Foreword: The birth of a good article requires you to constantly collect data and sort out ideas. This site has collected a wealth of information and security paper topic model articles for you, which are only for reference. Welcome to read and collect.
Part 1: Model Essay on Information and Security
information security : The game between spear and shield
It is reported that in early December 2006, the "Panda Burning Incense" virus and its variants broke out on a large scale on the Internet in China. The virus was spread in many ways, and all infected program files were changed to look like pandas holding three sticks of incense. At the same time, the virus also has the function of stealing user game accounts, QQ accounts, etc. In just two months, millions of individual users, Internet cafes and corporate LAN users have been infected and damaged. With the popularization of network applications, network customers are expanding rapidly, and attacks against Internet content are also developing continuously. With various means, network information security is becoming more and more important, which has attracted great attention from all walks of life. From early computer viruses to today's spam, spyware and other malicious software, phishing websites, the spear of attack is becoming more and more diversified and sharp.
The corresponding shields, in the struggle with spears, also have a wide variety, increasingly powerful and mature functions. Information security tools have evolved from stand-alone anti-virus programs to today's firewall, unified threat management (UTM), content security, identity authentication and other technologies and products. Network information security mainly includes firewall, anti-virus and intrusion detection products. With the continuous development of attack technology, single function security protection is becoming more and more inadequate. In September 2004, IDC put forward the concept of "unified threat management" for the first time, and classified anti-virus, intrusion detection, firewall and other security devices into the new category of unified threat management (UTM). Once the concept was put forward, it has aroused widespread concern in the industry. The technology adopted by UTM requires seamless integration of multiple security technologies to provide integrated network layer and content layer security protection without reducing the performance of network applications. However, the early UTM products in China did not make a substantial leap in technology. In an era when we are still pursuing the continuous improvement of hardware technology or the processing capacity of hardware platforms, it will take some time to become a "comprehensive" UTM. There are two strategies for developing UTM: developing UTM based on firewall, which is the most common practice of UTM manufacturers or firewall manufacturers. Another is to develop UTM products with IP as the core, which is TippingPoint's practice.
It develops future integrated security equipment on the basis of IPS instead of traditional firewall. In other words, security modules such as secure virtual private network (IPSec VPN), bandwidth management, web content filtering, and even the firewall itself will be placed on the IPS platform. Many early UTM products are more like improved versions of firewalls or IDS/IPS products. UTM equipment is often the product of a large number of simple safety functions, and does not do a good job of integrated optimization design at the bottom. With the continuous development and maturity of UTM technology, most UTM products have network firewall, gateway anti-virus, network intrusion detection/defense and other functions. At the same time, many UTM products also integrate common anti spam, Web content filtering and other modules. However, the current UTM products still have some shortcomings. For example, as a gateway device, the data processing capacity of UTM is not high enough, and the current UTM is not suitable for users with high network bandwidth requirements. Moreover, UTM products do not have the security level that can be achieved by professional security products with single function, so they are not suitable for users who are extremely sensitive to security protection. As a UTM product, it not only needs to realize the conventional network layer security (such as firewall function), but also needs to handle the application layer security defense at a high speed, which is technically higher than the general single product requirements. UTM products face problems in system optimization while improving hardware speed. Information security management mainly includes three parts: effective risk management, effective equipment management, and effective identity management. The change of concept will bring about great changes in the way of safety protection. With the massive popularization of the Internet, the network and information system will inevitably be opened to the outside world, to customers, and to partners. In this case, protecting the data itself is much more important and effective than building a wall. Through firewall/VPN, gateway security technology, these network access control technology to achieve the protection of the internal network, while the restrictions on users are also greatly deepened. The traditional security protection shows its disadvantages more and more. Identity management will become the mainstream of security technology. The problem solved by identity authentication management is by no means limited to "which user has which data access rights", but fully considers all ways of realizing data use, sharing and access in today's digital era, and provides a blueprint for access control for the entire data life cycle. With the rapid growth of data volume, in order to effectively protect data resources and simplify data resource management, identity authentication management becomes more and more important. Bill Gates and Craig Mundie, chief research and strategy officer of Microsoft, recently proposed a new plan to ensure that secure data access uses joint identity authentication in IPv6 networks, uses data rights management to protect files and data, and uses smart cards rather than passwords for online identity verification. Mundie believes that IPsec technology based on IPv6 is a very promising technology in the future. With IPsec technology, important identity authentication can be achieved at both ends of the connection. Regardless of the network boundary or network topology, you can define policies to control access logically rather than physically. EMC is studying identity management technology based on cryptography, which will be more closely combined with storage, wireless communication and other technologies in the future to ensure that data is safe and reliable both in storage and circulation.
Microsoft launched two new products this year: Identity management lifecycle management software ILM (Information Lifecycle Management) 2007 and intelligent application gateway 2007. ILM2007 provides an integrated and complex software system to manage the entire life cycle of user identity by integrating identity synchronization, authentication management, and password management in Windows and other systems. In the information age, all activities of the whole society are based on data, and data should be managed by different means according to its stage in the life cycle. ILM needs to consider the flow of data in the business. It must be a holistic concept that includes both business and data flow. Microsoft Intelligent Application Gateway 2007 integrates SSL VPN products with Microsoft Internet Security and Acceleration Server (ISA) to provide defense, remote access, endpoint security and application level protection for network boundaries. It is reported that in 2006, the global sales revenue of network security dedicated equipment and software increased by 15% over 2005, reaching 4.5 billion US dollars. It is predicted that this market will break through the 5 billion US dollars mark for the first time in 2007. With the development of global information industry, not only the security technology will have great development, but also as an industry, the information security industry can be expected to continue to grow and mature in the future. In a word, with the increasing security threats and the increasingly rampant hacking accompanied by commercial interests, attack and protection will continue to struggle for a long time
Part 2: Model Essay on Information and Security
The computer operating system can manage the internal, CPU, and peripheral devices systematically. When managing, it usually involves some modules or programs. Once these programs are found to have defects inside the modules, for example, the computer memory management module has defects. Once an external network is connected, the entire computer system may collapse [2]; At the same time, because the operating system supports the installation or loading of programs on the network and the transmission of information, one of the most important functions of network applications is the file transfer function, such as FTP, which contains executable files. Usually, these functions will also bring security risks. These installation programs often come with some executable files. Because these executable files are actually artificially written programs, once a part has a vulnerability, the entire operating system may crash; In fact, the main reason why the computer operating system is unsafe is that it allows users to create processes, and supports the remote creation and activation of processes. The created processes can still have the right to re create; At the same time, the operating system also has some remote calling functions. Remote calling refers to that a computer can call some programs in a remote server and submit programs to serve the remote server [3]. Remote call must go through many communication links, and there may be security risks such as being monitored in the middle link.
Network interconnection may be exposed. As far as the openness of the network is concerned, because the network technology is fully open, the source of the network attack it faces is determined in several steps: it may originate from the physical layer's attack on the transmission line, or from the network layer's attack on the communication protocol, or from the application layer's attack on the vulnerabilities of computer software and hardware; As far as the internationality of the network is concerned, it reflects that the attackers of the network may be local network users, or hackers from other countries and regions on the Internet, so the security of the network is also facing international challenges; As far as the freedom of the network is concerned, most networks have no technical restrictions on the use of users. These users can freely surf the Internet to get different information [4].
