摘 要
当今世界已全面步入信息时代,信息化水平已成为衡量一个国家、一个地区、一个城市现代化程度的重要标志。近年来我国的信息化建设与时俱进,取得了世人瞩目的成果,以“十二金”为代表的信息化系统应用工程,以及电子商务、电子政务的快速推进,特别是因特网技术的普及,将信息化的应用水平推向了一个新的高度。在这个进程中,检验检疫的信息化建设从来没有停止过前进的步伐,近年来,总局先后下发了《质检信息化发展“十一五”专项规划》、《检验检疫业务信息系统技术规范(试行)》、《检验检疫重要业务系统灾难恢复指南(试行)》等文件,对全系统的信息化工作进行了统一规划、统一部署和统一标准,每一次检验检疫的飞跃都离不开信息技术这个强有力的支撑
目前,国家信息化建设也在不断深入,作为信息化建设重要组成部分的安全管理研究也在蓬勃发展。安全管理是信息系统中的重要组成部分,保护着着大量重要数据和信息,而质检系统的安全管理相对于企业信息化和电子商务,有自身特殊性:一是信息内容的高保密性、高敏感度;二是辅助电子政务发挥行政监督力度;三是利用网络环境为社会提供公共服务。安全管理关系到国家安全和政府工作的正常运转,如果系统的安全性被破坏,造成敏感信息暴露或丢失,或网络被攻击等安全事件,产生的后果必然波及地区和整个国家,政府信息化系统也必然成为信息间谍、敌对势力、恐怖集团、国家之间信息战攻击的目标。
因此,信息安全管理问题是电子政务建设中的关键,而从2005年开始,ISO17799信息安全管理体系作为世界认可的安全管理标准,其咨询、建设、认证服务在中国得到了极大的发展。所以,为了做好质检系统的信息安全管理工作的研究,我选择借助ISO17799这个同时具备权威性,可行性与必要性的信息安全管理标准,对我国的质检系统信息安全工作进行论证研究。
文中引用了大量的第一手数据资料,对我国质检系统的ISMS建设项目进行了多方面、多视角的项目管理论证,在论证过程中,首先对信息安全管理、ISO17799标准进行了综述,在参考国内外有关项目管理的最新资料的同时,分别阐述了信息安全在中国的发展历程、ISO17799标准的历史。然后介绍了ISMS项目管理的实施思路,比如ISMS项目管理的范围、时间、质量、资源、费用的计划管理和执行控制管理,最后为项目管理在“山东省出入境检验检疫局”的项目的具体运用提供了实例说明,结合中国的实际情况,独立思考,形成了一套适用于我国质检系统ISMS项目的项目实施管理的模式,在有限的篇幅内对项目可能出现的问题进行了重点研究,基本达到了论题的客观要求。
希望本文对我国质检系统信息安全管理体系安全管理研究能有积极的参考借鉴作用。
关键词:安全管理;质检机构信息化建设;ISO/IEC 17799《信息安全管理体系要求》
Abstract
The world today is fully into the Information Age, information has become the standard measure of a country, a region, a city an important indicator of the degree of modernization. In recent years, China's information construction times, the results achieved worldwide attention to "Twelve" as the representative of the information systems applications engineering, and e-commerce, the rapid advance of e-government, in particular, the popularity of Internet technology , the level of the application of information technology to a new level. In this process, Inspection and Quarantine of the information technology never stopped the advance of recent years, the Administration has issued a "quality of information development," Eleventh Five-Year "special plan", "inspection and quarantine information system (for Trial Implementation) "," critical business systems, inspection and quarantine Disaster Recovery Guide (trial) "and other documents, system-wide information on the work of a unified planning and deployment, and uniform standards, and each time a leap can not be separated, Inspection and Quarantine The strong support of information technology
Currently, the national construction also continued to deepen, as an important component of information technology security management research is also booming. Information system security management is an important part of protecting a large number of important data and information, and quality control system relative to the enterprise information security management and e-commerce, has its own specificity: First, the information content of high security, High sensitivity; Second, e-government to play a supporting administrative supervision; third is to use the network environment for the community to provide public services. Security management related to national security and the normal operation of government, if the system's security has been compromised, resulting in exposure or loss of sensitive information, or network attack and other security events, the inevitable consequences affected region and the whole country, the government information system are bound to become information espionage, hostile forces, terrorist groups, information warfare between the countries targeted.
Therefore, the information security management is the key e-government, and since 2005, ISO17799 Information Security Management System Security Management as a world-recognized standards, consulting, construction, and certification services in China have been a great development. Therefore, in order to do quality control system of information security management, I chose the same time have the authority with ISO17799, the feasibility and necessity of information security management standards, China's quality control system to demonstrate the work of information security.
The paper cited a number of first-hand data on China's quality control system carried out various construction projects ISMS, multi-project management perspective argues that in the demonstration process, the first information security management, ISO17799 standards were reviewed, in reference to at home and abroad the latest information on project management, while information security were elaborated in the course of development in China, ISO17799 standards of history. And then introduces the idea of ISMS implementation project management, such as the scope of ISMS project management, time, quality, resources, program management and implementation cost control management, project management in the final for the "Shandong Entry-Exit Inspection and Quarantine Bureau," the project-specific provides examples of the use, combined with China's actual conditions, independent thinking, a set of quality control system for ISMS project of implementation of the project management model, in a limited space within the project may be the key research issues, basically meet the objective requirements topics.
Hope this quality control system of security management information security management system can have a positive reference of reference.
Key word: Safety management; quality inspection agency information tech- nology; ISO / IEC 17799 "Information Security Management System Requirements"
