 ........... 5
1.3.2 研究方法 ........... 6
1.3.3 拟解决主要问题 ........... 7
第二章 相关概念和理论概述8
2.1 工控系统安全及信息安全简介 ......... 8
2.1.1 工业控制系统安全相关概念 ... 8
2.1.2 信息安全管理概念 ....... 8
2.2 工业控制系统信息安全管理相关理论 ......... 9
2.2.1 信息风险管理理论 ....... 9
2.2.2 PDCA 持续改进管理 ... 9
2.3 工控系统信息安全策略概述 ........... 10
2.3.1 工控系统信息安全技术策略概述 ..... 10
2.3.2 工控系统信息安全管理上的策略概述 ......... 13
第三章 QD 公司工控系统信息安全管理的现状...16
3.1 QD 公司概述16
3.1.1 QD 公司简介 .. 16目 录
V
3.1.2 QD 公司生产安全管理状况 ...
。。。以上简介无排版格式，详细内容请下载查看