计算机病毒、隐私泄露、系统漏洞、网络入侵和攻击等安全事件频发，安全 问题已成为人们普遍面临的挑战和难题。由此，2017 年我国《网络安全法》颁布， 明确了国家实行网络安全等级保护制度。作为等级保护体系专业力量的测评机构 也不断增多,截止 2019 年 3 月已发展至 179 家。 作为中国首批进入推荐目录的测评机构,内蒙古信元网络安全技术股份有限公 司（简称“信元网安”）成立于 2010 年, 凭借其先发优势迅速成为内蒙古第一大测 评公司。随着公司人员的激增和营业规模的不断扩大，加之等级保护测评行业竞 争加剧,为了促进信元网安健康持续地发展,提升其运营管理水平已是当务之急。 本文从分析信息网络安全行业的现状入手,在总结等级保护发展的基础上，对 信元网安运营管理现状进行梳理，阐述了公司运营管理改进的必要性。通过价值 链、组织变革和共生理论揭示了专业技术服务的过程和本质，基于此对信元网安 公司的运营模式、运营体系、运营流程和运营协作机制进行了改进，并提出了专 业化运营管理团队来扩大经营规模、SDCA&PDCA 双循环提高服务质量、测评知 识库建设凝聚服务竞争力和提高顾客忠诚度持续经营的实施措施。最后进行了总 结和展望，以期为信元网安乃至信息安全服务业的运营管理提供有益的借鉴。 关键词，等级保护，服务运营管理，运营模式，运营体系，运营流程II Abstract Security matters such as computer virus, privacy divulging, system loophole, cyber intrusions and attacks occur frequently, Security issues have become a common challenge and difficult problem for people. As a result, Cybersecurity Law of the People's Republic of China has come into effect in 2017, which made it clear that the state shall implement the rules for graded protection of cyber security. As a professional force the grade protection evaluation system, the number of evaluation agencies has been increasing, and as of March 2019, it has developed to 179. Inner Mongolia Xinyuan Network Security Technology Co., Ltd. (abbreviation XINYUAN WANGAN) was established in 2010 as China's first evaluation organization to enter the recommended catalogue. With its first-mover advantage, XINYUAN WANGAN has quickly become the largest evaluation company in Inner Mongolia. As a leading enterprise in the grade protection evaluation industry, XINYUAN WANGAN expands its business scale and company personnel rapidly. However,in the face of competitive intensity of the market, XINYUAN WANGAN must give priority to the improvement in its operation and management capabilities for the sake of the sustainable development of the company. Starting from the analysis of the current situation of the information network security industry and Based on the summary of the development of the grade protection evaluation, this dissertation combs the status quo of the operation and management of the XINYUAN WANGAN, and expounds the necessity of improving the operation and management of the company. This paper reveals the process and essence of professional technical service by using the value chain, organizational reform and symbiosis theory. On the basis of the analysis above, the author proposed the idea that XINYUN WANGAN needs to improve its operation mode, operation system, and operation process and operation cooperation mechanism. And then the author also put forward the following measures to perfect XINYUAN WANGAN’s operation: first, XINYUAN WANGAN should employ specialized operation management team to expand its operation scale; second, XINYUAN WANGAN should use SDCA&PDCA double -cycle method to improve its service quality; third, XINYUAN WANGAN shouldIII construct its own evaluation knowledge base to agglomerate its core competitive ability; fourth, XINYUAN WANGAN needs to improve its customer loyalty for maintaining company’s continuous operation. The last part of the paper, the summary and prospect are given to provide useful reference for the operations management of XINYUAN WANGAN and even information security service industry. Key words: Testing and Evaluation of classified protection, Service Operations Management, operation mode, Operation System, Operation FlowIV 目 录 第一章 绪论 ........................................................ 1 1.1 研究背景 ..................................................... 1 1.2 研究意义 ..................................................... 2 1.2.1 理论意义 ............................................... 2 1.2.2 现实意义 ............................................... 2 1.3 国内外研究现状 ............................................... 3 1.3.1 国外研究现状 ............................................ 3 1.3.2 国内研究现状 ............................................ 3 1.4 研究内容和方法 ............................................... 4 1.4.1 研究内容 ............................................... 4 1.4.2 研究方法 ............................................... 6 1.4.3 研究思路 ............................................... 6 第二章 信元网安运营管理现状及分析 .................................. 8 2.1 信息网络安全行业分析 ......................................... 8 2.1.1 信息网络安全市场细分 ................................... 8 2.1.2 信息网络安全行业发展分析 ............................... 8 2.1.3 信息网络安全等级保护发展 .............................. 11 2.2 信息安全服务业特点 .......................................... 16 2.3 信元网安运营现状分析 ........................................ 16 2.3.1 信元网安情况介绍 ...................................... 16 2.3.2 信元网安运营现状 ...................................... 17 2.3.3 信元网安运营分析 ...................................... 18 2.4 信元网安运营管理中存在的问题 ................................ 21 2.4.1 区域性经营、业务规模小 ................................ 21 2.4.2 管理层人员结构需优化 .................................. 21 2.4.3 管理信息化与管理创新不足 .............................. 22 2.4.4 先发优势殆尽，竞争力不明显 ............................ 22 2.3.5 技术依赖个人，知识库亟须建设 .......................... 23 2.5 信元网安运营改进必要性 ...................................... 23V 2.5.1 运营管理的重要性 ...................................... 23 2.5.2 竞争加剧和企业管理必然要求 ............................ 24 2.5.3 信元网安改进路线 ...................................... 25 第三章 信元网安运营模式改进 ....................................... 26 3.1 信元网安运营模式现状和问题分析 .............................. 26 3.1.1 信元网安服务过程矩阵 .................................. 26 3.1.2 信元网安标准化和模块化服务运营模式 .................... 27 3.1.3 信元网安服务运营模式问题分析 .......................... 27 3.2 信元网安运营模式改进 ........................................ 28 第四章 信元网安运营体系改进 ....................................... 31 4.1 列维特矩阵 .................................................. 31 4.2 信元网安运营体系现状 ........................................ 31 4.2.1 组织结构现状 .......................................... 32 4.2.2 任务现状 .............................................. 34 4.2.3 人员现状 .............................................. 34 4.2.4 技术现状 .............................................. 35 4.3 信元网安运营体系分析 ........................................ 35 4.3.1 组织结构分析 .......................................... 35 4.3.2 企业任务分析 .......................................... 37 4.3.3 人员分析 .............................................. 37 4.3.4 工艺和技术分析 ........................................ 37 4.4 信元网安运营体系改进 ........................................ 37 4.4.1 运营体系要素改进 ...................................... 37 4.4.2 运营体系改进 .......................................... 40 第五章 信元网安运营流程改进 ....................................... 42 5.1 信元网安运营流程现状 ........................................ 42 5.1.1 等保工作及等级测评流程 ................................ 42 5.1.2 信元网安测评工作及流程 ................................ 46 5.1.3 信元网安运营流程问题 .................................. 48 5.2 信元网安运营流程分析 ........................................ 48 5.2.1 信元网安服务转换流程 .................................. 48 5.2.2 信元网安知识流动过程 .................................. 49 5.3 信元网安服