共查询到20条相似文献,搜索用时 0 毫秒
1.
International information security management guidelines play a key role in managing and certifying organizational IS. We analyzed BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP, and the SSE-CMM to determine and compare how these guidelines are validated, and how widely they can be applied. First, we found that BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP and the SSE-CMM were generic or universal in scope; consequently they do not pay enough attention to the differences between organizations and the fact that their security requirements are different. Second, we noted that these guidelines were validated by appeal to common practice and authority and that this was not a sound basis for important international information security guidelines. To address these shortcomings, we believe that information security management guidelines should be seen as a library of material on information security management for practitioners. 相似文献
2.
Managing information security as opposed to the IT security is an area that is now eventually coming of age. For many years the focus has been mainly on IT security and with the implementation of such security left to the IT department and technical experts. Early in the 90s things started to change with the first draft of an information security management standard BS 7799 focusing in on security related to people, processes, information as well as IT. Since then there has been many developments taking us to where we are today with these early security management standards being transformed in international standards published by ISO/IEC. These standards are being used by hundreds of thousands of organisations using these standards worldwide. Based on the authors previously copyrighted writings, this article explores what these standards have got to offer organisations, what benefits are to be gained and how such standards have helped with compliance. In particular it focuses in on the insider threat as an example of one of the growing problems that organisations need to deal with and how these international standards are useful in helping to solve the insider threat problem. 相似文献
3.
《计算机安全》2003,(5)
The analysis system is a collection, configuration and integration of software programs that reside on multiple interconnected computer platforms The software, less computer operating systems, is a combination of sensor, analysis, data conversion, and visualization programs The hardware platforms consist of several different types of interconnected computers, which share the software programs, data files, and visualization programs via a Local Area Network (LAN) This collection and integration of software and the migration to a single computer platform results in an approach to LAN/WAN monitoring in either a passive and/or active mode. The architecture permits digital data input from external sensors for analysis, display and correlation with data and displays derived from four major software concept groups These are: Virus Computer Code Detection; Analysis of Computer Source and Executable Code,. Dynamic Monitoring of Data Communication Networks; 3-D Visualization and Animation of Data 相似文献
4.
5.
Characteristic features of security management for the cyber-physical system (CPS) have been distinguished. Existing approaches to the CPS security management have been systematized and their limited use in the CPS has been shown. An homeostatic approach to security management based on the CPS functional stability preservation has been proposed. A structure of homeostat for controlling the CPS has been described. A homeostatic model has been developed using logical predicates. The criteria for assessing the functional stability of the CPS have been proposed. The results of experimental studies showing the applicability of the proposed criteria have been presented. 相似文献
6.
策略化的安全策略集中管理模型研究 总被引:1,自引:0,他引:1
苗莽 《网络安全技术与应用》2005,1(2):42-44
分析了现存安全策略集中管理模型,提出了一种更为灵活的策略化的安全集中管理模型,并就此模型实现的关键技术做论述。最后就本模型和既有模型作出对比。 相似文献
7.
Lizzie Coles-Kemp 《Information Security Technical Report》2009,14(4):181-185
In May 2009 the Information Security Group, Royal Holloway, became host to a medical sociologist from St. George’s Hospital, University of London, under EPSRC’s discipline hopping scheme. As part of this knowledge transfer activity, a sociotechnical study group was formed comprising computer scientists, mathematicians, organisational researchers and a sociologist. The focus of this group is to consider different avenues of sociotechnical research in information security. This article briefly outlines some of the areas of research where sociotechnical studies might contribute to information security management. 相似文献
8.
9.
10.
11.
医院信息系统中的网络安全与管理 总被引:3,自引:0,他引:3
黄伟 《网络安全技术与应用》2010,(12):22-24
在医院信息化规模不断扩大的同时,网络安全与管理逐渐成为网络工程师关注的热点。医院信息系统的正常运行是保证医院医疗业务正常开展的关键。只有建立完善的安全体系,才能保证网络提供的各项业务信息安全、可靠和准确。 相似文献
12.
13.
廖添德 《网络安全技术与应用》2014,(5):187-188
在信息技术高度发达的今天,越来越多的部门需要利用网络传输与管理信息,互联网已经成为政府、企事业单位快速获取和传输信息的渠道,给人们的政治、经济和生活带来很多方便,但也为入侵者提供了方便之门,信息安全问题也显现出来. 相似文献
14.
王亚敏 《计算机光盘软件与应用》2010,(7):5-5
面对飞速发展的信息产业,信息安全不容忽视,特别是办公信息系统安全更不容忽视。本文首先阐述了计算机信息系统安全管理的必要性,其次,分析了计算机信息系统安全的属性,同时,就如何加强计算机信息系统安全的管理提出了自己的看法和建议,具有一定的参考价值。 相似文献
15.
邹建森 《网络安全技术与应用》2014,(3):146-147
机场安防综合监控管理系统是机场安全的重要保障,是机场能够正常运行的重要技术支撑。近年来我国国内某些机场出现了爆炸、混乱等伤及乘客生命安全的事故,如果机场具有完善的机场安防综合监控管理系统,那tl,此类问题大可以避免发生。本文将时机场安防综合监控管理系统进行详细研究,提出机场安防的几个要点,并对几个主要的安防子系统进行具体研究, 相似文献
16.
17.
On 15 November 2001, the executive board of the International Committee for Information Technology Standards approved a new CD-based geographic information standard. Security experts consider this standard to be integral to homeland security because military facilities and commercial airports will use it in key functions such as site and environmental planning. Two weeks later, the INCITS executive board announced the formation of a new technical committee, MI, devoted to biometrics standards. In this case, standards professionals and other subject matter experts will directly support the US Patriot Act through their work. These two examples show how de jure standards work through a streamlined process that enables emerging technologies to solve urgent problems. They belie a popular notion that market-driven, relevant standards must come from consortia formed on the fly 相似文献
18.
对多级分布式的大型网络进行集中安全管理,可以有效提高网络的安全防御能力和安全管理效率,成为网络安全研究的一个迫切问题。阐述一种多级分布式安全管理系统(MD-SMSMultilevelandDistributedSecurityManagementSystem),首先描述其体系结构,然后讨论设备建模和应急处理等问题,最后以Worm_Sasser蠕虫为例,分析其网络协同防御能力。 相似文献
19.
计算机桌面安全防护系统安全管理功能设计 总被引:3,自引:0,他引:3
为解决计算机桌面的安全防护问题,在实现安全防护基本功能的基础上,设计了系统安全管理功能,用于对系统各角色进行管理.根据计算机桌面安全防护系统总体设计需求,在借鉴公钥基础设施(PKI)管理模式的基础上,结合电子钥匙设计了具备用户权限分配,证书生成管理、身份认证协议,加密算法选择和会话密钥协商等功能的安全管理功能模块.经过测试和分析结果表明,设计的安全管理功能较好解决计算机桌面安全防护系统的安全管理问题. 相似文献
20.
针对信息安全系统对问卷的要求,分析了组卷的约束条件,建立了组卷的数学模型,并提出了改进的遗传算法求解纽卷问题的新方法。实验结果表明,所提出的新算法相对于传统算法更加有效,组卷成功率高,具有较好的性能和实用性。 相似文献