Abstract: This paper analyzes the security management activities of the information system life cycle, and from the perspective of the information system builders, combined with the PDCA model and system security engineering ideas, and proposes a continuous optimization closed-loop control model for information system security management, and explain the safety management activities of the builders at each stage of the life cycle of the information system, and realize the safety management at all stages of the life cycle of the information system by planning safety goals, designing safety systems, implementing safety development, verifying safety goals, and continuing to maintain safety. The management objects, management activities and management objectives of each stage will ultimately provide information system builders with ideas for information system safety management throughout the life cycle.

Key words: information system, safety goal, safety system, full life cycle, security management, security assurance

摘要： 本文通过分析信息系统生命周期的安全管理活动，从信息系统建设者视角出发，结合PDCA模型和系统安全工程思路提出了针对信息系统安全管理的持续优化闭环控制模型，阐述信息系统全生命周期各阶段建设者的安全管理活动，通过规划安全目标、设计安全体系、落实安全开发、验证安全目标、持续维护安全等工作实现信息系统全生命周期各阶段的安全管理，明确每个阶段的管理对象、管理活动和管理目标，最终为信息系统建设者提供信息系统全生命周期安全管理思路．

关键词: 信息系统, 安全目标, 安全体系, 全生命周期, 安全管理, 安全保障