Information security technology system includes physical security technology, system security technology, network security technology, application security technology and management security. OSI divides the whole communication function into seven layers, namely, application layer, presentation layer, session layer, transport layer, network layer, data link layer and physical layer. Common security mechanisms include protection mechanism, detection mechanism and recovery mechanism.
ISMS (Information Security Management Systems) is a system that organizes the establishment of information security policies and objectives in a whole or a specific scope, and the methods used to achieve these objectives.
It is based on the business risk method to establish, implement, run, monitor, review, maintain and improve the organization's information security system, and its purpose is to ensure the organization's information security. This standard provides a public foundation for organizations to formulate safety standards and effective safety management practices, and provides trust for communication between organizations.
Information Security Management System (ISMS) is a systematic, procedural and documented management system, which belongs to the category of risk management. The establishment of this system needs a systematic, comprehensive and scientific safety risk assessment.
ISMS embodies the idea of prevention first and control second, emphasizing compliance with national information security laws and regulations, and emphasizing the whole process and dynamic control. Based on the principle of balancing control cost and risk, ISMS reasonably chooses security control methods to protect the key information assets owned by the organization and ensure the confidentiality, integrity and availability of information, thus maintaining the competitive advantage of the organization and the continuity of business operations.