摘要
该文阐述了信息系统应急管理体系建设的必要性,并且详细分析了业务连续性管理与应急管理的关系以及应急管理体系的动态过程,在风险管理和业务连续性管理的基础上,结合国内外最佳实践标准,设计一套基于业务连续性管理的应急管理体系框架。该管理体系框架从事前(建立应急预案体系、日常技术保障、应急演练),事中(预案选择、应急响应、预案评估)、事后(现场恢复、总结改进)以及贯穿整个应急管理过程的培训出发,构建完整的网络安全事件应急管理体系,围绕安全事件的全过程管理,达到可接受的网络安全水平,从根本上保证信息系统运行的持续性。
This paper expounds the necessity of building an emergency management system for information systems,and analyses in detail the relationship between business continuity management and emergency management,as well as the dynamic process of emergency management system.On the basis of risk management and business continuity management,and combining the best practice standards at home and abroad,a framework of emergency management system based on business continuity management is designed.The framework of the management system is to build a complete emergency management system of network security incidents from the aspects of pre-establishment(emergency plan system,daily technical assurance,emergency exercise),in-process(plan selection,emergency response,plan evaluation),post-event(site restoration,summary and improvement)and training throughout the whole emergency management process,and to achieve the goal around the whole process management of security incidents.The acceptable level of network security fundamentally guarantees the continuity of information system operation.
作者
姜琪
李亚龙
张洁
马犇
JIANG Qi;LI Ya-long;ZHANG Jie;MA Ben(Information Center of Anhui Seismological Bureau,Hefei 230031,China)
出处
《电脑知识与技术》
2019年第8Z期42-45,共4页
Computer Knowledge and Technology
关键词
业务连续性管理
应急管理
应急演练
应急预案
Business Continuity Management
Emergency Management
Emergency Exercise
Emergency Plan
