共查询到20条相似文献,搜索用时 140 毫秒
1.
朱展枢 《电子制作.电脑维护与应用》2021,(4):92-93,84
经济社会的高速发展,信息已经成为了重要的社会资源并且不断创造着财富,因此,信息交流和信息共享也成为了人们十分关注的问题.要提升电子信息系统的运行效率,必须重视信息传输的安全性,加强对信息传输控制技术的研究.本文主要就电子信息系统中信息传输控制技术进行了分析. 相似文献
2.
随着网络化的不断扩大,信息系统安全问题已成为国际、国家、社会、企业各领域关注的问题。信息系统安全问题在很大程度上由于风险的存在,因此,风险管理是确保信息系统安全的最重要因素。本文主要对信息系统动态风险管理模型、信息系统人为因素导致的风险的管理和基于风险评估和等级保护的信息安全管理体系建设进行分析。信息系统风险管理必须根据实际情况来进行风险评估和风险防止,从而确保信息系统的安全性,进而为企业安全运行提供了基础保障。 相似文献
3.
4.
政务、国防、电力、海关以及银行等关系国计民生、社会稳定的重要领域的信息和信息系统在国民经济和社会发展中的支撑性、基础性的地位与日俱增。这些信息系统一旦出现问题,影响面会很大,甚至给国家和社会带来灾难性的后果.信息安全问题已经成为事关经济发展、公众利益、社会稳定、国家安全的全局性问题,信息安全保障工作亟待加强。 相似文献
5.
6.
随着全球经济和信息化的发展,信息技术和信息产业正在成为国家经济增长的主要推动力.21世纪将进入信息经济时代,加快推进信息化已经成为新世纪的战略任务.信息已成为重要的战略资源,信息网络成为国家重要的战略基础设施,信息安全成为信息社会、信息化国家最重要的安全要素之一.如何保障计算机信息系统和信息网络的安全,维护社会稳定、国家主权和国家安全,是信息化建设必须解决的重大问题."信息网络安全"月刊正是为适应时代的要求诞生了. 相似文献
7.
现今的社会是一个信息技术十分发达的社会,人类的生活与信息技术的联系越来越紧密。其中有一个比较重要的组成部分——公共网络信息系统。大到国家大事、社会发展,小到人类的日常生活,都离不开公共网络信息系统。因此,公共网络安全对人们的生产生活有着举足轻重的意义,但是,公共网络信息系统的脆弱属性使得信息系统的安全问题无时无刻不伴随人们左右,从而影响到人们的生产生活秩序,信息系统安全问题也就成为信息社会所面临的重要威胁。本文对公共网络信息系统安全的管理进行了深入的研究分析。 相似文献
8.
随着中国城市化和城市的信息化不断深入人们在社会生活的各个方面对城市信息系统的依赖性越来越强。城市信息系统的安全管理,正在成为对现代城市的正常运转具有重大影响的关键一环,其主要原因是城市信息资源共享而带来的安全问题。 相似文献
9.
随着科学技术的不断进步,信息化管理被广泛应用于人们的日常生活和工作中,信息资源的发展,已经成为社会经济进步和社会发展的重要因素.在社会生产发展中,信息管理与信息系统的建设非常重要.随着时代的进步,信息管理与信息系统的创新也非常必要.要根据实际情况,培养信息管理与信息系统的高素质人才,促进信息管理与信息系统的创新发展.本文主要对信息管理与信息系统的创新建设进行分析. 相似文献
10.
程瑞杰 《计算机光盘软件与应用》2013,(1):82-83
随着经济与科技的快速发展,现阶段我国的信息系统也以极快的速度在向前发展,信息系统对社会的发展、国家的发展有着越来越重要的作用,企业、集团、公司的发展更是离不开信息系统。但是,目前信息系统领域的相关技术、管理和应用等问题层出不穷,这些问题不断的阻碍着信息系统的发展,因此,也阻碍着企业、社会甚至是国家的发展。于是人们不得不对这些问题加以重视。首先我们要了解的是,数据库实际上是信息、数据资源的存取与管理人,它对信息、数据资源的开发本质上是对以数据库为最基础的管理信息系统的开发与应用,因而,数据库现如今已成为公司、企业、集团日常工作管理中所必不可少的。本文先是介绍计算机的串口所依据的理论基础,其次依据计算机串口的理论基础,研究分析的信息系统的关键技术和实现方法。 相似文献
11.
12.
System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber–physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions. 相似文献
13.
14.
