**系统网络与信息安全总体策略
5.1 操作规程和职责.........................................................................................................................16
5.2 操作变更控制.............................................................................................................................16
5.3 系统计划编制和批准.................................................................................................................17
5.4 软件和信息保护.........................................................................................................................17
5.5 介质的处理和安全性.................................................................................................................17
5.6 维护完整性和可用性.................................................................................................................17
5.7 鉴别和网络安全.........................................................................................................................17
5.8 数据交换.....................................................................................................................................18
5.9 操作人员日志.............................................................................................................................19
5.10 错误日志记录...........................................................................................................................19
5.11 网络安全管理...........................................................................................................................19
5.12 信息和软件交换.......................................................................................................................20
5.13 网上**安全...............................................................................................................................20
5.14 电子邮件安全...........................................................................................................................20
5.15 病毒防范策略...........................................................................................................................21
5.16 因特网安全策略.......................................................................................................................21
5.17 备份与恢复...............................................................................................................................22
5.18 入侵检测...................................................................................................................................22
5.19 加密...........................................................................................................................................23
6 访问控制..............................................................................................................................................23
6.1 应用程序访问控制.....................................................................................................................23
6.2 计算机访问控制.........................................................................................................................24
6.3 帐号管理.....................................................................................................................................24
6.4 口令管理.....................................................................................................................................25
6.5 权限管理.....................................................................................................................................27
7 系统开发和维护..................................................................................................................................27
7.1 系统的安全需求.........................................................................................................................27
7.2 信息系统的安全.........................................................................................................................27
7.3 信息系统文件的安全.................................................................................................................27
7.4 开发和支持环境的安全.............................................................................................................28
7.5 软件开发和维护.........................................................................................................................28
8 个人计算机和信息安全......................................................................................................................29
9 风险管理..............................................................................................................................................29
10 业务连续性管理,恢复....................................................................................................................29
10.1 业务连续性管理的特点...........................................................................................................29
10.2 业务连续性管理程序...............................................................................................................30
10.3 业务连续性和影响分析...........................................................................................................30
10.4 编写和实施连续性计划...........................................................................................................30
10.5 业务连续性计划框架...............................................................................................................31
10.6 业务连续性计划的检查、维护和重新分析...........................................................................31
第 3 页 共 33 页
