Abstract: The authors analyze the status quo of security network system, describe such essential factors of the security system in enterprise information system as the elements of network layer, mainframe layer, and application layer, etc. and build the information security system. By using the key technology, such as dividing network boundary, putting up choke point, deep defense, stronghold mainframe, data redundancy and so on, they propound the conception of security information center, and describe basic policies, such as the weakest link, minimum right, defending both inside and outside, etc. At last the non-technology factors are also analyzed.