摘要
研究我国供应链目前普遍存在的信息安全问题,参考众多企业积累的经验,吸取供应链信息安全领域的最新理论研究成果,提出供应链信息安全体系框架。该框架由信息安全治理、信息安全管理、基础安全服务和架构、第三方信息安全服务与认证机构和供应链信息安全技术标准体系五个部分构成。在具体运用中从供应链整体业务需求出发,参照供应链信息安全体系框架,通过评估和风险分析等方法,定义供应链及其节点企业安全需求,并最终确定供应链信息安全建设的内容和方向。
The paper studies some common issues of information security in our supply chain, such as employees are con- scious of information security, information security management does not follow the principle, there is a lack of a unified planning of information security strategic and mechanism of prevention, adverse selection and moral hazard exists between cooperation enterprises. To address these issues, reference experience of enterprises accumulates and the latest theoretical studies of information security in supply chain are absorbed, The paper then proposes an information security framework in supply chain, which consists of enterprise information security governance, enterprise information security management, infrastructure security services and architecture, thirdparty information security services and certification authority and information security technology standard system of supply chain.
出处
《科技管理研究》
CSSCI
北大核心
2014年第5期171-174,共4页
Science and Technology Management Research
基金
浙江省教育厅项目成果"‘政产学’三螺旋理论下浙江省高技能人才培养创新模式研究"(Y201225005)
杭州市软科学专项"基于知识产权管理的战略性新兴产业技术创新联盟发展机制研究"(20110934M15)
关键词
供应链
信息安全
体系
框架
supply chain
information security
system
architecture
