学生论文
|
论文查询结果 |
返回搜索 |
|
|
|
| 论文编号: | 12107 | |
| 作者编号: | 2320180528 | |
| 上传时间: | 2020/12/11 22:00:07 | |
| 中文题目: | M公司基于TISAX的信息安全管理体系改进研究 | |
| 英文题目: | Research on the Improvement of Information Security Management System in M Company Based on TISAX | |
| 指导老师: | 程莉莉 | |
| 中文关键字: | 汽车行业;受信任的信息安全评估交换;信息安全管理体系 | |
| 英文关键字: | Automotive Industry; Trusted Information Security Assessment Exchange; Information Security Management System | |
| 中文摘要: | 伴随着信息技术的飞速发展,信息安全问题也变得日益严峻,信息安全管理体系作为预防和控制信息安全风险的重要手段,对解决信息安全问题起着至关重要的作用。企业在规划和建设信息安全管理体系时通常参考ISO27001的国际标准,这样可以科学地理解和分析信息安全管理中的问题,解决信息资产在机密性、完整性、可用性等方面所面临的风险。但是信息资产在不同的行业中表现形式不尽相同,因此信息安全管理工作的侧重点也存在着明显的差异,即使在同一行业里,我们也很少能用同一标准对信息安全管理水平进行衡量和对照。汽车行业作为当今信息化应用最为广泛的行业,其信息安全形势和自主可控体系一直是行业关注的重点。受信任的信息安全评估交换,即TISAX正是针对汽车行业特点来制定的一套信息安全管理和评审的体系标准,创新性地在行业内部规范了信息安全的管理理念。 本文以TISAX评审工作的强制性和必需性为研究背景,以M公司信息安全管理现状和体系建设中的问题为研究对象,以风险评估机制和层次化信息安全管理策略体系为研究重点。运用了制度理论、用户参与理论和威慑理论作为根本的行动指南,结合ISO27001、TISAX中相关研究方法论以及工具,详细研究了M公司信息安全管理各个领域中的问题和解决方案。 本文希望通过TISAX评审的经验积累以及更加完善的信息安全管理体系的落地,使M公司的信息安全管理水平达到新的高度,促进公司的业务增长,同时为国内汽车行业企业在应对TISAX评审中提供借鉴。 | |
| 英文摘要: | With the rapid development of information technology, information security have become increasingly serious problem, information security management system, as an important method to prevent and control information security risks, plays an important role in solving information security problems. Enterprises in the planning and construction of information security management system usually refer to ISO27001 international standard, so that information security management can be scientifically understood and analyzed, to solve the information assets in the confidentiality, integrity, availability and other aspects of the risks. However, information assets in different industries in different forms of expression, so there are significant differences in the focuses of information security management, even in the same industry, we rarely use the same standard of information security management level to measure and control. As the most widely used industry in information technology, the information security situation and independent controllable system have always been the focus of industry attention. Trusted Information Security Assessment Exchange, or TISAX, is for the characteristics of the automotive industry to develop a set of information security management and evaluation system standard, innovatively regulate the management concept of information security within the industry. This thesis focuses on the mandatory and necessary features of TISAX audit, the current situation of information security management of M company and the problems in system construction, and the risk assessment mechanism and hierarchical information security management strategy system. Using institutional theory, user participation theory and deterrence theory as the basic action guide, combined with ISO27001, TISAX research methodologies and tools, the problems and solutions in all fields of information security management of M company are studied in detail. This thesis hopes that with the experience of TISAX audit and the implementation of a more perfect information security management system, M company's information security management will reach a new higher level, promote the company's business growth, and provide reference for domestic automotive industry enterprises in dealing with TISAX audit. | |
| 查看全文: | 预览 下载(下载需要进行登录) |