Key Technology and Function Analysis of Network Security
1 Intrusion detection. The so-called intrusion detection technology refers to a computer security technology designed and configured to ensure the security of computer systems, which can timely identify and report unauthorized or abnormal phenomena in the system. It is based on the security detection of network behaviors, security logs, audit data or network data packets without impeding the network performance. It can monitor the computer information network from time to time, find any unwanted network behaviors, and find intrusion into the computer system or various threats to the computer system, It can detect the activities violating the security policy in the computer network, provide real-time monitoring of internal attacks, external attacks and misoperations, and ensure that the resources of the computer information system are not attacked. It is generally considered as the second security technology after the firewall technology [5]. Intrusion detection is generally divided into three types: network-based intrusion detection, host based intrusion detection and hybrid intrusion detection. In practice, network-based intrusion detection technology is widely used.
2 Visualization. The so-called network security visualization technology refers to the optimization and supplement of firewall technology, vulnerability scanning technology and intrusion detection technology. This technology reflects the massive high-dimensional abstract network and system data in the form of graphics and images by using the human vision to obtain the model and structure, reflects the special information of network communication in real time, shows the current running state of the entire network, and then clearly informs users of the potential security risks on the network in a humanized way. It can help network security analysts intuitively and timely observe the existence of security threats in the network, use complex high-dimensional data information to quickly develop network conditions, find abnormal network intrusion, and then predict the future trend of network security events, thus making computer network security protection more intelligent, more timely, and more convenient [6].
3 Firewall. The so-called firewall technology refers to the security precautions of mandatory access inspection for internal and external network communication through predefined security measures between networks. Its main function is to conceal the internal network structure, improve the access control between networks, restrict external users' access to the internal network and regulate internal users' access to the external network, so as to prevent external network users from using illegal ways to sneak into the internal network through the external network, and then access internal network resources, The firewall can protect the internal network operating environment. Firewall technology can check the data packets transmitted between two or more networks, such as the link mode, through certain security measures, so as to determine whether the communication between networks can be allowed, and monitor the network operation status in real time. Once suspicious actions occur, the firewall can timely and appropriately alarm, and can occasionally provide important information about whether the network is monitored and attacked. The partition of the internal network through firewall technology can isolate the key network segments of the internal network, prevent the external leakage of internal information, and reduce the impact of local key or sensitive network security issues on the global network to a certain extent.
4 Vulnerability scanning. The so-called vulnerability scanning refers to the technology that automatically detects the security of remote or local hosts. The vulnerability scanner makes use of the network attack information already mastered, integrates them into the whole scanning process, and then monitors the information of the local host system and the remote system by querying the ports of various TCP/IP services, implements simulated attacks on the network, records the responses of the target host, and collects useful information and data about specific projects, It can find security vulnerabilities in the computer network system in a relatively short time, and output them in a statistical format, which is convenient for future reference and analysis [7]. This technology can help network security administrators accurately grasp the current security situation of the network, thus making some complex security audit and risk assessment work easier. On the premise of understanding the vulnerability of computer information networks, many security precautions such as optimizing system configuration and patching can be formulated, It can make up the latest security loopholes to the greatest extent, and finally achieve the purpose of eliminating security risks.
5 Data encryption. The so-called data encryption technology refers to an important computer security technology that re encodes information, converts plaintext data into ciphertext data by changing order or substitution, and then converts ciphertext data into plaintext data for output in practical application, so as to achieve the purpose of hiding information content and ultimately make it difficult for illegal users to obtain the true content of information. Data encryption technology is usually used to protect dynamic data and information. An encryption system is composed of plaintext sets, ciphertext sets, key sets and algorithms. Among them, keys and algorithms are the most basic units of a data encryption system. Algorithms are composed of some formulas, rules and procedures, which clearly specify the method of conversion between plaintext and ciphertext, The key can be regarded as a parameter in the algorithm. Data encryption technology can improve the security and confidentiality of computer information network system and its data, and can effectively prevent internal secret data from being cracked, stolen and tampered by external personnel.
Ways to strengthen the security management of network information resources
1. Strengthen the management and technical training of personnel. Human attack on computer is the biggest security threat to network security. Hacker attacks and computer crimes are typical attacks. This type of attack is generally divided into the following two types: one is active attack, which selectively destroys the validity and completeness of information through various ways, intercepts online data packets, and makes them invalid by implementing changes to them. It may also deliberately add some information beneficial to itself, playing a misleading role in information, Or directly log in to the system to use and occupy a lot of network resources, which makes a large consumption of system resources and ultimately damages the rights and interests of legitimate users. The second is passive attack, which is an attack mode of intercepting, stealing and cracking to obtain more important secrets without impeding the normal work of the network. Both of the above attacks will cause great damage to the computer network and lead to the leakage of user data.
2 Strengthen safety management of computer hardware equipment. To strengthen the safety management of computer equipment, on the one hand, it is necessary to create a good operating environment for computer equipment. In addition to controlling temperature and humidity, it is also necessary to take many preventive measures, such as dust prevention, electromagnetic leakage prevention, interference prevention, fire prevention, hazardous substances prevention, waterproof and anti-theft, to reduce potential safety hazards. On the other hand, in order to eliminate security threats, security specifications and strict management systems must be formulated, that is, without the permission of the network administrator, no one can open the chassis for any reason. The relocation of computers and their network equipment or change of related hardware equipment must be the responsibility of the network administrator, and no one can make decisions without permission; In case of hardware failure of computer and network equipment, report to the network administrator in time, and the network administrator will handle it.
3 Pay attention to the safety management of network and computer software. Software security management and anti-virus technology is a very important part of network security. Most of the insecurity of computer systems comes from computer viruses. In a stand-alone environment, computer viruses are mainly transmitted through floppy disks and hard disks. Computer software management can take many methods to prevent, such as starting the machine with hard disk, foreign floppy disk, setting the password for starting and entering the system, often checking with virus detection software, and backing up important computer and hard disk information.
Part 3: Model Essay on Information and Security
Risk management informatization has gradually become a platform for risk management application and practice. The use of informatization management means is also a trend of safety risk control. Each subway construction city has gradually developed a construction safety risk information management platform. The representative ones are Beijing Anjie Engineering Consulting Co., Ltd., Shanghai Tongshi Engineering Technology Co., Ltd The rail transit construction safety risk monitoring system developed by Nanjing Kuntuo Civil Engineering Technology Co., Ltd. is widely used in domestic metro construction cities. Wang Mingyang and Rong Xiaoli from the PLA University of Science and Technology have developed a subway construction safety risk management and monitoring system, including a three-dimensional geographic information system, a shield monitoring system, and a monitoring and early warning system. The three-dimensional geographic information platform and shield remote monitoring technology are used to achieve risk analysis, risk monitoring, and risk early warning in the whole process of construction. In the aspect of informatization research on construction safety risk management of deep and long tunnel engineering, the PLA University of Science and Technology and Shandong University cooperated to carry out relevant research on risk management informatization system for railway tunnel construction safety risks under complex geological conditions, and established the Chengdu Lanzhou railway construction safety risk management information platform based on 3D geographic geological information system, As the main working platform of the system, 3D geological geographic information system realizes 3D geological graphic display and query based on multi data fusion such as exploration hole data and geological advance prediction data, realizes visual monitoring of construction progress, and realizes information query of risk source, monitoring data, index system, etc. of construction progress profile and automatic early warning analysis result query.
Zhu Hehua of Tongji University proposed a digital platform for infrastructure construction and maintenance, including data acquisition and processing, data expression and data analysis. The digital technologies used in the construction period and the maintenance period are described in detail, mainly including data collection, data standards, 3D modeling, visualization technology, spatial analysis, and digital and numerical integration. Taking the Shanghai Yangtze River Tunnel and Bridge Project as an example, the preliminary attempt and application of integrated digital infrastructure construction and maintenance are carried out, It mainly includes the establishment of a digital platform for the Shanghai Yangtze River Tunnel and Bridge Project, life-cycle data collection and analysis, analysis of possible diseases and causes, dynamic monitoring and maintenance, and structural health/performance evaluation. The research results show that the use of a complete set of digital technology integrating construction and maintenance has comprehensively improved the level of information management of infrastructure and improved the service performance of infrastructure, Improve the service life of infrastructure.