为了减少产品费用和提高生产效率,更多的专用网络被连入IT网络,或更多的IT技术被应用到工业控制网络系统中,网络安全成为一个重要的问题。工业控制网络系统作为国家基础设施的重要组成,一旦受到攻击和破坏,其影响将是灾难性的。因此,保护工业控制网络系统的安全、防御各种攻击和破坏是关系到国家安全的重要内容。本论文结合中国第一个工业以太网标准《用于测量与控制系统的EPA通信标准》,建立了一般的工业控制网络体系结构,研究分析了它的安全威胁,提出工业控制网络的安全要求,构建了基于区域安全的DMZ模型,最后用UML描述了该模型。 相似文献
15.
Darrell Raymond 《Requirements Engineering》2002,7(4):179-191
Engineering information system deployment is squeezed by a shrinking commitment to requirements definition and an expanding
need to determine the security requirements of such systems. This paper examines the causes and effects of this squeeze. Commitment
is shrinking because of past requirements experiences, misunderstood trends in system development and requirements fatigue,
while needs are expanding because of recent emphasis on Internet access to data, online transactions and workflow, which greatly
increase the severity of the authorisation problem. Some approaches to quantifying and addressing this problem are introduced.
Correspondence and offprint requests to: D. Raymond, 305 Bushview Crescent, Waterloo, Ontario, Canada N2V 2A6. Email: darrell.raymond@sympatico.ca 相似文献
16.
Ambrosio Toval Joaquín Nicolás Begoña Moros Fernando García 《Requirements Engineering》2002,6(4):205-219
Information systems security issues have usually been considered only after the system has been developed completely, and
rarely during its design, coding, testing or deployment. However, the advisability of considering security from the very beginning
of the system development has recently begun to be appreciated, and in particular in the system requirements specification
phase. We present a practical method to elicit and specify the system and software requirements, including a repository containing
reusable requirements, a spiral process model, and a set of requirements documents templates. In this paper, this method is
focused on the security of information systems and, thus, the reusable requirements repository contains all the requirements
taken from MAGERIT, the Spanish public administration risk analysis and management method, which conforms to ISO 15408, Common
Criteria Framework. Any information system including these security requirements must therefore pass a risk analysis and management
study performed with MAGERIT. The requirements specification templates are hierarchically structured and are based on IEEE
standards. Finally, we show a case study in a system of our regional administration aimed at managing state subsidies. 相似文献
17.
信息安全专业人才需求分析与高职培养定位 总被引:1,自引:0,他引:1
本文根据信息安全技术发展的方向和市场需求,调查分析并提出我国信息安全专业人才需求类型,提出了高职院校对信息安全专业的培养定位和所对应的岗位技能,以期对信息安全专业的建设与发展具有一定的指导作用。 相似文献
18.
网格计算中的安全问题是一个核心问题,也是目前研究的中心问题,本文从网格计算的概念与体系结构入手对网格安全进行全面分析;阐述了网格计算的安全需求问题,对网格计算存在的安全性问题进行详细的分析,提出了网格计算的安全策略。 相似文献
19.
基于网格计算的安全性问题与策略研究 总被引:1,自引:0,他引:1
网格计算中的安全问题是一个核心问题,也是目前研究的中心问题,本文从网格计算的概念与体系结构入手对网格安全进行全面分析:阐述了网格计算的安全需求问题,对网格计算存在的安全性问题进行详细的分析,提出了网格计算的安全策略。 相似文献
20.
Engineering secure software systems requires a thorough understanding of the social setting within which the system-to-be will eventually operate. To obtain such an understanding, one needs to identify the players involved in the system's operation, and to recognize their personal preferences, agendas and powers in relation to other players. The analysis also needs to identify assets that need to be protected, as well as vulnerabilities leads to system failures when attacked. Equally important, the analyst needs to take rational steps to predict most likely attackers, knowing their possible motivations, and capabilities enabled by latest technologies and available resources. Only an integrated social analysis of both sides (attackers/protectors) can reveal the full space of tradeoffs among which the analyst must choose. Unfortunately, current system development practices treat design decisions on security in an ad-hoc way, often as an afterthought.
This paper introduces a methodological framework based on i*, for dealing with security and privacy requirements, namely, Secure-i*. The framework supports a set of analysis techniques. In particular, attacker analysis helps identify potential system abusers and their malicious intents. Dependency vulnerability analysis helps detect vulnerabilities in terms of organizational relationships among stakeholders. Countermeasure analysis supports the dynamic decision-making process of defensive system players in addressing vulnerabilities and threats. Finally, access control analysis bridges the gap between security requirement models and security implementation models. The framework is illustrated with an example involving security and privacy concerns in the design of electronic health information systems.In addition, we discuss model evaluation techniques, including qualitative goal model analysis and property verification techniques based on model checking. 相似文献