共查询到20条相似文献,搜索用时 0 毫秒
1.
当前越来越多的企业已经把信息安全看做影响业务发展的核心因素之一,信息安全管理已经成为企业管理的重点。本文对当前企业信息安全风险的现状展开了探讨,并就信息安全政策,安全管理手段等方面进行了剖析,为企业做好、做强信息安全管理体系给出了一些通用性的标准,对企业构建信息安全管理体系,消除信息安全隐患,避免信息安全事件造成的损失,确保信息系统安全、稳定运行具有探索意义。 相似文献
2.
Empirical findings from surveys and in-depth interviews with information security managers and users indicate that a digital divide exists between these groups in terms of their views on and experience of information security practices. Information security professionals mainly regard users as an information security threat, whereas users believe themselves that they are an untapped resource for security work. The limited interaction between users and information security managers results in a lack of understanding for the other's point of view. These divergent views on and interpretations of information security mean that managers tend to base their practical method on unrealistic assumptions, resulting in management approaches that are poorly aligned with the dynamics of the users' working day. 相似文献
3.
张红 《网络安全技术与应用》2013,(8):141-142
随着信息化建设的飞速发展,网络应用所涉及的范围和领域越来越广,网络用户群体越来越大,信息安全也受到前所未有的威胁.构建完整规范的安全管理防护体系,确保网络安全可靠运行,已经成为网络安全管理工作的重中之重. 相似文献
4.
Yong Jick Lee Robert J. Kauffman Ryan SougstadAuthor vitae 《Decision Support Systems》2011,51(4):904-920
When a customer interacts with a firm, extensive personal information often is gathered without the individual's knowledge. Significant risks are associated with handling this kind of information. Providing protection may reduce the risk of the loss and misuse of private information, but it imposes some costs on both the firm and its customers. Nevertheless, customer information security breaches still may occur. They have several distinguishing characteristics: (1) typically it is hard to quantify monetary damages related to them; (2) customer information security breaches may be caused by intentional attacks, as well as through unintentional organizational and customer behaviors; and (3) the frequency of such incidents typically is low, although they can be very costly when they occur. As a result, predictive models and explanatory statistical analysis using historical data have not been effective. We present a profit optimization model for customer information security investments. Our approach is based on value-at-risk methods and operational risk modeling from financial economics. The main results of this work are that we: (1) provide guidance on the trade-offs between risk and return in customer information security investments; (2) define the range of efficient investments in technology-supported risk indemnification for sellers; (3) model how to handle government-dictated levels of investment versus self-regulation of investments in technology; and (4) characterize customer information security investment levels when the firm is able to pass some of its costs on to consumers. We illustrate our theoretical findings with empirical data from the Open Security Foundation, as a means of grounding our analysis and offering the reader intuition for the managerial interpretation of our theory and main results. The results show that we can narrow the decision set for solution providers and policy-makers based on the estimable risks and losses associated with customer information security. We also discuss the application of our approach in practice. 相似文献
5.
该文总结了目前我国电力企业信息化的优势特征,列举了电力企业网络信息管理存在的主要问题,对问题的成因进行深入分析,并提出了一系列可行性较强的加强电力企业网络信息安全的建议和方法,对建立长效机制,使电力企业网络信息安全管理成为企业安全文化的重要组成部分,提出了比较切实有效的思路。 相似文献
6.
Security decisions are made at every level of an organization and from diverse perspectives. At the tactical and operational levels of an organization, decision making focuses on the optimization of security resources, that is, an integrated combination of plans, personnel, procedures, guidelines and technology that minimize damages and losses. While these actions and tactics reduce the frequency and/or consequences of security breaches, they are bounded by the organization's global security budget. At the strategic, enterprise level management must answer the question, “What is the security budget (cost expenditures), where each dollar spent on security must be weighed against alternative non-security expenditures, that is justified by the foregone (prevented) losses and damages?” The answer to that question depends on the tolerances of decision makers for risk and the information employed to reach it. 相似文献
7.
