我国电信运营企业存在巨大的信息安全风险,并且缺乏风险管理意识、系统的管理方法和可参考的成熟经验。为解决我国电信运营企业缺乏系统的信息安全风险管理方法问题,对其信息安全风险管理体系进行研究。通过文献研究和现状调查,得出现阶段电信运营企业面临的三大主要信息安全风险；结合复杂多变的风险现状,根据风险管理理论,提出PDCA循环模式是适合我国电信运营企业的风险管理模式；在此基础上构建基于PDCA循环的信息安全风险管理体系。另深入研究该体系建设过程中各模块的实施原则和方法,为进行体系化地信息安全风险管理提供理论基础和依据。

Telecom operating companies are faced with amount of information security risks. However, they are lack of awareness and systematical methods of managing information security risk. There is also little mature experience as reference. In order to solve the problem of management method, information security risk management system are studied. Through literature research and the present situation investigation, three main information security risks of present stage for telecom operators were analyzed; according to the theory of risk management, together with complex and changing risks, PDCA cycle was considered to be suitable for telecom operators of China. And information security risk management system based on PDCA cycle for telecom enterprises was built. At last, implementation principles and methods of each module for the process of system construction were studied. It provides theoretical foundation for information security risk management work systematically.

F49；F62

无