计算机网络在电子商务中的安全应用

随着计算机网络技术普及,电子商务应用范围不断增加。本文从电子商务系统对计算机网络安全性,商务交易安全性的要求出发,研究电子商务网络系统中存在一些潜在威胁,阐述利用网络安全技术解决安全问题的措施和方法。     

电子商务安全技术分析与研究

电子商务的实施,其关键是要保证整个商务过程中系统的安全性。针对这个问题,主要从安全要素、安全技术、安全电子交易等几个方面全面阐述电子商务的安全问题,其中重点分析了安全电子交易规范SET,并对电子商务安全的未来进行了分析。     

解析网购安全防范及解决方案

上购物以其方便、快捷的特点越来越被大众所接受。但是人们在享受网购方便、快捷的同时,安全问题也始终威胁着整个网络交易的过程。计算机网络安全与商务交易安全实际上是密不可分的,两者相辅相成,缺一不可。     

互联网环境中电子商务的交易安全

电子商务安全从整体上可分为计算机信息系统安全和商务交易安全两大类。本文从互联网环境中电子商务安全面临的威胁,目前主要采用的安全技术及存在的问题等方面论述了电子商务交易安全存在的问题,强调应从人-法律-网络技术等方面进行综合安全管理。     

电子商务中的安全技术

网络的开放性环境必然给电子商务带来各种安全风险。本文从电子商务系统对计算机网络安全、商务交易安全性出发,分析了各安全技术之间的层次关系,探讨了几种主要的电子商务安全技术。     

电子商务的安全问题

随着网络技术的迅猛发展,电子商务日益成为一个全新的交易模式。在其改变人们商务模式的同时,安全问题也成为人们日益关注的重点。从各种方面探讨了电子商务的安全问题。     

首都在线票务系统“闪亮登场”

随着网上业务和技术的发展,Internet商务已成为一个含义广泛的概念,几乎包括了网上在线交易和非在线交易的所有业务。从实现技术方面来讲,在线商务最关键的问题是如何完全地实现在线支付功能,并保证交易各方的安全保密。初期的电子商务不包括在线支付功能,在线商务只负责浏览和下单。付款则通过其他途径解决,如:电话、传真、传统支付     

电子商务网站的安全现状分析

随着Internet的飞速发展,电子商务——这种新的社会组织形式越来越显著地影响着这个社会。电子商务已经成了各种企业的主要营销手段,它的发展前景十分广阔。在电子商务交易中,安全性是一个至关重要的核心问题。商务交易的特殊性要求网络能提供一种端至端的安全方案。     

CA法律规范透析

单从商务应用的角度看(认证行为还可能涉及国家安全、政治权利等),认证工作的目的是为了通过保障交易安全,进而促进电子商务的正常发展。 为了讨论方便,这里先将电子商务的核心内容——交易的有关过程等进行一个简单的介绍。一般认为,一个比较典型的交易行为应该包括信息搜集——要约——承诺——成立与生效——执行与交割等几个步骤,或分为交易前——交易——交易后等几部分。一     

电子商务交易安全技术

当今社会,消费领域正在发生着巨大地变化,消费者选择电子商务进行消费已是较为普遍的现象,甚至这种消费方式已经成为年轻一代的主要消费途径。网络技术的发展以及人们消费观念的变化,也在不断的推进这种交易行为的普及。与此同时,各种安全问题也相应的产生。网络自身的信息安全问题越来越受到全社会的关注,对消费者的消费信息作出相应的保密措施,保障网络交易的安全性,是当代电子商务领域应该重点关注的问题。而互联网的发展增加应用自由度的同时,对安全提出了更高的要求。如何能够在开放的互联网中相对安全的进行商务交易,已成为电子商务面临的重要挑战。     

警务综合信息系统数据仓库的建设与实践

在公安行业,随着信息化工作的逐步推进,仅仅使用业务数据库已经不能满足需求,数据仓库的建立已经迫在眉睫。根据公安行业的特点,详细描述了一个适合公安行业数据仓库系统的解决方案。重点阐述了数据仓库系统体系结构的设计,数据的抽取、转换和加载,多维模型的建立和数据仓库前端应用的展现。     

Maximizing business information security's educational value

A business information security course's goals and objectives are quite different from most traditional security courses, which focus on designing and developing new security technologies. Business information security primarily concerns the strategic, tactical, and operational management issues surrounding the planning, analysis, design, implementation, and maintenance of an organization's information security program. Core issues include asset valuation, auditing, business continuity planning, disaster recovery planning, ethics, organizational communication, policy development, project planning, risk management, security awareness education and training, and various legal issues such as liability and regulatory compliance. Because businesses can't afford to mitigate all security risks, students must learn methods to identify and justify the optimal amount of expenditures to ensure that their information assets are sufficiently protected. Students should also understand the technical components of security so they can appreciate the problems experienced by the people they manage. This paper describes my experiences in developing a business information security course that provides students the knowledge arid experience to succeed in today's competitive information-intensive corporate environment.     