International information security management guidelines play a key role in managing and certifying organizational IS. We analyzed BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP, and the SSE-CMM to determine and compare how these guidelines are validated, and how widely they can be applied. First, we found that BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP and the SSE-CMM were generic or universal in scope; consequently they do not pay enough attention to the differences between organizations and the fact that their security requirements are different. Second, we noted that these guidelines were validated by appeal to common practice and authority and that this was not a sound basis for important international information security guidelines. To address these shortcomings, we believe that information security management guidelines should be seen as a library of material on information security management for practitioners. 相似文献
8.
9.
《Ergonomics》2012,55(5):711-719
Despite significant efforts devoted to the development of computer-based system aids, hurnans are still centrally involved in the decision-making associated with large-scale systems. While ergonomists have contributed significantly to the design of information displays and human-computer interactions, emphasis now needs to be placed on techniques for assisting the higher-level cognitive processes associated with decision making. Two topics relating to this area will be considered. Experimental data will be reported showing how sensitive aspects of decisionmaking can be to the exact form of information presentation. Expert systems depend critically on the process of acquiring knowledge from the expert. One candidate technique for assisting this process will be discussed which involves a performance-based assessment of how experts weight and integrate information. Some experimental data collected using this procedure will be related to the issue of what constitutes expertise. 相似文献
10.
Karin Hedström Ella Kolkowska Fredrik Karlsson J.P. Allen 《The Journal of Strategic Information Systems》2011,20(4):373-384
A business’s information is one of its most important assets, making the protection of information a strategic issue. In this paper, we investigate the tension between information security policies and information security practice through longitudinal case studies at two health care facilities. The management of information security is traditionally informed by a control-based compliance model, which assumes that human behavior needs to be controlled and regulated. We propose a different theoretical model: the value-based compliance model, assuming that multiple forms of rationality are employed in organizational actions at one time, causing potential value conflicts. This has strong strategic implications for the management of information security. We believe health care situations can be better managed using the assumptions of a value-based compliance model. 相似文献
11.
12.
孟学奇 《网络安全技术与应用》2014,(8):86-87
网络发展早期,设计协议时对安全问题不够重视,发展后期,对网络安全的安全管理力度不足,所以导致当前信息安全体系的问题频发。本文从计算机网络存在的安全漏洞入手,分析了各种威胁计算机网络信息安全系统的因素,并对构建信息安全系统的关键技术进行了介绍,期许为构建起安全、可靠的网络信息安全体系带来一些借鉴意义。 相似文献
13.
陶亮 《网络安全技术与应用》2014,(8):75-76
主要探讨计算机网络信息安全技术,对网络信息安全目标进行了阐述,分析总结了影响计算机网络信息安全的不良因素,重点讨论了信息加密技术和防火墙技术。 相似文献
14.
晏国勋 《网络安全技术与应用》2013,(8):100-104
计算机和通信网络的广泛应用,一方面为人们的生活和工作带来了极大的方便,另一方面也带来了许多亟待解决的问题,以“棱镜门”事件为例,信息的安全性就是其中的重中之重.信息安全性主要体现在两个方面:信息的保密性和认证性.保密性的目的是防止对手破译系统中的机密信息.认证的目的主要有两个,一个是验证信息发送者是真的而不是冒充的;另一个是验证信息的完整性,即信息在传输和处理的过程中没有被篡改.加密技术是保证信息安全的关键技术,常用的加密技术有:对称密钥加密、公开密钥加密、哈希函数加密等,其应用有:数字认证及授权,安全协议等.而一系列的加密技术都依赖于密码学技术.本文将主要通过对密码学及各种加密技术的研究与分析,来论述加密技术与信息安全之间的不可分割的关系及应用. 相似文献
15.
