← 返回首页

信息安全管理

Information Security Management

课程介绍 Course Introduction

学分:3 | 先修课:计算机基础 | 学期:第5学期

信息安全管理课程从管理与技术双重维度讲授企业信息资产保护方法。主要内容包括信息安全基础(CIA三要素)、风险评估与管理、ISO 27001与等保2.0体系、访问控制与身份认证、加密技术应用、网络安全防护(防火墙、IDS/IPS)、应急响应与业务连续性、安全审计与合规。培养学生制定安全策略与治理体系的能力。

Information Security Management covers enterprise information asset protection from both managerial and technical perspectives. Topics include the CIA triad, risk assessment and management, ISO 27001 and MLPS 2.0, access control and authentication, applied cryptography, network defenses (firewalls, IDS/IPS), incident response and business continuity, and security audit and compliance, building strategy and governance capability.

大作业 Final Project

作业标题:企业信息安全风险评估报告

学生小组选定一家模拟企业,按ISO 27001流程开展资产识别、威胁与脆弱性分析、风险评估(定性定量方法)与处置计划。制定信息安全策略、管理制度与应急响应预案,输出完整风险评估报告与改进建议。提交报告文档并进行课堂答辩。

Teams select a simulated enterprise and follow the ISO 27001 process to conduct asset identification, threat and vulnerability analysis, risk assessment (qualitative and quantitative), and treatment planning. Deliverables include security policies, management procedures, an incident response plan, and a full risk assessment report with improvement recommendations, followed by a class defense.