ISO27001认证 软件行业信息安全面临的威胁(ISO27001信息安全体系的建立)
发布时间: 2016-05-17 23:59 点击:
ISO27001 certification software industry information security threats (ISO27001 information security system)
软件行业面临的威胁总结为两类,主要分为外网和内网,外网:各种互联网络违法犯罪、病毒传播泛滥、重要信息泄密、网络不良行为、黑客恶意攻击、垃圾邮件等;内网:各种非法网站浏览、网络游戏、P2P下载、聊天工具泛滥、内部资料泄密、员工上网行为无法有效管理等;
Software industry is facing the threat of summed up into two categories, mainly divides into the internal network and external network, extranet: various interconnection network crime, virus spread, important information leaked, bad network behavior, malicious hacker attacks, spam and; Intranet illegal web browsing, online gaming, P2P download, chat tools flooding, internal information disclosure, employee Internet behavior can not be effective management;
同时在ITO/BPO以及系统集成服务供应商在运营过程中,由于内部管理和物理环境的管理不到位而造成相关信息资产的丢失、破坏等失控现象。
At the same time, ITO/BPO and system integration service providers in the process of operation, due to the internal management and physical environment management is not in place, resulting in the loss of related information assets, damage and other runaway phenomenon.
基于公司多年的经验和基础, 为客户提供以下解决方案:
Based on the company's years of experience and foundation, to provide customers with the following solutions:
1、通过ISO27001的信息安全管理体系建立,确保在管理制度有一套规范的制度作为在软件开发过程的有效运行体系。如建立信息风险识别、评价、确定控制计划、实施有效安全组织职责、介质处理、外部访问、防范恶意和移动代码、符合性评价等有效的管理制度。
1, through the establishment of ISO27001 information security management system, to ensure that the management system has a set of standardized system as an effective operating system in the process of software development. Such as the establishment of information risk identification, evaluation, to determine the control plan, the implementation of effective safety responsibility, media processing, external access, to prevent malicious and mobile code, compliance evaluation and other effective management system.
2, through the IT ISO20000-1 service management system, to ensure that in the management system has a set of standardized system as a software development process of the effective operation of the system. Such as the establishment of information exchange process, remote access and other effective management system.
3、通过对风险评估和相关对策的制订,降低风险,如提升病毒防护系统和漏洞扫描等。
3, through the risk assessment and the formulation of relevant measures to reduce risk, such as enhancing the virus protection system and vulnerability scanning, etc..
4、通过建立完整的业务连续性计划,包括灾难恢复,来降低经营风险,提供企业的形象。
4, through the establishment of a complete business continuity plan, including disaster recovery, to reduce operational risks, to provide the image of the enterprise.