共查询到20条相似文献,搜索用时 512 毫秒
1.
ISO/IEC 17799在校园网信息安全管理中的应用 总被引:1,自引:0,他引:1
本文从校园网信息安全管理现状出发,明确指出了目前校园网所面临的各种安全威胁,并在深入分析了校园网安全需求的基础上,进一步探讨了国际标准ISO/IEC17799的在校园网信息安全管理中的应用,从人员、物理与环境、访问控制以及政策与规章制度四个方面给出了解决校园网安全问题的对策。 相似文献
2.
《International Journal of Information Management》2016,36(2):215-225
Information technology has dramatically increased online business opportunities; however these opportunities have also created serious risks in relation to information security. Previously, information security issues were studied in a technological context, but growing security needs have extended researchers' attention to explore the management role in information security management. Various studies have explored different management roles and activities, but none has given a comprehensive picture of these roles and activities to manage information security effectively. So it is necessary to accumulate knowledge about various managerial roles and activities from literature to enable managers to adopt these for a more holistic approach to information security management. In this paper, using a systematic literature review approach, we synthesised literature related to management's roles in information security to explore specific managerial activities to enhance information security management. We found that numerous activities of management, particularly development and execution of information security policy, awareness, compliance training, development of effective enterprise information architecture, IT infrastructure management, business and IT alignment and human resources management, had a significant impact on the quality of management of information security. Thus, this research makes a novel contribution by arguing that a more holistic approach to information security is needed and we suggest the ways in which managers can play an effective role in information security. This research also opens up many new avenues for further research in this area. 相似文献
3.
Blockchain has been praised for providing the technical infrastructure that enables a group of self-interested entities to share data without relying on intermediaries. Technically, blockchain is a distributed and decentralized append-only database. This latter aspect leads to an important, yet overlooked governance issue, namely what should the network members do when erroneous or malicious data are added to the blockchain ledger? We start by describing three public cases when the above happened. For each case, we elaborate on the adopted solution, which we refer to as the “rollback,” the “do nothing,” and the “overturn” solution. Drawing from these previous cases, discussions with experts, and from our own experience with blockchain research and development, we provide suggestions concerning managerial, technical, and information security policies and practices organizations should follow when contemplating enterprise-level applications of the blockchain technology. 相似文献
4.
《International Journal of Information Management》2014,34(6):733-740
Because of the evolution and widespread use of the Internet, organisations are becoming more susceptible to attacks on Information Technology Systems. These attacks result in data losses and alterations, and impact services and business operations. Therefore, to minimise these potential failures, this paper presents an approach to information security risk management, encompassing Failure Mode and Effects Analysis (FMEA) and fuzzy theory. This approach analyses five dimensions of information security: access to information and systems, communication security, infrastructure, security management and secure information systems development. To illustrate the proposed model, it was applied to a University Research Group project. The results show that the most important aspects of information security risk are communication security, followed by infrastructure. 相似文献
5.
一个新的信息安全管理模型 总被引:3,自引:0,他引:3
在分析现有信息安全管理模型的基础上 ,根据组织机构的信息安全要求提出一个新的信息安全管理模型。与现有的信息安全管理模型相比该模型有下述优点 :通过把风险分析与评估结果映射成安全需求流 ,能更加合理地选择安全保护措施 ;通过模型中各个模块之间的信息交互 ,可把不同层次的管理部门有机地结合起来 ;通过建立基于Agent的入侵检测系统 ,可及时发现信息系统的薄弱环节和安全漏洞。 相似文献
6.