Professor Huang Hongwei of Tongji University has studied the monitoring and early warning method of risk visualization. This method obtains measurement information through sensors, processes and analyzes the measurement information through microprocessors, comprehensively evaluates the risk level of the project, controls LED (Light Emitting Diode) to display different colors, and realizes timely early warning to ensure project safety. Teng Li, Shanghai University, based on the risk assessment model of shield departure and arrival, programmed the project risk management, established a dynamic remote monitoring system for the whole process of shield departure and arrival, developed a risk monitoring knowledge base and model base, and realized dynamic and real-time risk monitoring methods.
Part 4: Model Essay on Information and Security
Key words: small and medium-sized enterprises; Electronic information; Security technology
1 Connotation of electronic information security
For the buyer, the main advantages of electronic information are convenient, quick and easy to operate. The main advantage of electronic information for the seller is its convenient management and low cost, but the biggest disadvantage of electronic information is that the buyer and the seller cannot communicate, mainly the exchange of money and goods, and the transactions are conducted through the network. The main reason why the transaction can be successfully completed is that there is integrity between the two sides. There are mainly two aspects about honesty: there is a system software that plays a role in security during the process of buying and selling, which can convert virtual currency symbols into real currency, and also can protect transactions, mainly playing a role in security of currency accounts. To study electronic information security, we must first understand the meaning of information. Information mainly refers to the existence of materials, data and knowledge in different forms. In small and medium-sized enterprises, this kind of information mainly refers to the relevant information and materials of the buyer and the seller. Criminals can use illegal means to defraud the buyer and the seller in electronic information, or invade and steal through the network. Information security management standards give a detailed definition of information. Information is also an asset. Like other assets, it plays an important role in the development of SMEs and needs legal protection. Information security management standard divides information into eight parts, mainly including physical assets, document assets, text assets, service assets, software assets, data assets and human resources assets.
The electronic information of small and medium-sized enterprises is mainly carried by the network. Network communication is mainly achieved through data transmission. Online transactions are the main content of the communication process. Therefore, electronic information security technology has become a key issue in the field of information security. The research on electronic information security technology is mostly about technology, but for small and medium-sized enterprises, they should not only improve the technology, but also pay attention to the management to avoid information security problems.
2. Theory of electronic information security
The research on electronic information security in China is still relatively backward. The main theories on information security in the world are: the three view security theory, the information cycle theory and the information security model theory.
Three views on safety theory. In the electronic information security system of small and medium-sized enterprises, the three view security theory mainly divides it into three aspects, namely, micro, meso and macro. This theory is mainly to transform the macro level safety concept into the micro level management concept, and then guide the service and production.
Information security model theory. The information security model theory is the product of the development of information security management. The information security model theory mainly combines people, software, operations and information systems, and comprehensively protects the network information system. It mainly advocates a new security concept, and proposes that the system information security should not be protected only by programs and software, but also pay attention to dynamic protection. In addition, we should not only rely on security technology, but also attach importance to the innovation of management's security concept.
The circulation theory of electronic information. In the process of implementing network information security, the circulation theory of electronic information divides it into four aspects: planning, implementation, inspection and improvement. These four aspects are a cyclic process, and also a cycle. In the cyclic process, this process is regarded as a whole information security management system, rather than a certain management process.
3 The role of electronic information security technology in strengthening the information security of small and medium-sized enterprises
The three information security theories mentioned above play an important role in the information security management of SMEs, mainly including the following aspects. The first is the construction in the field of information security, and the second is to strengthen the construction of information security organizations in small and medium-sized enterprises. The American Institute of Information Security first proposed the field of information security. The field of information security mainly refers to the creation of corresponding confidentiality levels according to different confidentiality levels of information. The installation of network controls should combine different security levels of user information, and the selection of security information should be suitable for the confidentiality level of users. In small and medium-sized enterprises, the classification system of electronic information and data should be managed by a unified department, and then the information should be classified and encrypted and kept secret to varying degrees. Such information mainly includes documents, e-commerce related materials and services. Classifying, keeping confidential, archiving and integrating these information is conducive to the debugging of electronic information of SMEs.
For small and medium-sized enterprises, there has always been a problem of insufficient security of electronic information, which is mainly related to insufficient internal security management of enterprises. The work of security management lacks professional management. Many small enterprises do not have a unified information security management department. The main functions of the enterprise's safety management department include the following aspects: cooperate with the enterprise's human resources management department to complete the work content, regularly review some employees in special positions, and once it is found that there are violations of safety rules, re audit them. At the same time, confidentiality training shall be provided to employees; Organize the work of each department, and coordinate the work of each department, so that the safety objectives and strategies of the enterprise can be achieved; The safety management department of an enterprise is mainly responsible for the management, planning and decision-making of safety issues. It is also the emergency department of enterprises. In order to avoid the leakage of enterprise information, the information security management department must strengthen the management of information; Contact more information institutions and information security management departments in various regions, which can bring new information security management concepts and security technologies to enterprises; Adopt the information security reporting system, report the information security protection status to the management department regularly, report some important events in a timely manner, and obtain the management's support for information security management.
With the development of network engineering, electronic information has also been developed. Electronic information plays an important role in the development of enterprises, and enterprises are increasingly relying on electronic information. But this is only a virtual place, mainly through the network to complete the transaction, so security technology has become a common concern of enterprises.
[References]
[1] Chen Guangkuang, Xing Hua. Research on Information System Security Risk Assessment [J]. Network Security Technology and Application, 2009 (7)
[2] Xiang Hong, Ai Peng, et al. Classification and hierarchical protection of e-government system security domain [J]. Journal of Chongqing Institute of Technology, 2009 (2)
Part 5: Model Essay on Information and Security
r> CLC No.: G642 Document Code: B Article No.: 1674-9324 (2012) 09-0114-02
Information security is a new cross discipline, involving all aspects of computer and network security, and is a professional field directly oriented to engineering and application. The training goal of this major is to master professional knowledge and skills in the field of information security, have good professional quality, be able to integrate theory with practice, and be able to engage in information security senior professionals in computer, communication, e-commerce, e-government, e-finance and other fields. Since the School of Computer Science of Wuhan University opened a new information security major in 2001, the information security major has developed for ten years. After the development in recent years, it has a certain scale. However, due to the short development time of the information security specialty and the immature teaching system, many problems, such as specialty construction, teaching staff construction, teaching materials and curriculum construction, are still in the research and exploration stage. Moreover, due to the difference of characteristic majors in different universities, the focus of information security specialty construction will be different. Therefore, the research is mainly carried out from several aspects, such as discipline setting, professional curriculum setting, practical teaching links and teaching method reform.
1、 Information security professional characteristics
Information security is a very extensive field, and its connotation is expanding with the scope of information applications. To sum up, the information security specialty has the following characteristics: interdisciplinary. It involves computer, communication, electronics, mathematics, biology, law, management and other disciplines; Integrate theory with practice. Be able to skillfully and flexibly apply the theoretical knowledge to practical problems; High professional quality. Students majoring in information security should not only have professional knowledge, but also have the quality of laws and regulations. In this way, it is possible to undertake information security work in some important departments; systems engineering. In view of the barrel principle of "seven points of management, three points of technology", the role of law, management and education must not be ignored; Integrity and bottom characteristics. Only by taking measures from the overall and underlying hardware can the system effectively solve the information security problem.
