| dc.description.abstract | Information security management is non-ignorable management topic, and the key spirit is to identify important information property in organization and the threat been faced, then under effect resource arrangement plan reasonable control policy, and reduce risk to acceptable range. This is an information security risk management process, key point of management should focus on protection of secrete information in organization,instead of all information access channel, because this will cause enterprise waste cost and lost focus as well. Yearly most of information security events from international and domestic are due to lack of above information security risk management mechanism.
When enterprise during expansion business size, need through information security and management policy to protect the Intelligence Property and secret information, And information user also need security concept to well use company resource, by through regulation, system and authority control to manage and use company information property effetely.
This research based on BS7799 international security spec, and choose printed circuit board A company as case study, based on case study company information, high level management interview and historical experience, integrate all of information then refer to international and domestic articles, and also from company operation status, information security problem, influence of impact, to show importance of information security by effectiveness of measures and concrete results from improvements and know the difference between before and after of information security structure setup.
Information security is continue operating plan, even lots of enterprise already setup information security policy but still can not avoid information security events happens, the reason is ignore the importance of security management and did not update continually. In view of this, the study recommends that companies need to continue finding out and feedback areas need to improve, and continue to update information security plan based on requirement at different phase of information security.
| en_US |