First, the information security management system solves the information security problem of insurance companies.
By implementing information security technology and information security management system, the insurance industry has solved a large number of universal information security problems and formed its own characteristics and management advantages in information security management. The summary is as follows:
A more detailed security strategy has been formulated, and the IT system of the Head Office will be directly decentralized to branches at all levels.
In terms of security organization, an information security organization was established in combination with the requirements of the CIRC to set up a "network security working group", with the company's main leaders as the team leader and deputy team leader, and members composed of major business departments, human resources departments, audit departments and information technology departments.
In terms of physical environment, the construction of the computer room is in accordance with the national Grade A computer room standard and conforms to the relevant national standards. The computer room is subject to authorized access management, with strict examination and approval procedures and access records, and the fire prevention, waterproof, air conditioning and electricity consumption of the physical environment basically meet the safety requirements.
Establish a reasonable network infrastructure of the head office and branches, and the network core switches and routers have fault tolerance; The company's important WAN access dedicated line is redundant.
The website adopts webpage tamper-proof technology and checks it regularly. Employees' access to the Internet is restricted to varying degrees, and foreigners have dedicated network segments.
Centralized antivirus management and patch management of employees' personal computers, and regular security inspection of important hosts and network equipment.
In the development, management and application of computer information systems, there are relatively clear requirements for the division of responsibilities. In the design, development and testing environment of the core business system, the host environment can be basically separated, and the software source code can be managed centrally through the version controller.
Important business systems and data have good backup measures, especially data storage in different places.
IT personnel have a strong sense of responsibility and hard work, and can basically maintain the normal operation of the system under overload.
Second, the information security management system is solving the information security problem of insurance companies.
At present, the information security of the insurance industry still needs to be improved and improved. Compared with international standards and best information security practices, there are still some gaps, especially in asset management, physical and environmental security, human resource management, communication and operation management, access control and software development.
The information security management system is solving the information security problems in the insurance industry mainly in the following aspects:
Information security investment
Information technology planning
asset management
Human resource security
Physical and environmental safety
Communication and operation management
access control
Acquisition, development and maintenance of information system
Information security incident management
Further reading: How to buy insurance, which is good, and teach you how to avoid these "pits" of insurance.