2、 Construction of teaching system
1. Discipline setting. With the development of information technology, the connotation of information security continues to extend, from the initial stage of only keeping information confidential (confidentiality) to preventing information from being tampered with (integrity), availability and non repudiation, thus involving the basic theory and implementation technology of attack, prevention, measurement, control, management, evaluation and other aspects. Therefore, the discipline setting of information security specialty varies with its research focus and application field. At present, in terms of discipline setting, information security is only a secondary discipline set up by colleges and universities. Most colleges and universities set information security as a secondary discipline of computer science and technology or information and communication engineering according to their own characteristics. Those set up under the discipline of computer science and technology focus on computer and network knowledge; However, those under the discipline of information and communication engineering generally focus on communication and cryptography. There are also some colleges and universities that regard information security as a secondary discipline under mathematics, focusing on basic knowledge such as mathematics and physics; Some colleges and universities set the information security specialty in the security engineering department, with security as the focus of teaching content. For example, Xi'an University of Electronic Science and Technology has set up the information security specialty under the first level discipline of information and communication engineering, and has made full use of the characteristic specialty of Xi'an University of Electronic Science and Technology to develop the information security specialty and cultivate professionals in communication confidentiality.
2. Professional courses. In terms of professional curriculum, considering the cross disciplinary characteristics of information security specialty, it is proposed that the curriculum system of information security specialty should cover a wide range of domain knowledge. The United States, Britain and other countries have a relatively hierarchical curriculum. Some colleges and universities divide courses into two types, namely basic courses and characteristic courses. Basic courses include cryptography, operating system security, network security, system security management and evaluation, database security, and network attack and defense technology; Featured courses include security programming technology, information crime, network protocol security analysis, computer/network forensics, wireless network security, etc. Some colleges and universities divide the curriculum into three cores of technology, management and safety or four cores of technology, strategy, health and management. In China, as a secondary discipline, the information security specialty is set up between different primary disciplines, so the curriculum is very different. For example, subjects such as "digital signal processing", "coding theory basis", "random signal analysis", "communication principle" and "information network basis" make the training of information security major more inclined to cryptography and communication security; The subjects of "computer network", "software engineering", "operating system", "database principle", "embedded system", "Windows analysis and application" and so on make the training of information security specialty positioned above the computer science and technology specialty. Many colleges and universities develop corresponding information security majors according to their traditional advantageous disciplines. For example, Xi'an University of Electronic Science and Technology has set courses as basic courses, computer courses and professional courses. The basic courses maintain the basic courses of communication majors such as digital signal processing, communication principles, random signal analysis, and information theory, while the professional courses set up the mathematical foundation of information security, cryptography, and network security technology. At the same time, some computer related courses are also set up in computer operating systems, computer networks, databases, and other aspects. The three types of curriculum system ensure that students can engage in information security, communication and computer work, so as to better adapt to social needs, meet students' future development and employment, and avoid employment risks. The Computer Department of University of Science and Technology of China has a good foundation in mathematics and algorithm analysis, so the courses of information security specialty include "algorithm design and analysis", "combinatorial mathematics", "network computing and efficient algorithms", "computational number theory" and "computer mathematics"
Basic courses. These courses have promoted students to learn cryptography, intrusion detection, information theory and other professional courses, and laid a good foundation for further study of students. Shanghai Electric Power University, in combination with its own distinctive electric power specialty, focuses on computer science and technology when setting up the curriculum system, while taking into account electric power information technology, electronics, communication, mathematics, physics, electric power information network and other courses.
3. Practice teaching. In the training of undergraduate information security professionals, the combination of theory and practice must be emphasized. Therefore, it is necessary not only to have a reasonable and complete theoretical curriculum system, but also to establish a good practice teaching link to help students truly master theoretical knowledge and basic information security skills in practice. In the aspect of practical teaching, because most of the information security experiments are complex and require more computer equipment, the current teaching conditions are usually difficult to meet a large number of students to conduct experiments concurrently. Therefore, some universities adopt virtual experiments. Virtual experiments can effectively reduce the occurrence of security accidents in the experiment process, which is crucial for information security experiments that frequently conduct malicious code experiments; Some of them actively and efficiently build off campus practice teaching bases, engineering training projects and graduation practice bases. Strengthen cooperation with enterprises and public institutions and government departments, and actively establish fixed cooperative relations with relevant units by means of jointly building joint laboratories, engineering technology research centers, etc; Some colleges and universities have planned the practical teaching system of information security specialty according to four categories: humanities and social science practice, natural science practice, engineering technology practice and comprehensive practice; Some researches set up basic verification experiment, comprehensive experiment and research innovation experiment for professional experiment of information security. The basic verification experiment accounts for about 40% of the total class hours, and the content is connected with the content of the theoretical course and relatively fixed; Comprehensive design experiments require students to comprehensively use the knowledge of one or more courses, design for specific problems, and improve their comprehensive design ability. 4. Teaching methods. In terms of teaching methods, the study changed the traditional "injection" teaching method and proposed a "participatory" teaching method in view of the characteristics of information security expertise, such as rapid updating of knowledge and relatively lagging behind of textbook knowledge. First put forward specific questions, then recommend a series of reference materials, and the teacher will guide them from the research ideas and key issues. Finally, ask students to explain what they understand and master in class. This kind of interactive teaching promotes students' initiative in learning and cultivates students' ability to analyze and solve problems. For example, for the course of intrusion detection technology with strong practicality, if it is taught in the usual injection mode, students still cannot establish a complete system of network attack and defense. However, the participatory teaching mode can enable students to learn more offensive and defensive content that they are interested in driven by interest, so that after understanding and mastering the knowledge and technology of the intrusion detection system, they can independently build the intrusion detection system, conduct scanning attack experiments, view and analyze the data of the "intrusion detection system". In addition to the explanation of basic theoretical knowledge, cryptography, a theoretical course, focuses on the combination of practical applications. For example, the application of RSA algorithm in online banking, digital certificates, etc. You can also attract students' attention by giving examples. The researchers also proposed to integrate engineering ideas into classroom teaching. The teacher gives a demand, analyzes the demand, and guides students to connect with knowledge points; Then design the problem with knowledge points, and finally ask students to choose a simulation tool to implement. This process can enable students to experience some system development ideas in software engineering, and can also improve students' comprehensive ability and quality. In addition, some researchers emphasize that no matter what kind of teaching method is used, students need to interact with each other through the network teaching platform. Only in this way can we do a better job. Secretarial station: after undergraduate work, these staff are engaged in the field of information security. These staff have professional skills in computer and communication, but lack a systematic and comprehensive understanding of information security, Further education will help them to be better qualified for their jobs.
5. Construction of teaching staff. Although the information security specialty has something in common with traditional computers, communications and electronics, it also has its unique characteristics and specific requirements. Therefore, teachers of information security specialty should be involved in many fields of information science and basic disciplines such as physics. At the same time, they should understand the latest information security technology and pay attention to the latest security trends. Of course, strong hands-on ability is also necessary. Therefore, on-the-job training and overseas research of information security teachers are a good way for further education. In addition, we can consider establishing an information security exchange platform with regions as the link to realize the sharing mechanism, invite everyone and celebrities in information security to give some lectures, and cultivate excellent information security teachers.
6. Construction of teaching materials. At present, there are many textbooks on information security, but they are uneven. Some textbooks are too professional, emphasizing theory rather than practice. There are few or even few typical cases closely connected with the reality. Once an information security incident occurs, students cannot fully explain the security phenomenon with existing knowledge; Some textbooks are highly operational, but the theory is not popular enough, so students still cannot combine theory with practice; In addition, because there is no systematic and complete teaching material in the field of information security, the overlap between curriculum standards and teaching material content is very serious. It not only overlaps with the content of traditional courses, but also has obvious overlap between professional courses. For example, the course of network security involves the introduction of intrusion detection and virus, which overlaps with the course of principles of intrusion detection and virus. Another example is the introduction of standards in the information system security management and assessment, and the information security laws and regulations cover relevant content. Therefore, there is an urgent need for
Organize the preparation of a set of systematic and complete information security professional teaching materials. The textbook has both popular theoretical basis and operability, and contains some typical accident analysis of information security, so as to help students master professional knowledge, improve their practical ability, and promote their ability to analyze and solve problems.