Given there is a great deal of uncertainty in the process of information systems security (ISS) risk assessment, the handling of uncertainty is of great significance for the effectiveness of risk assessment. In this paper, we propose an ISS risk assessment model based on the improved evidence theory. Firstly, we establish the ISS index system and quantify index weights, based on which the evidential diagram is constructed. To deal with the uncertain evidence found in the ISS risk assessment, this model provides a new way to define the basic belief assignment in fuzzy measure. Moreover, the model also provides a method of testing the evidential consistency, which can reduce the uncertainty derived from the conflicts of evidence. Finally, the model is further demonstrated and validated via a case study, in which sensitivity analysis is employed to validate the reliability of the proposed model. 相似文献
16.
孙磊 《网络安全技术与应用》2014,(8):145-145
计算机网络信息安全在国民生活中受到越来越多的关注,原因在于:许多重要的信息存储在网络上,一旦这些信息泄露出去将造成无法估量的损失。之所以网络信息会泄露出去,一方面有许多入侵者千方百计想“看”到一些关心的数据或者信息;另一方面网络自身存在安全隐患才使得入侵者得逞。针对这些问题,该文归纳并提出了一些网络信息安全防护的方法和策略。 相似文献
17.
Expected benefits of information security investments 总被引:1,自引:0,他引:1
Ideally, decisions concerning investments of scarce resources in new or additional procedures and technologies that are expected to enhance information security will be informed by quantitative analyses. But security is notoriously hard to quantify, since absence of activity challenges us to establish whether lack of successful attacks is the result of good security or merely due to good luck. However, viewing security as the inverse of risk enables us to use computations of expected loss to develop a quantitative approach to measuring gains in security by measuring decreases in risk. In using such an approach, making decisions concerning investments in information security requires calculation of net benefits expected to result from the investment. Unfortunately, little data are available upon which to base an estimate of the probabilities required for developing the expected losses. This paper develops a mathematical approach to risk management based on Kaplan–Meier and Nelson–Aalen non-parametric estimators of the probability distributions needed for using the resulting quantitative risk management tools. Differences between the integrals of these estimators evaluated for enhanced and control groups of systems in an information infrastructure provide a metric for measuring increased security. When combined with an appropriate value function, the expected losses can be calculated and investments evaluated quantitatively in terms of actual enhancements to security. 相似文献
18.
当前,保证网络信息安全是促进信息管理的前提,在计算机网络信息管理中占有拳足轻重的地位笔者结合自身工作实践,在本文中阐述了网络信息安全管理的概念及分类,分析了当前网络信息的安全问题,并在此基础上,提出了进一步加强信息管理的对策措施,以期对业内同行有所参考借鉴。 相似文献
19.
A majority of companies today are totally dependent on their information assets, in most cases stored, processed and communicated within information systems in digital format. These information systems are enabled by modern information and communication technologies. These technologies are exposed to a continuously increasing set of risks. Yet, management and stakeholders continuously make important business decisions on information produced in real-time from these information systems. This information is unaccompanied by objective assurances as the current auditing procedures provide assurances months later. Therefore, risk management, including a system of internal controls, has become paramount to ensure the information's integrity. A system of internal controls, including IT controls at its core, help limit uncertainty and mitigate the risks to an acceptable level. Auditors play an increasingly important role in providing independent assurances that the information system's infrastructure and data maintain their integrities. These assurances include proposed new methods such as continuous auditing for assurance on demand. 相似文献
20.
程雪 《网络安全技术与应用》2014,(12):46-46
随着网络通信技术的不断发展进步以及在电力行业中的推广应用,自动化通信技术的安全应用成为电力行业研究与关注的一个重要内容。本文将结合电力自动化通信技术推广应用的实际情况,在对于电力通信防护体系进行分析概述的基础上,对其在实际应用中常见的安全问题与解决措施进行总结分析,以促进在电力系统中的进一步推广和应用,推动电力建设与发展。 相似文献