企业信息安全法律治理

企业信息安全法律治理可有效保障国家网络与信息安全，捍卫个人权益，促进产业在"安全"中得以"发展"。我国相关立法中规定的企业安全保护义务多为静态性、措施性的管理性义务，不足以防御多变的安全风险；企业安全法规遵从激励机制缺失，合规动力不足；企业信息安全文化的普及力度欠缺。解决以上难题，应基于"法律治理"思维，将"法人治理"定位为企业信息安全法律治理的重心。在制度设计层面，适当借鉴美国企业信息安全法律治理在立法监管与企业自治中的有益经验，以信息安全法律治理的基本原则为指引，充分发挥立法激励作用，鼓励所有企业建立强制与自愿相结合的信息安全"法人治理"结构，对企业董事、高官人员的信息安全义务之履行予以充分重视，增强企业信息安全文化建设，凸显安全文化的价值。

Legal governance of enterprise information security

Legal governance of enterprise information security is an effective way to ensure national network and information security, defend personal information rights and interests, and promote the industry to "develop" in "security". The enterprise information security obligations in China''s Law are mostly in static and tactical state, which can not protect against the changeable security risks. The incentive mechanism of compliance with the laws and regulations of enterprises is lacking, and the motivation to compliance is insufficient. The popularization of information security culture is lacking. In order to solve the above problems, we should base on the thinking of legal governance and position "corporate governance" as the focus of legal governance of enterprise information security. In the level of system design, we should draw lessons from the beneficial experience of American enterprise information security legal governance in legislation supervision and enterprise autonomy, take the basic principles of information security legal governance as the guide, give full play to the role of legislative incentive, encourage all enterprises to establish a mandatory and voluntary information security "corporate governance" structure, attach importance to the implementation of information security obligations of the directors and senior executives, promote the construction of enterprise information security culture, and highlight the value of security culture.