Please select To the mobile version | Continue to access the desktop computer version

rtc Board

 Forgot password?
Hot search: 活动 交友 discuz
View: 1222|Reply: 0

The main level of the enterprise information security framework

[Copy link]








Rank: 9Rank: 9Rank: 9

Post time 2019-6-25 10:19:54 | Show all posts |Read mode
The enterprise information security framework consists of three main layers from top to bottom: “security governance, risk management and compliance layer”, “security operation and maintenance layer”, “basic security service and architecture layer”. Security management, risk management and compliance layer are the theoretical basis of the latter two; the security operation and maintenance layer is the management of the whole process of the security life cycle; the basic security service and architecture layer are the technical requirements and functions of enterprise information security construction. Implementer.
(1) Total governance, risk management and compliance
It is at the top of the enterprise information security framework and is the starting point for business-driven security. It mainly includes corporate strategy and governance framework, risk management framework, compliance and strategic compliance. Through the assessment of business and operational risks, determine its strategy and governance framework, risk management framework, define compliance and policy compliance, and establish an information security document management system.
(2) Security operation and maintenance
Security operation and maintenance refers to the process of security organizations using security technology to achieve security protection objectives under the guidance of security policies. It mainly includes security event monitoring, security incident response, security incident auditing, security policy management, security performance management, and security outsourcing services. Security operation and maintenance and IT operation and maintenance complement each other, rely on each other, share resources and information. It is closely linked with security organizations and integrated into business management and IT management systems.
(3) Basic security services and architecture
The underlying security services and architecture define the five core underlying technology architectures and related services in the enterprise information security framework: physical security, infrastructure security, identity/access security, data security, and application security. The basic security services and architecture are the objects of security operation and management, and their functions are guaranteed by each subsystem.
In short, the Enterprise Information Security Framework (ESF V5.0) provides an integrated and standard enterprise information security framework for enterprise information security construction, helping enterprises to quickly understand the status and needs of enterprise information security, and can build the enterprise information security platform. Design and implementation provide guidance and reference, so that the industry's "whole security" theory can be truly implemented.


Use magic Report

You have to log in before you can reply Login | 立即注册

Points Rules

Archiver|手机版|小黑屋|rtcim Inc.  

2020-10-20 13:24 GMT+8 , Processed in 0.052041 second(s), 22 queries .

Powered by Discuz! X3.2

© 2001-2013 Comsenz Inc.

Quick Reply To Top Return to the list