摘要
移动互联网时代,窃取个人隐私信息的技术和手段不断变化升级,市场上也形成了个人信息非法获取、倒卖的利益链条。随着客户维权意识的提升和对自身隐私信息保护要求的不断升级,作为通信运营商,中国移动在推进客户信息安全保障工作的过程中面临着巨大挑战。
为此,本文选择甘肃移动客户信息安全管理研究作为论文的选题,围绕甘肃移动客户信息安全管理存在的问题以及客户信息所面临的安全风险展开分析,并且针对性地提出了提升措施。本文首先介绍了甘肃移动客户信息安全管理的研究背景和研究意义,以及研究内容和思路。其次,本文对信息安全管理的相关概念和理论基础进行了简略阐述,分析和研究了甘肃移动客户信息安全管理的现状以及客户信息安全管理工作存在的问题。最后,本文通过风险管理的方法分析得出甘肃移动客户信息面临的安全风险和威胁,针对性地提出解决问题的手段和措施。
本文在对甘肃移动客户信息安全管理分析和研究的过程中,重点关注了企业内部管理存在的因为流程设计与制度管理不完善,安全管控措施落实不到位,缺少技术支撑等问题引发或者导致的客户信息被泄露或者滥用的风险。通过强化制度管理和培训,建立4A安全管理系统,同时加大同步规划、同步建设、同步运营三同步的管理力度以及加强对客户信息安全管理事前、事中、事后三阶段的安全管控等措施的实施,以提升甘肃移动客户信息安全管理水平和客户满意度。
Mobile Internet times, stealing private information technology and means of changing and upgrading, the market has formed a chain of interests of personal information illegally, selling. With customer rights awareness and constantly upgrading requirements of their own privacy information protection, as the communication operators, China Mobile is facing great challenges in advancing process of customer information security work.
Therefore, the research on information security management for Gansu mobile customers as the topic, focusing on security risks existing customers of Gansu mobile information security management and customer information analysis, and puts forward improving measures. This paper first introduces the background of Gansu mobile information security management and the research significance, and research content and ideas. Secondly, in this paper, the concepts related to information security management and the theory basis of the brief description, analysis and study of the existing customers of Gansu mobile information security management and customer information security management problems. Finally, the paper draws the face of Gansu mobile customer information security risks and threats through the method of risk management and analysis, and puts forward the means and measures to solve the problem.
In the process of Gansu mobile customer information security management analysis and research, focus on the enterprise internal management system for design and process management is not perfect, the security control measures implementation is not in place, lack of technical support, cause or lead to customer information was leaked or the risk of abuse. By strengthening the system management and training, the establishment of4A security management system, and increase the synchronized planning, construction, synchronous operation three synchronous management and strengthening the implementation of prior, during and after the event, the three phase of the security control measures for customer information security management, to enhance the customers of Gansu mobile information security management and customer satisfaction.
引文
[1]杜杰.企业风险管理实务.第一版.机械工业出版社,2008,1.
[2]胡杰武、万里霜.企业风险管理.第一版.清华大学出版社,2011,8.
[3]ISEC国家信息化安全教育认证管理中心.信息安全技术.第一版.广州出版社
[4]孙强等.信息安全管理:全球最佳实务和实施指南.第一版.清华大学出版社,2004,10.
[5]贾铁军.网络安全管理及实用技术.北京:机械工业出版社,2010,8.
[6]杨义先等.信息安全新技术.北京邮电大学出版社,2002,3.
[7]赵跃华,杨铭熙等.信息安全概论.武汉理工大学出版社,2003,6
[8]万里鹏.信息生命周期研究[D].南京:南京大学,2006
[9]栗湘,郑建明等.信息生命周期管理研究[J].情报科学,2006,5
[10]杜国强.信息生命周期管理[M].哈尔滨:黑龙江科学技术出版社,2004
[11]胡爱群,宋宇波.信息安全.武汉:华中科技大学出版社,2011,1
[12]王志强.信息系统的安全管理[J].信息网络安全,2003,1
[13]刘默玲.信息系统安全体系[J].广东广播电视大学学报,2002,03
[14]岳剑梅.信息系统的安全管理研究[J].情报理论与实践,2000,04
[15]戴宗坤,罗万伯.信息系统安全.北京:电子工业出版社,2005
[16]冯登国,张阳.信息安全风险评估综述.通信学报.2004,07
[17]王淑江.网络安全.北京:机械工业出版社,2007
[18]吴世忠.信息安全测评认证理论与实践.合肥:中国科学技术大学出版社,2006
[19]范红.信息安全风险评估标准编制工作情况汇报.信息安全专委会2004年会,2004
[20]王代潮,曾德超.信息安全管理平台一一理论与实践[M].北京:电子工业出版社,2007,05