The major of information security is a new major that has just started. The teaching and practice of this major is in the exploration stage. Because of this, the teaching methods and methods adopted by various universities are also different, reflecting different school running ideas. In accordance with their own disciplinary advantages and school running pattern, they made beneficial exploration and attempt on the initial development of information security discipline. This paper discusses the teaching system setting of information security specialty, and discusses some matters that should be paid attention to and problems that should be avoided in the setting.
reference:
[1] Yang Guangming, Gao Xiaoxing, Zhu Zhiliang, et al. Thoughts on the training of information security professionals in colleges and universities [J]. Journal of Beijing Institute of Electronic Science and Technology, 2006, (1): 55-57
[2] Li Hui, Ma Jianfeng. Some experiences on strengthening the construction of information security specialty in combination with the characteristics of the school [J]. Journal of Beijing Institute of Electronic Science and Technology, 2006, (1): 3-4
[3] Dong Lijun, Song Jun, Wang Maocai. Research on Some Problems in Experimental Teaching of Information Security Specialty [J]. Computer Education, 2010, (22): 142-144
[4] Tan Yunsong, Wang Haihui, Wu Qinghua, etc. Research on the practical teaching system of information security specialty [J]. Higher Education Forum, 2006, (5): 82-84
Part 6: Model Essay on Information and Security
Keywords: financial information, network security, security system, service
1 Overall framework of financial information system security assurance system
The overall framework of financial information system security assurance system includes system security, physical security, application security, network security, and management security. Graduation thesis, network security.
1.1 Security of financial information system
System security refers to the security of network structure, operating system and application system. Graduation thesis, network security. The security of the network structure means that the network topology has no redundant loops, the lines are relatively smooth, and the structure is reasonable. The security of the operating system is to use a higher network operating system, delete some applications that are not commonly used but have security risks, and strictly check and limit the information and passwords of some users. The security of the application system means that only some commonly used port numbers and protocols are reserved, and the user's operation permissions should be strictly controlled. In the system, there should be some necessary backup and recovery of the system. It is to protect the financial system from problems and to recover quickly. During the operation of the financial system, its contents should be backed up.
1.2 Physical security of financial information system
Physical security is to ensure that the entire network system and information structure are secure. Physical safety mainly involves the safety of environment and equipment. Environmental safety mainly refers to lightning protection, fire prevention, waterproof, etc., while equipment safety refers to anti-theft, interference, etc.
1.3 Application security of financial information system
Application security of financial information system mainly refers to the need of access control of financial information system. Different levels of access control and user level access authorization are adopted. Collecting verification data and securely transmitting data are important steps for current user identification and verification. For the backup and recovery mechanism of data resources in the financial system, corresponding protection measures should be taken to restore the system as soon as possible after the failure.
1.4 Network security of financial information system
Financial information can only be released to the outside world through encryption of data link layer and network layer to protect communication and protect important information in the network. It is also necessary to conduct intrusion detection on the network, and monitor the incoming and outgoing network segments through information codes to ensure the security of information. Graduation thesis, network security. The system shall also be inspected irregularly, and any loophole found shall be remedied in a timely manner.
1.5 Security management of financial information system
The financial system is a network that covers many aspects, and also runs many networks. To manage the information of the financial system, a safe management center should be set up. Centralized management should be carried out, strict provisions should be made and clear responsibilities and controls should be determined to ensure the reliable operation of the financial system.
2 Measures to ensure the security of financial information system
2.1 Set up security measures
Any policy without permission is strictly prohibited. The system allows access only after eye authentication. Important financial information must be transmitted through encryption measures. The network of the financial information system should be equipped with a firewall through the network security policy to protect the information security of each financial node, allow authorized users to access the LAN, and allow authorized users to access specific resources in the LAN; According to business and administrative ownership, VPN is divided by MPLS VPN technology on horizontal and vertical networks.
2.2 Measures for using safety technology and safety products
In order for the financial system to have a safe and reliable operating environment, it is necessary to install some security technologies and security products in the financial information system in accordance with the security guarantee system strategy of the financial system. The financial information system is divided into different security regions, each region has different responsibilities and tasks, and different regions need different protection measures, which is convenient and enhances security. Install a firewall in the financial vomit to prevent unforeseen accidents. If there are potential destructive attackers, the firewall will play a role in shielding internal messages externally to achieve network security protection. Intrusion detection system should be set up in the financial information system to regularly detect the security status of the network, detect intrusion events, and protect the network in an all-round way. Install anti-virus system in the financial information system, configure anti-virus software corresponding to the possible disease source or path, provide a centralized management for the financial information system, install, scan, update and share anti-virus programs, and simplify the daily maintenance of the financial information system, The virus that may invade the financial information system is monitored 24 hours to protect the network from the virus. Regularly evaluate the security of the financial information system, detect and evaluate the workstations, servers, switches and databases in the system, and provide reports to the system according to the evaluation results. The evaluation of security and the intrusion detection of firewall cooperate with each other to enable the network to provide higher performance services. Graduation thesis, network security.
2.3 Security measures for financial information management
In terms of technical means of management, the level of safety management should also be improved. The financial information system is relatively closed, the security of the financial information system is the most important, and the strictness of business logic and operation specifications is the top priority. Therefore, for the internal management of the financial information system, the leadership should strengthen the security management system, strengthen the daily management system, and improve the basic management level.
2.3.1 Establish a complete organization
Now our country pays more attention to the development of information security, which can promote economic development and maintain social stability. A security management team should be established within the financial information system. The task of the security management team is to develop a security strategy consistent with financial development. The management team is responsible and obligated to maintain the safety and stability of the system.
2.3.2 Formulate a series of security management methods and regulations, mainly focusing on the management of intranet, behavior, application, etc., and content control and storage management. Each facility shall have a set of plans and be tested regularly. Graduation thesis, network security.
2.3.3 Strengthen strict management, strengthen the authentication of login identity, strictly control the user's access rights, track the information of each user, and provide guarantee for the system audit. Graduation thesis, network security.
2.3.4 Strengthen the level of information protection, focus on the protection of information in the financial information system, and implement compulsory protection and compulsory certification for important information to ensure the security of financial business information. It is also necessary to constantly strengthen the construction of information management talents and security team, strengthen the training of compound talents, strengthen the publicity of information security law popularization and law-abiding through various conferences, websites, radio, television, newspapers and other media, improve the information security awareness of the whole people, especially strengthen the training and education of information security knowledge for enterprise internal personnel, Improve the information security and self-discipline level of employees.