This paper presents an approach enabling economic modelling of information security risk management in contemporaneous businesses and other organizations. In the world of permanent cyber attacks to ICT systems, risk management is becoming a crucial task for minimization of the potential risks that can endeavor their operation. The prevention of the heavy losses that may happen due to cyber attacks and other information system failures in an organization is usually associated with continuous investment in different security measures and purchase of data protection systems. With the rise of the potential risks the investment in security services and data protection is growing and is becoming a serious economic issue to many organizations and enterprises. This paper analyzes several approaches enabling assessment of the necessary investment in security technology from the economic point of view. The paper introduces methods for identification of the assets, the threats, the vulnerabilities of the ICT systems and proposes a procedure that enables selection of the optimal investment of the necessary security technology based on the quantification of the values of the protected systems. The possibility of using the approach for an external insurance based on the quantified risk analyses is also provided. 相似文献
7.
Information resources are becoming increasingly important to individuals and organizations, and ensuring their security is a major concern. While research in information security has adopted primarily a quantitative method to determine how and how much to invest in security, most decision makers rely on non-quantitative methods for this purpose, thereby introducing a considerable amount of as yet unexplained subjective judgment to the problem. We use a behavioral decision making approach to investigate factors causing possible inefficiencies of security spending decisions. Decision makers in our experiment performed a series of economic games featuring the key characteristics of a typical security problem. We found several biases in investment decisions. For budgeting their investment between major classes of security measures, decision makers demonstrated a strong bias toward investing in preventive measures rather than in detection and response measures, even though the task was designed to yield the same return on investment for both classes of measures. We term this phenomenon the “Prevention Bias.” Decision makers also reacted to security threats when the risk was so small that no investment was economically justified. For higher levels of risk that warranted some security investment, decision makers showed a strong tendency to overinvest. Theoretical and practical implications of the findings are discussed. 相似文献
8.
[研究目的]信息安全标准作为信息安全保障的指导性技术文件在保障我国信息安全方面起到至关重要的作用。有必要对比我国和ISO信息安全标准的差别,以查找问题。[研究方法]该研究通过文献计量和知识图谱相结合的方法对402项我国信息安全标准和378项ISO信息安全标准,以及71项我国在研标准计划和82项ISO在研标准计划进行对比分析。[研究结论]研究发现,我国信息安全标准从体量和更新速度上略胜ISO。从主题上来看,我国标准着重于技术类和应用类标准的发展,并已超越ISO。但在信息安全管理体系和隐私保护方面,我国相对落后。此外,我国标准化工作效率和完成度仍有提升空间。 相似文献
9.
10.
近年来,我国公共安全事件频发,给社会带来严重的经济损失和人员伤亡,如何有效治理公共安全是社会和政府共同关注的课题,学界对此也展开大量研究。对已有文献进行系统梳理,有助于把握我国公共安全研究的现状,总结经验和教训,助推公共安全理论研究和实践进步。目前已有部分定性研究综述,但缺乏对国内已有研究的量化和可视化分析。本文以CSSCI数据库中关于公共安全研究的文献作为研究对象,运用Citespace4.0软件绘制国内公共安全研究的知识图谱,并围绕研究现状、研究热点和演化趋势3个方面展开详细研究。梳理发现,国内公共安全研究大致可以分为3个阶段,主要围绕基本理论、管理体系、风险评估及治理、突发公共安全事件应对、信息发布与舆情引导5个方面展开研究,并指出未来研究趋势。 相似文献
11.
12.
21世纪,云计算作为一种以数据为中心的新型网络计算方式,已经深刻地影响到了互联网的运作和服务模式。做为公安高校专业性较强的图书馆,面对这种IT新技术带来的强烈冲击,必将受到更为严峻的挑战和考验。如今,云计算已经使图书馆的文献信息服务工作进入了一个崭新的发展阶段;应用云计算的模式,将从根本上改变公安高校图书馆传统文献信息的服务理念。所以,公安高校图书馆应该尽快适应云环境,抓住机遇,全力应对云计算泛知识环境带来的挑战;加快开发具有公安警察文化特色的专业数据库步伐,并对如何开发高质量的公安警察类特色数字资源进行了阐述。 相似文献
13.
