All five options belong to the main management requirements of information security in the main framework of information technology risk management.
The main management requirements are as follows:
1. Information technology departments should implement information security management functions.
2. A process for effectively managing user authentication and access control should be established.
3. The network should be divided into different logical security domains according to the information security level.
4. Ensure the safety of all computer operating systems and system software.
5. The security of all information systems should be ensured.
6. Relevant policies and processes should be formulated to manage the activity logs of all production systems to support effective auditing, security forensics analysis and fraud prevention.
7. Encryption technology should be adopted to prevent the risk of leakage or tampering of confidential information during transmission, processing and storage, and a password equipment management system should be established to ensure the use of encryption technology and encryption equipment that meet national requirements; Employees who manage and use password equipment have undergone professional training and strict examination; The encryption intensity meets the information confidentiality requirements; Formulate and implement effective management processes, especially the life cycle management of keys and certificates.
8. An effective system should be equipped to ensure the safety of all end-user equipment, and all equipment should be checked regularly.
9. Relevant systems and processes shall be formulated to strictly manage the collection, processing, storage, transmission, distribution, backup, recovery, cleaning and destruction of customer information.
10. All employees should be given necessary training, so that they can fully master the information technology risk management system and process, understand the consequences of violating the regulations, and adopt a zero tolerance policy for violations of safety regulations.