通过PPTP构建安全的企业私有网络

采用ＰＰＴＰ方案成功地解决了构建安全的企业私有网的问题,并在上海复旦高科技集团网络建设与商务系统开发过程中得到很好的验证。     

Towards Systematic Achievement of Compliance in Service-Oriented Architectures: The MASTER Approach

Service-oriented architectures (SOA) have been successfully adapted by agile businesses to support dynamic outsourcing of business processes and the maintenance of business ecosystems. Still, businesses need to comply with applicable laws and regulations. Abstract service interfaces, distributed ownership and cross-domain operations introduce new challenges for the implementation of compliance controls and the assessment of their effectiveness. In this paper, we analyze the challenges for automated support of the enforcement and evaluation of IT security controls in a SOA. We introduce these challenges by means of an example control, and outline a methodology and a high-level architecture that supports the phases of the control lifecycle through dedicated components for observation, evaluation, decision support and reaction. The approach is model-based and features policy-driven controls. A monitoring infrastructure assesses observations in terms of key indicators and interprets them in business terms. Reaction is supported through components that implement both automated enforcement and the provision of feedback by a human user. The resulting architecture essentially is a decoupled security architecture for SOA with enhanced analysis capabilities and will be detailed and implemented in the MASTER project.     

Web services technology in support of business transactions

Advanced business applications typically involve well-defined business functions such as payment processing, shipping and tracking, determining new product offerings, granting/extending credit, managing market risk and so on. These reflect commonly standard business functions that apply to a variety of application scenarios. Although such business functions drive transactional applications between trading partners they are completely external to current Web services transaction mechanisms and are only expressed as part of application logic. To remedy this situation, this paper proposes a business-aware Web services transaction model and support mechanisms, which is driven by common business functions. The model allows expressing business functions such as payment and credit conditions, delivery conditions, business agreements stipulated in SLAs, liabilities and dispute resolution policies. It allows blending these business functions with QoS criteria such as security support to guarantee integrity of information, confidentiality, and non-repudiation. Part of this research reported is funded by the Dutch Organization for Scientific Research (NWO) under the project eXecution of Transactional Contracted Electronic Services (XTC), project No. 612.063.305.     

The ebridge project

In many organizations and government administrations, electronic documents are opening the way to faster and more efficient ways of doing business. In fact, electronic information exchange, far from being considered a luxury, is increasingly seen as a staple requirement for survival in today's competitive environment. The increasing use of EDI is a good example of this reality. Another is the development over the past few years of an increasing variety of pan-European information services. The growth in these services is being driven in part by the increasing globalization of trade and by the needs of the Single Market within the European Union. However, the provision of information services on a pan-European basis raises many issues from a security perspective. This article provides an overview of one of these pan-European information services and the steps that have been taken to improve its operational security within the context of the EC-sponsored ebridge project.     

EFSOC: A Layered Framework for Developing Secure Interactions between Web-Services

Enterprises are rapidly extending their relatively stable and internally-oriented business processes and applications with loosely-coupled enterprise software services in order to support highly dynamic, cross-organizational business processes. These services are no longer solely based on internal enterprise systems, but often implemented, deployed and executed by diverse, external service providers. The ability to dynamically configure cross-organizational business processes with a mixture of internal and external services imposes new security requirements on existing security models. In this paper, we address the problem of defining and enforcing access control rules for securing service invocations in the context of a business process. For this purpose, we amortize existing role-based access control models that allow for dynamic delegation and retraction of authorizations. Authorizations are assigned on an event-driven basis, implementing a push-based interaction protocol between services. This novel security model is entitled the Event-driven Framework for Service Oriented Computing (EFSOC). In addition, this article presents an experimental prototype that is explored using a realistic case study. This work has been partially funded by the Netherlands Organization for Scientific Research (NWO) as part of the PRONIR project. Recommended by: Asuman Dogac     

针对南方某电网主机系统安全审计的研究

随着南方某电网公司信息化建设的快速发展,以及在实际网络环境下业务主机安全审计和实现的不足,巫需提出一套成熟的主机安全审计方案,有效监控主机安全事件,加强信息安全管理和风险控制,从而满足政策合规的要求。针对该电网公司主要业务系统的体系结构、业务特点和功能模块进行分析,并结合实际的主机安全审计需求,提出切实可行的主机保护策略和实施建议。     

全国国际商务英语考务管理系统的设计与实现

根据全国国际商务英语考务管理的实际需要,采用ASP.NET技术开发一套基于B/S模式的考务管理系统。采用三层模式开发,在业务逻辑层中增加API项目,提高代码的重复利用率;采用多种安全措施保证系统的安全;在考务管理方面,设计随机编排算法,达到预期的效果而且效率高。     

安全网闸在公安信息化工作中的应用探讨

随着信息技术的不断发展,犯罪手段的逐步多样化,当前社会对新时期的公安工作也提出了新的要求。金盾工程作为公安信息化工作的重点工程,对公安建设提出了很多安全性的要求。本文从技术路线的角度探讨了安全隔离网闸技术(GAP)在金盾工程实施中对于提高整个公安网安全保障体系的可靠性所能起到的重要作用,并从宏观、微观两方面阐述了部署安全网闸的基本实现流程。