Cloud computing is a popular outsourcing solution for organizations to support the information management during the life cycle of digital information goods. However, outsourcing management with a public provider results in a lack of control over digital products, which could produce incidents such as data unavailability during service outages, violations of confidentiality and/or legal issues. This paper presents a novel distribution model of digital products inspired by lean supply chain principles called CloudChain, which has been designed to support the information management during digital product lifecycle. This model enables connected networks of customers, partners and organizations to conduct the stages of digital product lifecycle as value chains. Virtual distribution channels are created over cloud resources for applications of organizations to deliver digital products to applications of partners through a seamless information flow. A configurable packing and logistic service was developed to ensure confidentiality and privacy in the product delivery by using encrypted packs. A chain management architecture enables organizations to keep tighter control over their value chains, distribution channels and digital products. CloudChain software instances were integrated to an information management system of a space agency. In an experimental evaluation CloudChain prototype was evaluated in a private cloud where the feasibility of applying supply chain principles to the delivery of digital products in terms of efficiency, flexibility and security was revealed. 相似文献
14.
《International Journal of Information Management》2016,36(1):25-34
This paper proposes a risk analysis model for information security assessment, which identifies and evaluates the sequence of events – referred to as alternatives – in a potential accident scenario following the occurrence of an initiating event corresponding to abuses of Information Technology systems. In order to perform this evaluation, this work suggests the use of Event Tree Analysis combined with fuzzy decision theory. The contributions of the present proposal are: the development of a taxonomy of events and scenarios, the ranking of alternatives based on the criticality of the risk, considering financial losses, and finally, the provision of information regarding the causes of information system attacks of highest managerial relevance for organizations. We included an illustrative example regarding a data center aiming to illustrate the applicability of the proposed model. To assess its robustness, we analyzed twelve alternatives considering two different methods of setting probabilities of the occurrence of events. Results showed that deliberate external database services attack represent the most risky alternative. 相似文献
15.
图书馆网络化管理信息系统安全性问题研究 总被引:4,自引:0,他引:4
图书馆网络化管理信息系统安全性问题是摆在图书馆管理者面前的重要问题。本文通过对系统常见的以及潜在的安全性问题进行全面的分析研究,提出解决安全性问题的有效手段,以便系统在图书馆信息管理与服务过程中的高效运用。 相似文献
16.
17.
18.
以IDSs和人工调查技术组合为例,通过构建博弈模型,分析了风险偏好对信息系统安全技术选择与配置的影响,认为组织风险偏好不仅影响着自身的策略也将影响对方的策略。研究结论显示风险厌恶型组织配置IDS数量并不总是高于风险中立型组织,组织风险偏好对其部署单IDS还是多IDSs甚至无直接影响。同时组织在黑客期望收益很低时对风险厌恶型黑客的人工调查率更高,而在黑客期望收益很高时其对风险中立型黑客的调查率更高。此外,黑客在组织人工调查成本较低时更倾向于入侵风险中立型组织,在人工调查成本很高时更愿意入侵风险厌恶型组织。 相似文献
19.
20.
《International Journal of Information Management》2016,36(1):9-15
Good information and records management is assumed to promote organizational efficiency. Despite established management regimes and available technology, many organizations still consider information and records management challenging. The reason may be cultural factors. This study based on a literature review, aims to explore the academic discourse on information culture and to discuss its relevance for records management. The findings show that the concept information culture is used in various ways: as an explanatory framework; as an analytical and evaluative tool; or as normative standard. The research on information culture addresses several areas: business performance, systems implementation, the manifestation of information culture in different organizations, and a few concerns records management practices. The research settings and the objects of study varied, why general conclusions are difficult to draw, but often a positive correlation between culture and performance is assumed. The focus has been on how information is used, shared and disseminated, while the production and management, that is the vital object of records management, has with few exceptions been neglected. If information culture should fully function as an analytical framework concerning records management, a widened and more inclusive conceptualization is required, which also will enrich information culture as a theoretical concept. 相似文献