XXXX 单位单位信息安全总体规划信息安全总体规划20XX 年 XX 月第 1 页共 24 页目 录1概述.........................................................................................................................41.1信息安全现状...........................................................................................41.2信息安全建设思路...................................................................................41.3信息安全建设原则...................................................................................61.3.1统一规划............................................................................................61.3.2分步有序实施....................................................................................71.3.3技术管理并重....................................................................................71.3.4突出安全保障....................................................................................71.4信息安全建设目标...................................................................................81.4.1一个目标............................................................................................81.4.2两种手段............................................................................................81.4.3三个体系............................................................................................82信息安全体系框架.................................................................................................92.1安全目标模型...........................................................................................92.2信息安全体系框架组成.........................................................................102.2.1安全策略..........................................................................................112.2.2安全技术体系..................................................................................122.2.3安全管理体系..................................................................................122.2.4运行保障体系..................................................................................152.2.5建设实施规划..................................................................................153信息安全建设内容...............................................................................................163.1建立管理组织机构.................................................................................163.2物理安全建设.........................................................................................163.3网络安全建设.........................................................................................173.4系统安全建设.........................................................................................173.5应用安全建设.........................................................................................173.6系统和数据备份管理.............................................................................173.7应急响应管理.........................................................................................18第 2 页共 24 页3.8灾难恢复管理.........................................................................................183.9人员管理和教育培训.............................................................................184信息安全策略............................................................