3 Conclusion
With the rapid development of financial informatization, the scale of financial information systems has gradually expanded, and the number of financial information assets has increased sharply. It is imperative to implement security protection for networks and information systems. At present, the application of the Internet still lacks certain security measures, which seriously affects and limits the quality and variety of services provided by the financial system to the outside world through the network. Therefore, each financial information system must take certain security measures to build a safe and reasonable financial information system.
reference:
[1] Lu Xinde. Building a new information security guarantee system: the new situation of global information war and China's information security strategy [M]. Beijing: China Economic Publishing House, 2007
[2] Li Gaicheng. Financial Information Security Project [M]. Beijing: China Machine Press, 2010
[3] Fang Deying, Huang Feiming. Financial Industry Informatization Strategy - Theory and Practice [M]. Beijing: Electronic Industry Press, 2009.4
Part 7: Model Essay on Information and Security
Key words: information security; Information security literacy; Information security assurance; Evaluation index system
CLC No.: C32 Document Code: A Article No.: 1008 5831 (2012) 03 0081 06
1、 Introduction
At present, with the overall improvement of China's social informatization, the network and information system have become the key infrastructure of the country, and their basic and overall role has been further enhanced. The role of information resources in the development of the national economy is growing day by day. Anyone who can grasp rich information resources in time can be in the political, economic Military and cultural aspects occupy a dominant position. But at the same time, information security issues are increasingly diversified and complex. Attacks against the network and information system, as well as the security problems of the network and information system itself, have seriously affected the normal operation of key infrastructure such as finance, power, transportation, etc. Virus propagation, network attacks, network leaks and other cases are increasing year by year. The issue of information security is not only a technical issue, nor a social issue, but also involves politics, economy, society, culture, military and other aspects, and then becomes a national overall strategic issue. The Fourth Plenary Session of the 16th CPC Central Committee has listed information security as one of the four important components of national security, and the other three are political security, economic security and cultural security. According to the 2010 Survey Report on Information Security Awareness of Enterprise Employees by Beijing Gu'an Tianxia Technology Co., Ltd., 42.8% of respondents believe that insufficient personal information security awareness is the biggest potential information security hazard, followed by the lack of security systems or the implementation of existing systems, insufficient investment or personnel or lack of information security training, insufficient security product functions and others. The biggest obstacle to effectively protect information security at present is the general lack of information security awareness, followed by backward management, poor technology, imperfect laws, insufficient information security talents and other obstacles. The report further shows that Chinese enterprise employees generally lack information security awareness [1]. In addition, at the RSA 2011 Information Security Conference, many information security experts coincidentally raised an interesting issue, that is, many employees who lack security awareness are becoming the biggest and most difficult loopholes for hackers to break through enterprise security protection [2]. At the beginning of 2012, the main reason for the large-scale leakage of user data of many websites, such as CSDN and Tianya, was that users were accustomed to using one account and password for multiple purposes. When personal data of individual websites were leaked, it directly led to the simultaneous exposure of accounts of multiple websites [3]. Therefore, it is an important issue to strengthen the evaluation of national information security literacy, make the majority of citizens realize the current situation of their own information security literacy, and effectively improve their information security literacy.
2、 The Connotation of Information Security and National Information Security Literacy
Information security is an old and young topic, which covers a wide range, ranging from national political and military technology and other confidential security to preventing business secrets from being stolen and personal information leakage. The arrival of the information age highlights the importance and urgency of information security. At present, information security is generally understood in both narrow and broad sense. The narrow sense of information security refers to the security of information itself, which basically includes five aspects of information confidentiality, integrity, availability, controllability and reliability. Confidentiality means ensuring that information is only available to those authorized to use it; Integrity refers to protecting information from deletion, modification, forgery, disorder, etc. to ensure its integrity and accuracy; Availability means to ensure that the authorized person can obtain the use information on demand; Controllability means that the information and information system are in the state of security monitoring and management; Reliability refers to the probability that the information system completes a specific function under specified conditions. In a broad sense, information security refers to the state of social informatization and the state of information technology system free from external threats and infringements, so as to maintain the normal operation of national political, military, economic, scientific and technological, cultural, social life and other systems. Broadly speaking, information security includes political information security, economic information security, scientific and technological information security, military information security, cultural information security, ecological information security, public information security, etc.
National information security literacy refers to people's understanding of information security and various comprehensive capabilities of information security in the information and networking environment, including information security awareness, information security knowledge, information ethics and information security capabilities. It is an important part of information literacy in the information society, and has become an important condition for human survival in the information society. Information security awareness means that people can recognize the importance of information security in work, study and life, have a certain sensitivity and insight to information security, and be familiar with the identification methods of common security threats and effective security protection measures. Information security knowledge means that people are familiar with the basic concepts and theoretical framework of information security, and understand the latest technology of computer security and network security. Information ethics refers to that people must abide by certain network information ethics and ethics in the process of acquiring, utilizing, processing and disseminating information, and consciously resist network piracy, computer viruses, computer hackers and other behaviors. The connotation of information security literacy discussed by the author is more abundant than that of information security awareness. It not only includes the awareness orientation of caring for and maintaining information security, but also includes various subsequent protection capabilities, information security ethics, etc. Information security literacy is different from computer literacy, which mainly refers to various basic knowledge needed by individuals to use computers. In addition, the cultivation of information security literacy is the result of long-term "practice", not born, nor can it be formed overnight. The formation of information security literacy has a process of degree change, that is, the process of gradual development from low to high.
Chapter 8: Model Essay on Information and Security
Key words: information security accident; Safety management; Accident causation theory
CLC No. F49
Document identification code A
Article No. 1006-5024 (2013) 01-0055-04
1、 Introduction
Today, with the tide of informatization sweeping the world, the importance of information is self-evident. China's national economy and social informatization construction process has been comprehensively accelerated. The basic and overall role of the network and information system has been increasingly strengthened. Information technology has played an important role in improving enterprise service level, promoting business innovation, and enhancing core competitiveness. However, in the process of information construction, various information security accidents occur frequently. According to the 2010 global information security survey report of PricewaterhouseCoopers, the incidence of information security accidents in Chinese enterprises is far higher than the world average. Network accident, data accident and system accident are the three common information security accidents of Chinese enterprises, with the occurrence rates of 51%, 45% and 40% respectively, while the occurrence rates of the same accidents worldwide are 25%, 27% and 23%.
A large number of documents and facts show that the particularity of information determines the high incidence of information security accidents. Information is easy to spread, diffuse and destroy. Information assets are more fragile than traditional physical assets, but the risks, benefits and opportunities of its operation are much greater than physical assets. The increasing dependence of enterprises on information systems also increases the risk of serious intrusion and destruction of important information, which often leads to damage to enterprise assets or business interruption.
At present, the research on information security mostly focuses on the technical level, from the early encryption technology, data backup, anti-virus to the firewall, intrusion detection, identity authentication in the recent network environment, while the research on management and process optimization is less. Ross Anderson (2001) believes that economic management research on information security is more important than technical research to some extent. Fu Yumin (2010) believes that the lack of attention paid by Chinese enterprises to information security managers and processes is the main reason for the high rate of related security accidents. Therefore, it is necessary to systematically analyze the mechanism of enterprise information security accidents and find out the root causes of accidents with management factor research as the core. Preventing the occurrence of enterprise information security accidents by controlling the accident causing factors will have certain guiding significance for enterprise information security management.
This paper applies the accident causing theory in the production field to the analysis of information security accidents, systematically analyzes the formation mechanism of enterprise information security accidents, divides the information security accident causing factors into four parts, namely, environmental factors, personnel factors, technical factors and equipment factors, analyzes the impact of various factors on information security accidents, and constructs a fishbone diagram of information security accident causing factors, And put forward targeted preventive measures.
2、 Theoretical Basis
(1) Research on Information Security Accidents from the Perspective of Management at Home and Abroad
Scholars at home and abroad have studied the causes of information security accidents from different perspectives. Van Niekerk (2010) believes that the corporate information security culture atmosphere is the key to reduce information security accidents caused by human factors; Knapp (2009) and others have successively studied the relationship between information security policies and information security incidents; Herath (2009) verified that punishment intensity, pressure and employees' perception of effect will have an impact on their safety behavior through the empirical research of questionnaire survey; Albrechtsen (2010) found that employee participation, collective reflection and group role can improve employees' information security awareness and improve their security behavior; Stanton (2005) found that the security behavior of end users will have an impact on enterprise information security management; Ashenden (2008) found through empirical research that there is an information gap between information security managers, senior managers and end users. The difference in understanding between the two sides will have a negative impact on the information security management of enterprises, increasing the probability of information security accidents. In addition, Vroom (2004), Flowerday (2005) and other scholars have also conducted research on this.
