共查询到20条相似文献,搜索用时 62 毫秒
1.
2.
信息系统安全体系实施研究 总被引:5,自引:0,他引:5
该文首先介绍了信息系统安全体系研究的现状与发展趋势,然后,论述了信息系统纵深防御与保障体系的体系结构,最后提出了信息系统安全体系的工程实施要求。 相似文献
3.
4.
5.
学校网站得安全问题关系到校方、师生、家长及社会的利益。本文分析了学校网站存在安全问题的原因,就此设计了一个三层次的学校网站安全纵深防御体系构架,其中包括基础设备防护、安全加固防护和健全的网站安全管理措施,为学校网站安全问题变被动为主动的安全防护体系提供借鉴。 相似文献
6.
教育考试信息化是指将先进的信息技术应用到考试的各个环节中,来提高考试工作的效率,促进教育考试改革发展的过程。近年来我国的教育考试信息化建设取得了很大成果,但是与发达国家的教育考试信息化水平相比还有很大差距。本文在分析教育考试信息化建设存在的问题和不足的基础上,提出了教育考试信息化建设的对策与建议。 相似文献
7.
文章分析了中小企业局域网特点,指出了面临的网络安全隐患,提出了基于MPDRR(安全管理、安全防护、安全检测、安全响应、安全恢复)网络安全模型的提供四层(应用层、系统层、网络层、物理层)网络纵深防御的安全解决方案和网络安全部署方案. 相似文献
8.
9.
化工企业安全教育系统的设计与实现 总被引:1,自引:1,他引:0
化工企业的安全生产是至关重要的,而生产过程中事故的发生往往和人的不安全行为紧密相关,因此对职工的日常安全教育工作格外重要。基于对化工企业日常安全教育工作的考察,研究了化工企业安全培训工作中的信息化方法,并设计开发了石化企业安全教育系统,提供面向职工的安全信息培训、考核、管理方法,结合多媒体、虚拟现实等技术提高了教育的真实感和参与度。该系统基于B/S模式开发,使用.net框架和各种Web技术完成了3层架构的可扩展系统,并利用JavaScript脚本实现了网页内的虚拟现实场景交互试题。目前该系统已在某化工企业成功运行,其使用已成为部门绩效考核的一部分。 相似文献
10.
魏维坤 《数字社区&智能家居》2009,(18)
利用计算机建立试题库,进行无纸化考试,是实现考试规范化、科学化的重要举措。但在考试系统的实际运行中却出现了许多问题,阻碍了它的发展。该论文旨在分析研究现存问题的基础上,从系统本身以及考试过程中来建立其安全防范策略。 相似文献
11.
从身份认证管理、角色授权、视图管理、功能模块设置等方面,阐述了有关防范教务系统数据库的安全措施,以保证教学管理数据的正确存储、检索和运行。 相似文献
12.
高职院校校园网的安全策略探析 总被引:1,自引:0,他引:1
谭琼玲 《网络安全技术与应用》2010,(4):35-36,55
校园网的安全隐患有非授权访问、信息泄露或丢失、破坏数据完整性、拒绝服务攻击、抵赖、计算机病毒、蠕虫、木马等的破坏,可以通过运用防火墙、入侵检测系统、安装补工程序和防病毒技术、数据备份与恢复技术、信息加密策略、建立身份认证系统等技术来保证网络的安全。 相似文献
13.
《Information Security Journal: A Global Perspective》2013,22(1-2):46-54
ABSTRACTThe paper presents a generalized method for improving security of information systems based on protection of the systems from reconnaissance by adversaries. Attacks carried out by exploiting almost all vulnerabilities require particular information about the architecture and operating algorithms of an information system. Obstructions to obtain that information also complicates carrying out attacks. Reconnaissance-protection methods can be utilized for establishing such systems (continuous change of attack surface). Practical implementation of the techniques demonstrated their high efficiency in reducing the risk of information resources to be cracked or compromised. 相似文献
14.
现有绝大多数风险评估模型均是基于静态模型指导下的统计学方法,并未考虑到网络空间要素间的动态作用,已知的风险评估工具也不支持在风险分析和评估过程中考虑安全措施的延迟问题。针对上述问题,分析了安全防护措施延迟的原因,提出了一个考虑了延迟因素的信息安全风险评估动态模型,为基于时滞非线性模型所得的统计数据和定性评估所得的结果创建更为灵活的风险评估工具提供了可能。利用模型对安全措施延迟对信息安全风险的影响进行了仿真研究,结果表明,针对威胁及时采取安全措施能有效地降低信息安全风险。 相似文献
15.
Dimitris Gritzalis 《Computers & Security》1997,16(8):709-719
In this paper, the need for identifying and analyzing the generic security characteristics of a healthcare information system is, first, demonstrated. The analysis of these characteristics is based upon a decision-support roadmap. The results from this profiling work are then analyzed in the light of the fact that more than 1000 accidental deaths happened due to computer system failures. As a result of this analysis, a set of recommendations is drawn up, leading to the development of a baseline security policy for healthcare institutions. Such a policy should be flexible enough to reflect the local needs, expectations and user requirements, as well as strict enough to comply with international recommendations. An example of such a baseline policy is then provided. The policy refers to a given security culture and has been based upon an abstract approach to the security needs of a healthcare institution. 相似文献
16.
Yong Jick Lee Robert J. Kauffman Ryan SougstadAuthor vitae 《Decision Support Systems》2011,51(4):904-920
When a customer interacts with a firm, extensive personal information often is gathered without the individual's knowledge. Significant risks are associated with handling this kind of information. Providing protection may reduce the risk of the loss and misuse of private information, but it imposes some costs on both the firm and its customers. Nevertheless, customer information security breaches still may occur. They have several distinguishing characteristics: (1) typically it is hard to quantify monetary damages related to them; (2) customer information security breaches may be caused by intentional attacks, as well as through unintentional organizational and customer behaviors; and (3) the frequency of such incidents typically is low, although they can be very costly when they occur. As a result, predictive models and explanatory statistical analysis using historical data have not been effective. We present a profit optimization model for customer information security investments. Our approach is based on value-at-risk methods and operational risk modeling from financial economics. The main results of this work are that we: (1) provide guidance on the trade-offs between risk and return in customer information security investments; (2) define the range of efficient investments in technology-supported risk indemnification for sellers; (3) model how to handle government-dictated levels of investment versus self-regulation of investments in technology; and (4) characterize customer information security investment levels when the firm is able to pass some of its costs on to consumers. We illustrate our theoretical findings with empirical data from the Open Security Foundation, as a means of grounding our analysis and offering the reader intuition for the managerial interpretation of our theory and main results. The results show that we can narrow the decision set for solution providers and policy-makers based on the estimable risks and losses associated with customer information security. We also discuss the application of our approach in practice. 相似文献
17.
李俊 《自动化与仪器仪表》2014,(9):3-4
由于当前工业控制系统正面临着严峻的信息安全风险,作为国家经济命脉的重要基础设施,工业控制系统必须要进行系统信息安全防护建设。本文在对工业控制系统信息安全和信息安全风险来源分析的基础上,从管理的角度提出了相关的建议措施。 相似文献
18.
19.