With the rapid development and the widespread using of information technology,computer based test has become the direction of the reform and development of the traditional paper and pencil tests. As such a large number of test information has been stored and used in the information system, the examination department has to be faced with the reality of establishing the system of protecting the examination information security. To protect the exam information and to safeguard the fairness and impartiality of the exam, the examination department can use the ISO27001 standard as the foundation of establishment, implementation, operation, monitoring, reviewing, maintaining and improving information security management system. According to the ISO27001 standard, we can evaluate the information security risks and design the information security strategies. This paper analyses the risks in various aspects of the work and the security needs, designing strategies to protect the information security in computer based test according to the ISO27001 standard, in order to help examination department to build the information security system.% 随着信息技术的迅猛发展和普遍运用,计算机化考试已经成为传统纸笔考试改革发展的方向。由于大量考试信息依赖于信息系统存载和使用,考试信息的安全防护体系建设是考试机构面临的新的现实问题。为保护考试信息的安全,维护考试的公平和公正,考试机构可利用ISO27001标准作为建立、实施、运行、监视、评审、保持和改进考试系统信息安全管理体系的依据,按照ISO27001标准进行信息安全风险评估并设计和制定信息安全防护策略。本文通过分析考试信息安全风险存在的工作环节和安全防护需求,对照ISO27001标准要求,设计考试信息安全防护策略,以期对考试机构的信息安全防护体系建设提供帮助。
展开▼
