摘要
近年来,信息安全的风险日益加大,保监会对防范网络安全风险非常重视,陆续推出了信息安全建设相关要求,特别是针对信息安全的风险评估,做出了明确的指示,应定期对信息系统进行安全风险评估,以切实提高信息系统防御风险的能力。为此,国内保险企业为了明晰当前的安全现状,更好地促进安全保障工作,切实提高安全保障水平,陆续开展了信息安全风险评估,对提升信息系统的整体安全水平起到了明显的支撑。文中将从安全风险评估来介绍如何在保险行业开展风险评估工作。
With the increasing risk of information security in recent years, the management of network security risk is of utmost importance. Thus CIRC(China Insurance Regulatory Commission) formulates relevant regulations on the construction of information security system, and in particular, makes clear instruction that insurance companies should conduct regular security risk assessments, and effectively improve the ability in risk management, as risk assessment could provide a foundation for risk management. Consequently, the domestic insurance companies actively carries out information security risk assessment, thus to understand their current security situation of network and promote the information security. These regulations have a significant support to the overall security level of information system. This paper describes how to carry out comprehensive security risk assessment in insurance companies.
出处
《信息安全与通信保密》
2013年第3期77-79,共3页
Information Security and Communications Privacy
关键词
信息安全
等级保护
风险评估
information security
classified protection
risk assessment
