中央广播电视大学（以下简称中央电大）充分利用先进的计算机技术和网络通信技术，历经十多年的建设，己初步建立了较为完善的信息系统，开发、部署和运行着多个B/S结构的应用，有效支撑了业务的快速发展。中央电大区别于传统的校园大学，没有物理的校园，充分利用互联网没有边界、不受地域和时间限制的特点，在互联网上建立起虚拟校园，从99年开始创新性地开展远程开放教育实践，截止2008年，全国2900万各级各类高等教育在校生中，有287万是中央电大开放教育的学生，占全国各级各类高等教育在校生的1/10，中央电大已经成为我国远程开放教育的主力军。伴随着信息化校园的建设、业务的蓬勃发展，中央电大校园网内部和外部出现的网络威胁的种类和数量也越来越多，信息安全风险越来越高，对校园网安全体系进行改进和提升成为首要任务。论文首先对信息安全三元论、P2DR模型、生命周期等理论体系进行了回顾和总结，并参考有关概念，提出信息安全体系设计步骤，即确认信息安全目标，明确信息资产，进行威胁和风险评估，确定信息安全策略并设计实现。之后按照以上步骤，对中央电大校园网络建设的实际情况和信息安全需求进行了全面深入分析，确定了中央电大信息安全目标，确认了有关的信息资产，从环境和硬件、网络层、操作系统、数据库、应用层、操作层等进行了威胁和风险分析，确定了中央电大校园网安全策略，并参考成熟的安全模型和最佳实践，采用模块化的设计思路，设计出了适应中央电大校园网络的安全方案。该方案已在中央电大校园网得到部分实施，结果表明，该方案设计合理，能满足校园网的安全需求。

After ten years of construction, China Central Radio and TV University (CCRTVU) has initially established comparatively advanced information systems, developed, deployed and run several browser/server architecture applications through making full use of computer and network communication technology, which supports the rapid development of business. CCRTVU is quite different from the traditional universities and has no physical campus. And the internet technology is very suitable to CCRTVU and free from geographic and time constraints. CCRTVU has built the virtual campus in the internet, which is very innovative. By the end of 2008, 2.87 million students 1 out of 10 among 29 million students of higher education in all levels in China had been from CCRTVU. CCRTVU is the main force of China in open and distance education field. With the construction of the campus information technology, there are more and more network security threats of different kinds and high number from internal and external campus network, and the risk of information security is much higher than before. It becomes the top priority to change and improve the information security system of CCRTVU. The paper reviews the theories about information security such as a tripe system, P2DR model and life-cycle, refers to some concepts and then draws up the steps about how to design the information security system. First, confirms the aims. Second, counts the assets. Third, assesses the threats and risks. Fourth, makes the policies and implementation. After the steps above, the paper analyzes the present situation in depth and requirements, confirms the aims of CCRTVU, makes it clear about the information security assets, and then analyzes the security risks from the aspects of hardware and environment, network layer, operation systems, database, applications, daily operations etc, establishes the information security policies for CCRTVU and finally designs information security plan by referring to the mature security model and best practice. The security Plan has been partially implemented in the network of CCRTVU . The network operations show that the security plan is reasonable and in accord with the requirement of security.