Compared with foreign countries, domestic research on information security mostly focuses on the technical level, and less on the management level. Shen Changxiang, Zhang Huanguo and Feng Dengguo (2007) systematically expounded the development of information security theory and related technologies; Guan Wei and Hu Ruo (2007) analyzed the information security of e-commerce from the perspective of social environment, commerce, organizations and individuals; Liu Fulai (2010) analyzed the potential safety hazards and reasons in the informatization management of SMEs.
Through reading the literature, it is found that most foreign scholars have verified the impact of one or several factors on information security accidents through empirical research, but there is a lack of systematic analysis of information security accidents. The domestic research is mostly used to build the information security management system, while the analysis of information security accidents is rarely studied.
(2) Accident causation theory
In the selection of information security accident analysis methods, this paper selects the accident cause theory which is widely used in the production field. Accident causation theory is a scientific theory that studies and analyzes the factors that cause accidents. It is a theory that describes the causes, processes and consequences of accidents, and studies how basic factors such as people, materials, environment, management and accident disposal work to form accidents and cause losses.
In the early accident cause theory, W.H. Heinrich's accident cause and effect chain theory is the most representative, which first proposed that the unsafe state of things and unsafe behavior of people are the two direct factors leading to casualties. On the basis of Heinrich's causal chain theory of accidents, F. Bird and others further put forward the modern safety science view that safety management is the underlying indirect accident causing factor. They believe that the underlying cause of any safety accident can be attributed to management mistakes, The unsafe behavior of people or the unsafe state of things are just the symptoms of the underlying causes and the reflection of management mistakes.
Based on F. Bird's modern security science viewpoint, this paper proposes an information security accident model as shown in Figure 1. The occurrence of information security accidents is the result of the unsafe behavior of people and the unsafe state of things acting on the energy substance/carrier, and the management factors of enterprises are the direct factors leading to the unsafe state of things and unsafe behavior of people.
3、 Information security accident analysis
Through the analysis of the causal factors of various types of information security accidents, the causal factors of enterprise information security accidents can be generally divided into two categories, namely human factors and material factors. Among them, material factors can be further divided into environmental factors, technical factors, equipment factors, etc. According to the field research and literature review, the lack of corporate culture, imperfect safety rules and regulations and other environmental factors are the underlying causes of the accident. Therefore, this paper classifies the controllable causal factors of enterprise information security accidents into four categories, namely environmental factors, personnel factors, technical factors and equipment factors, and constructs a fishbone diagram of information security accidents (see Figure 2).
(1) Environmental factor analysis
In the process of informatization construction, many enterprises often appear the phenomenon of "business first, security later" due to the urgent need to carry out business, and security management seriously lags behind the development of business. In the internal environment of an enterprise, the compliance of its business directly determines whether the design, operation, trial use and management of the information system go beyond the scope of the security requirements stipulated by laws and contracts. In addition, many enterprises have installed certain security equipment, but they lack unified security system planning and security prevention mechanism, and their security responsibilities are not clear, which greatly increases the risk of information security accidents. Due to the lack of business continuity plan and accident handling mechanism, after an information security accident, the business of an enterprise will often be interrupted. At this time, the information management personnel will become the "fireman" to resume business, and ultimately the information security construction will become a "cure the headache, cure the foot" behavior. In addition, the lack of corporate disciplinary measures and audit mechanisms is also an important factor that leads to frequent or repeated information security accidents.
In the external environment of information security management, third-party service organizations or individuals are closely related to enterprises. When an enterprise chooses a third-party service agency to provide services for the enterprise, it means transferring part of the enterprise's information to a third party. Incomplete outsourcing contracts between enterprises and third parties, poor service quality of third parties, and unclear data access rights of third parties are likely to lead to the disclosure of key data of enterprises and external attacks.
(2) Personnel factor analysis
Personnel are the most active factor in information security management. Different types of personnel have different impacts on information security accidents. (1) Management personnel. Top management is the decision-maker of enterprise resource investment, and also the core of enterprise information security management. The lack of support and attention to information security from top management is the key factor leading to the lack of enterprise information security culture and the indifference of employees to information security awareness. As a bridge between the top and the bottom of an enterprise, the middle managers' implementation of decisions directly determines the implementation effect of enterprise information security management. (2) Technicians. In enterprises, technicians can ensure the daily operation and maintenance of enterprise information systems. However, most enterprises, especially small and medium-sized enterprises, lack information technology talents and security supervisors and auditors. Due to the limitations of personnel and technology, an administrator is often responsible for both system configuration and system security management. Security settings and security supervision are "shoulder to shoulder". This situation makes the management authority too centralized. Once the administrator's authority is out of control, it is very easy to lead to the disclosure of important information. (3) Grass roots personnel. At present, the grass-roots employees of Chinese enterprises generally lack information security education and training, and are indifferent to information security awareness. They are dealing with a large number of important information of enterprises in an unsafe way every day, such as using mobile devices at will, unrestricted access to the Internet, etc. These unsafe behaviors pose a potential threat to the enterprise's information system.
(3) Technical factor analysis
Information security technology is the basic factor for enterprises to prevent information security accidents, and it is also a part of our enterprises' investment in information security management. Specifically, the technical factors leading to information security incidents can be divided into two categories: (1) software factors, including software design defects or technical vulnerabilities, anti-virus software not updated in time, and sudden software failures. (2) Information system design factors include information system design not based on risk assessment, business process description error or omission, insufficient preliminary test, unclear data access authority setting, no backup of key data, unclear security level of information assets, and no protection measures for information assets. These unsafe technical factors lead to the inevitability and universality of the existence of information security vulnerabilities. In the current open network environment where the Internet is popular, these vulnerabilities will undoubtedly leave opportunities for external attackers, leading to information security accidents.
(4) Equipment factor analysis
The equipment for enterprise information security management mainly includes central computer room, server, network equipment, lines, etc. These are the basis of enterprise information security assurance system. Information security accidents caused by equipment factors include hardware failure, support facility failure, man-made damage accident, and other equipment and facilities failure. The causes can be summarized into three categories: (1) physical security, including unclear physical security boundary, unauthorized physical access, lack of security measures for equipment or storage media Unauthorized use or movement of facilities and equipment, hardware failure, etc. (2) Support facilities, including power supply or air conditioning interruption, electrical failure, cable damage, etc. (3) External force majeure includes natural disasters such as floods, typhoons, earthquakes, terrorist attacks, wars and other external force majeure factors. These factors often cause damage to facilities and equipment hardware, resulting in interference and destruction of data stored on the equipment, which is easy to cause business interruption of enterprises.
4、 Preventive measures
According to the analysis of the above factors causing information security accidents, we can prevent them from three aspects: personnel training, system improvement and hardware improvement. Specifically:
(1) Establish an effective "human firewall" to reduce information security accidents caused by human factors
Information security is a problem that every employee of an enterprise must face. The establishment of a "human firewall" can truly mobilize the internal power of an enterprise to achieve long-term stability. Therefore, information security publicity must be strengthened to enhance the awareness of all employees on the importance of information security. By strengthening the management personnel's attention to information security, create the enterprise's security culture atmosphere and improve the employees' information security awareness; Enhance employees' safety skills through safety education and training; Laws and regulations, security policies, access rights and disciplinary measures are adopted to restrict employees' behaviors and reduce the occurrence of unsafe behaviors. Finally, an enterprise culture atmosphere of "information security and everyone's responsibility" will be formed within the enterprise to reduce information security accidents caused by human factors.
