Information security service is the key development direction of information security service, China.

By studying national standards, policies and regulations and accumulating knowledge; Through the research on the characteristics of various industries and business processes and the summary and analysis of engineering experience; Through the research and application of new technologies; Through the statistical analysis of the market development trend, it is predicted that the future security service market in China will have broad development prospects. At the same time, through the analysis of the driving factors of the development of the security service market, the security service system will include several key directions such as security consultation, grade evaluation, risk evaluation, security audit, operation and maintenance management, and security training. What users need more is a targeted, personalized, modular and all-round security service system, which users can choose at will. The development trend of safety consulting service will develop in the direction of industry, with stronger pertinence and more detailed consulting service content. It will be reflected in several key areas such as government, banks and enterprises. The consulting service will focus on the characteristics of the industry and provide targeted safety technology and management consulting services from the aspects of technology, operation and maintenance, management and strategy.

For example, provide enterprises with information security management system ISMS construction consulting, IT service management system ITSM construction consulting, and enterprise IT internal audit consulting; Provide consulting services related to grade protection construction for national government information construction, including government system grading, system planning, system construction and operation and maintenance management consulting. Risk assessment service can help users understand the security situation of their own network information system: identify the asset information that needs to be protected through asset importance analysis; Through system weakness analysis, threat analysis and effectiveness analysis of security measures, the real security threats faced by various assets are determined.

Because of the complex risk assessment process, great technical difficulty, long duration and long cycle, it has seriously troubled the implementation of risk assessment for industry users. Therefore, the development of highly targeted, automated and modular risk assessment tools is the main direction of risk assessment services in the future. It can reduce the difficulty of risk assessment, improve the efficiency of risk assessment, ensure the accuracy of risk assessment, facilitate users to self-evaluate the network information system and reduce the cost of risk management. The security audit service will be strictly based on security policies or standards, and will be used to measure the overall situation of existing protection measures and test whether the existing protection measures are implemented correctly. The purpose of security audit is to know whether the existing environment has been properly protected according to the established security policy. Security audit service may use security audit tools and different audit methods to find security vulnerabilities, so security audit needs a variety of technologies as support. Safety audit is an inspection procedure that needs to be repeated to ensure that appropriate safety measures are effectively implemented. Therefore, the frequency of safety audit will be stronger than the periodicity of safety risk assessment, which is an effective supplement to risk assessment services.

Information system security audit service can help users ensure that the system security policy operates under effective control measures. Help customers strengthen internal control from the aspects of technology, management and personnel, establish a compliance mechanism and deal with compliance review. It is expected that security audit service will be the key direction of information security service industry in the future. Emergency response is one of the typical services in operation and maintenance management, which can effectively reduce users' losses caused by sudden security incidents, effectively help users locate and handle security incidents in time and accurately, and reduce users' losses. Emergency response is mainly aimed at sudden network failure, virus outbreak, network intrusion, host failure, software failure and other events. At present, the Operation and Maintenance Management Office has gradually integrated emergency response with system maintenance, safety reinforcement and safety inspection.

Operation and maintenance management services will maintain a rapid growth trend, and the overall market scale in 2005 has reached 2.332 billion yuan. Operation and maintenance management services have become a powerful driving force for market growth. From 2005 to 2009, the compound annual growth rate of China operation and maintenance management service market will reach 20.3%. In 2009, the overall market size will be close to 8 billion yuan. In view of the broad market prospects, residents' safety operation and maintenance services, regular inspection services, penetration assessment services and safety reinforcement services will become the key directions of safety operation and maintenance management services. In recent years, the demand for projects in information security service is increasing day by day, and the market prospect is broad. In addition to professional organizations in information security service, information security product manufacturers, information security product agents and system integrators will face many opportunities for information security service projects. However, according to the survey results, there is an extreme shortage of professionals in information security service, which is far from meeting the actual demand.