首页 | 本学科首页   官方微博 | 高级检索  
     

企业信息安全法律治理
引用本文:张敏,马民虎. 企业信息安全法律治理[J]. 重庆大学学报(社会科学版), 2020, 26(5): 143-155
作者姓名:张敏  马民虎
作者单位:西安交通大学 法学院, 陕西 西安 710049
基金项目:国家社会科学基金重大项目"网络社会治理创新研究"(15ZDA047);国家社会科学基金一般项目"我国网络安全立法研究"(15BFX050)
摘    要:企业信息安全法律治理可有效保障国家网络与信息安全,捍卫个人权益,促进产业在"安全"中得以"发展"。我国相关立法中规定的企业安全保护义务多为静态性、措施性的管理性义务,不足以防御多变的安全风险;企业安全法规遵从激励机制缺失,合规动力不足;企业信息安全文化的普及力度欠缺。解决以上难题,应基于"法律治理"思维,将"法人治理"定位为企业信息安全法律治理的重心。在制度设计层面,适当借鉴美国企业信息安全法律治理在立法监管与企业自治中的有益经验,以信息安全法律治理的基本原则为指引,充分发挥立法激励作用,鼓励所有企业建立强制与自愿相结合的信息安全"法人治理"结构,对企业董事、高官人员的信息安全义务之履行予以充分重视,增强企业信息安全文化建设,凸显安全文化的价值。

关 键 词:法律治理  协同治理  信息安全义务  信息安全法人治理
修稿时间:2019-09-06

Legal governance of enterprise information security
ZHANG Min,MA Minhu. Legal governance of enterprise information security[J]. Journal of Chongqing University(Social Sciences Edition), 2020, 26(5): 143-155
Authors:ZHANG Min  MA Minhu
Affiliation:School of Law, Xi''an Jiaotong University, Xi''an 710049, P. R. China
Abstract:Legal governance of enterprise information security is an effective way to ensure national network and information security, defend personal information rights and interests, and promote the industry to "develop" in "security". The enterprise information security obligations in China''s Law are mostly in static and tactical state, which can not protect against the changeable security risks. The incentive mechanism of compliance with the laws and regulations of enterprises is lacking, and the motivation to compliance is insufficient. The popularization of information security culture is lacking. In order to solve the above problems, we should base on the thinking of legal governance and position "corporate governance" as the focus of legal governance of enterprise information security. In the level of system design, we should draw lessons from the beneficial experience of American enterprise information security legal governance in legislation supervision and enterprise autonomy, take the basic principles of information security legal governance as the guide, give full play to the role of legislative incentive, encourage all enterprises to establish a mandatory and voluntary information security "corporate governance" structure, attach importance to the implementation of information security obligations of the directors and senior executives, promote the construction of enterprise information security culture, and highlight the value of security culture.
Keywords:governance of law  collaborative governance  information security obligations  information security corporate governance
点击此处可从《重庆大学学报(社会科学版)》浏览原始摘要信息
点击此处可从《重庆大学学报(社会科学版)》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号