Canadian Social Science

Information security refers to the information network hardware, software and its system of data protection, not subject to destroyed, changed or leaked by accidental or malicious reasons. System can be running continuously、reliably and normally. Information services can’t be interrupted. The confidentiality, authenticity, integrity, unauthorized copying and its parasitic system security of the information is ensured. Information security in the Corporate Office is the key of enterprise modern office. Once be neglected, it is easy to bring a series of negative impacts. In this paper, the information security in enterprises office is to be discussed briefly.

Key words: Information; Security; Threats; Strategy

A Road Map for Digital Forensic Research (2001). Digital Forensic Research Workshop.

Vicka Coreyet (November & December 2002). Network Forensics Analysis. IEEE Internet Computing.

ISO/IEC 17799 (2005). Information technology-Code of practice for information security management.

ISO/IEC 17799 (2005). Information technology - Security techniques - Code of practice for information security management (2nd ed.).

ISO/IEC 17799 (2002). Information technology-Code of practice for information security management.

ISO/IEC TR 13335-2 (1997). Guidelines for the management of IT Security Part 2:Managing and Planning IT Security.

ISO/IEC TR 13335-4 (1999). Guidelines for the management of IT Security Part 4:Selection of Safeguards.

ISO/IEC 15408 (1998). Information technology-Security techniques-Evaluation Criteria for IT Security-Part 1: Introduction and general model.

ISO/IEC TR 18044 (2004). Information technology-Security techniques-Information security incident management.

NIST SP800-18 (1998). Guide for Developing Security Plans for Information Technology Systems.

NIST SP800-30 (July, 2002).Risk Management Guide for Information Technology Systems.