共查询到20条相似文献,搜索用时 0 毫秒
1.
《Information Security Journal: A Global Perspective》2013,22(2):61-73
ABSTRACT Computer system security relies on different aspects of a computer system such as security policies, security mechanisms, threat analysis, and countermeasures. This paper provides an ontological approach to capturing and utilizing the fundamental attributes of those key components to determine the effects of vulnerabilities on a system's security. Our ontology for vulnerability management (OVM) has been populated with all vulnerabilities in NVD (see http://nvd.nist.gov/scap.cfm) with additional inference rules and knowledge discovery mechanisms so that it may provide a promising pathway to make security automation program (NIST Version 1.0, 2007) more effective and reliable. 相似文献
2.
3.
目前管理信息系统虽然提高了企业管理效率,但是对安全管理仍缺少有力的支持,缺乏对企业信息系统安全生产管理的能力验证.文章鉴于企业安全管理和本体建模所共同要求的标准性和通用性,以船舶修造企业为示范领域遴选出安全管理领域的权威标准;依据其并采用"七步法"进行本体建模,抽取概念和关联,建立包含面向领域知识的公理集;最后对船舶修... 相似文献
4.
强化医院信息系统安全的对策 总被引:1,自引:0,他引:1
医院信息化建设大大提高了医院的医疗服务水平,但由于技术、操作等方面的原因,医院信息安全问题成为影响医院信息建设问题的重要因素之一。从医院信息系统安全管理实践存在的问题入手,设计了具有针对性的医院信息系统安全管理体系。 相似文献
5.
6.
CHEN Rong-sheng GUO Yong ZHAN Gui-bao ZENG Zhong-cheng LU Teng-zu LI Zhuang-xiang 《数字社区&智能家居》2008,(36)
针对信息化程度不断提高对企业信息安全的威胁亦越来越大,根据标准的信息安全理论框架,对某企业的信息安全现状进行分析,得出相关结论,并提出了企业在信息安全方面的需求。 相似文献
7.
侯丽波 《网络安全技术与应用》2010,(12):31-33
随着网络的发展,网络安全问题对公共利益、社会秩序和国家安全危害程度也在不断提升,信息系统分等级管理是信息系统安全等级保护工作的突出特点,本文对五个安全保护等级中第三级的物理安全防护措施作详细的介绍。 相似文献
8.
在OWL(web ontology language)中,本体复用主要采用owl:imports.然而,这种复制 粘贴的方式会出现若干问题.基于此,提出一种新的导入原型:语义导入.在本体空间中支持TBox推理机推理和语义导入,以促进本体复用.提出一种基于ALC本体语义导入的TBox推理分布式算法,解决了简单本体空间中Tableaux算法的逻辑推理问题. 相似文献
9.
浅析管理在信息系统安全中的必要性 总被引:1,自引:0,他引:1
在信息系统安全规划和设计中,管理作为信息系统的安全基础和信息系统各安全层面的基本要素,已经成为构建安全、可用信息系统不可或缺的必要条件。文章针对管理在信息系统安全中的作用、特点进行了论述,并结合等级保护政策提出了相应的管理建议。 相似文献
10.
11.
Ambrosio Toval Joaquín Nicolás Begoña Moros Fernando García 《Requirements Engineering》2002,6(4):205-219
Information systems security issues have usually been considered only after the system has been developed completely, and
rarely during its design, coding, testing or deployment. However, the advisability of considering security from the very beginning
of the system development has recently begun to be appreciated, and in particular in the system requirements specification
phase. We present a practical method to elicit and specify the system and software requirements, including a repository containing
reusable requirements, a spiral process model, and a set of requirements documents templates. In this paper, this method is
focused on the security of information systems and, thus, the reusable requirements repository contains all the requirements
taken from MAGERIT, the Spanish public administration risk analysis and management method, which conforms to ISO 15408, Common
Criteria Framework. Any information system including these security requirements must therefore pass a risk analysis and management
study performed with MAGERIT. The requirements specification templates are hierarchically structured and are based on IEEE
standards. Finally, we show a case study in a system of our regional administration aimed at managing state subsidies. 相似文献
12.
13.
14.
L. P. Babenko 《Cybernetics and Systems Analysis》2009,45(1):160-166
A new approach to the organization of life cycles of software systems is proposed that is oriented toward maximally applying
reusable assets at all stages of development of new software products. This approach is based on an original mechanism of
sharing problem domain ontologies and ontologies pertinent to software engineering processes and reusable solution types.
Translated from Kibernetika i Sistemnyi Analiz, No. 1, pp. 180–187, January–February 2009. 相似文献
15.
随着信息产业的高速发展,作为信息系统的基础——物理安全的重要性更加突出,文章根据国家规范对物理安全的相关要求,重点阐述了设备安全和环境安全检测问题,以期与读者共同探讨信息系统安全等级保护测评中物理安全测评的问题. 相似文献
16.
汽车信息系统的安全工作主要集中在分析、挖掘车载信息系统及其功能组件现存的安全漏洞及可行攻击方式的实验验证,缺乏全面、系统的车载信息系统安全测评体系及评估方法。论文在分析车载信息系统安全现状的基础之上,提出将车载信息系统的安全等级划分为:家用车载信息系统和商用车载信息系统,定义了两个等级车载信息系统的保护能力,并借鉴通用信息系统的安全等级保护要求,提出车载信息系统不同保护等级的基本安全要求,首次建立车载信息系统的安全等级测评体系。进一步建立层次化安全评估模型及算法,实现车载信息系统的定量安全评估。通过奥迪C6的安全测评案例证明,提出的等级测评体系及评估方法是可行、合理的,为分析车辆信息系统的安全状况提供支撑,填补了国内车载信息系统安全测评体系及评估方法的空白。 相似文献
17.
《Information Security Journal: A Global Perspective》2013,22(4):164-169
ABSTRACT It is becoming clear that the underground hacking industry as a whole (not just individual hackers) is continually gaining ground despite the best efforts of the information security industry. It seems the latter should have an overwhelming advantage, as a multibillion dollar industry staffed with hundreds of thousands of security professionals. However, the efforts of the information security industry are almost always reactive, and in most cases amount to losing ground on the defensive. The unfortunate and seldom acknowledged truth is that the underground hacking industry is always one step ahead. Why are we so slow to respond when all evidence indicates that such delays lead to enormous business losses? Is it possible that the fundamental way our information system security is organized has some inherited deficiencies which are prohibiting us from successfully mounting an effective defense? Today's losses are becoming too great to say that we are just in need of some evolutionary improvements. Instead, we need to reevaluate the way we go about security business as a whole. In this article, we consider various processes common to both information systems and information system security based on both well-known cases and personal experience. This is our initial attempt to analyze how information system security is organized and to suggest some core changes to its processes. 相似文献
18.
电子政务作为电子信息技术与管理的有机结合,俨然已成为当代信息化的最重要的领域之一。而正是由于其重要性,其信息安全问题更是不容忽视。本文将从其信息安全管理的需求分析,安全威胁方面入手对其安全体系管理及构建给予系统的阐述。 相似文献
19.
由于电子银行管理信息系统采集的数据保密性要求较高,提出的安全要求就相对较高,故对其安全设计就非常重要。从系统安全风险分析、安全要求、安全策略、设计原则、安全手段等5个方面来分析并设计了电子银行管理信息系统的安全方案。 相似文献
20.