(2) Improve enterprise information security management system and reduce information security accidents caused by environmental and technical factors
The information security management system is an information security management mechanism and prevention system established on a unified integrated management platform based on enterprise information security needs, business process analysis and risk assessment results, comprehensive use of various information security technologies and products. Establishing and improving the information security management system can provide security assurance for enterprise information management at all levels and stages, such as strategy, design and operation, and effectively reduce information security accidents caused by environmental and technical factors. Establish disaster recovery and business continuity plans, strengthen the backup of important information data, ensure the continuous development of business and minimize losses in case of information security accidents; Establish a centralized management control mechanism, centralize data security control, and establish a global network management platform to ensure that security prevention strategies can be fully implemented from top to bottom and reduce data security risks; Based on the principle of "moderate prevention", select appropriate security technologies and products, formulate corresponding access control policies, and meet the needs of enterprise business security on the basis of cost and return on investment.
Chapter 9: Model Essay on Information and Security
[Key words] Power generation enterprises; Network security; Administration; technology
In recent years, with the gradual deepening of power system reform and the rapid development of information technology, power generation enterprises have gradually increased their dependence on information systems, and information systems play an increasingly important role in the production, operation and management of enterprises. Power generation enterprises have been widely recognized for their production management and office work through informatization, which has greatly improved production efficiency and management level.
Among them, the implementation of network security work is a concentrated reflection of enterprise informatization management level. As a member of the national energy industry, the information network security of power generation enterprises is particularly important. Power generation enterprises' emphasis on informatization is also reflected in strengthening their own information network security work. Network security has become an important content of power generation enterprises' safe production. Whether for thermal, hydraulic, nuclear, wind, solar or new energy power generation enterprises, network security is equally important.
From the perspective of the current development of informatization in the power industry, network security can be roughly divided into the following aspects: network security management, security protection technology, emergency security, publicity and education, etc. Network security management includes: enterprises should have network security leadership responsibility system, management organization and information network dedicated staff; The specific implementation of the network security responsibility system and the accountability mechanism; Daily safety management of personnel, informatization funds, information assets, procurement, training, outsourcing personnel, etc; Complete and perfect network security management system; Security monitoring, hardware redundancy, security audit, patch management. Security protection technology includes: security measures such as anti-virus, anti tamper, anti paralysis, anti attack, and anti disclosure; Security policies and functional effectiveness of network security devices such as servers, firewalls and physical isolation devices; LAN, Internet, wireless network security measures; And non computer, mobile media and password devices. Emergency support work includes: information security incident emergency plan, data backup and recovery drill, emergency technical support team, major security incident disposal, etc. Publicity and education work includes: daily network security training of enterprises (including enterprise leaders, informatization personnel and business personnel) and professional technical training of network security administrators.
Power generation enterprises have made great achievements in network security. The rate of software legalization, the utilization rate of self-developed software and domestic information systems are increasing year by year. Domestic network security protection equipment has also been widely used in enterprise networks. While power generation enterprises have made some achievements, they also need to fully recognize their own shortcomings. Many power generation enterprises think that power generation is their main business. They do not pay enough attention to enterprise informatization, and the investment of personnel and capital is very small. As a result, enterprise network security cannot be effectively guaranteed. Network security incidents occur from time to time, which is a loss for enterprises and the country.
To sum up, power generation enterprises should gradually improve and perfect the network information security work from the following aspects: enterprises should have independent information management departments, set up dedicated network security administrators, clarify the post security responsibility system, and establish information leading groups, information security working groups, bidding groups and other information work organizations; Regularly hold network security management work meetings to discuss and make decisions on enterprise informatization work and strengthen network security; Do a good job in enterprise network security planning, and formulate it according to annual, short-term and long-term plans. The overall strategy and overall plan (scheme) of information security work need to be improved, and will be constantly supplemented, adjusted and refined in future work; Incorporate information network security management into the annual work plan and performance appraisal of the enterprise; Regular information security training and publicity shall be carried out every year to make employees fully understand and understand the importance of network security to the enterprise; Divide clear division boundaries, and carry out division management according to production, management and other factors; Improve the enterprise network information security management system and implement it; Strengthen the management of LAN, WAN and external websites; According to the relevant requirements of the Ministry of Public Security and the superior departments, carry out the filing of information system security level protection, and conduct security risk assessment; Regularly carry out network security self-examination, and carry out relevant rectification according to the inspected problems. It is necessary to carry out network security self-examination and rectification regularly. Enterprises with conditions can invite high-level external expert groups to give guidance on security evaluation. Through these inspections, problems can be found in time, effective rectification can be carried out, and enterprise information network security can be guaranteed, It enables employees to improve production management and office efficiency through the information system; Regularly carry out information system data backup and recovery drills, further improve the enterprise's network and information security emergency management system, ensure that emergency resources are in place in a timely manner, further develop targeted and practical special emergency plans, and at the same time, the drills of the plans should be normalized; Set account locking time, account locking threshold, reset account locking counter and other security policies; The information system administrator needs to regularly check the patch updates, anti-virus software and anti malware software work logs; The password execution strategy needs to include: the password must meet the complexity requirements, the minimum password length, the short-term password service life, the long-term password service life, the mandatory password history, and the security strategy of storing passwords with recoverable encryption; The one-to-one relationship between each account and each person should be adopted as far as possible to avoid duplication of accounts and the existence of shared accounts, and redundant and expired accounts should be regularly checked and deleted in a timely manner; Realize the separation of privileges of privileged users of operating system and database system, and realize independent management of database accounts; Complete machine room access records and system safety maintenance inspection records shall be available; Perfect the construction of backup system; Enterprises should establish a long-term mechanism to ensure that the funds for information security construction and operation and maintenance are in place in time, so as to realize the normalization of funding; Increase investment in information security products and try to purchase security products from domestic manufacturers to reduce dependence on foreign products; Personnel working in information security posts and other sensitive posts must be well reviewed. Only qualified personnel can take the post. Once the personnel leave the post, they must sign a confidentiality commitment and their authority must be withdrawn in a timely manner; According to relevant national requirements, it is necessary to ensure that all computer products do not install the Windows 8 operating system, and take measures to stop security services for Windows XP; The security protection products take security measures such as white list, uninstalling applications irrelevant to work, and closing unnecessary services and ports.
No matter in which industry or field, security is the first, and network security is particularly important in power generation enterprises involving national security. Power generation enterprises should follow the principle of "who is in charge is responsible, who operates is responsible", clarify tasks, implement responsibilities, strengthen network security, and ensure the safe and stable operation of enterprise networks and information systems. Because electricity is an important part of the national energy industry, the principle of "no access to the Internet, no access to the Internet" must be followed. In short, the network security situation faced by power generation enterprises is complex and changeable, and there is still a long way to go.
reference
[1] Ronin A Preliminary Study on P2P Security [A]. Proceedings of the 17th National Computer Security Academic Exchange Conference and E-government Security Seminar [C]. 2002
[2] Zhu Chongguang, Yao Wang. Risk Assessment of Information Network Security of Procuratorial System [A]. Proceedings of the National Computer Security Academic Exchange Conference (Volume 22) [C]. 2007
[3] Zhu Xiuyang A Preliminary Study on the Information Network Security System of the Procuratorate's Private Network System [A]. Proceedings of the National Computer Security Academic Exchange Conference (Volume 22) [C]. 2007
[4] Zeng Dexian, Li Rui. Information Network Security System and Protection [A]. Proceedings of the 18th National Computer Security Academic Exchange Conference [C]. 2003
[5] Liu Wei, Liu Xin, Du Zhenhua. Research on new features of malicious code in China in 2010 [A]. Proceedings of the 26th National Computer Security Academic Exchange Conference [C]. 2011
