【作者】 王春元；

【导师】 杨善林； 周永务；

【作者基本信息】 合肥工业大学 ， 管理科学与工程， 2009， 博士

【摘要】 随着信息社会的发展,人类的生存方式、生活方式和行为方式正发生着巨大的变化。公共网络信息系统作为信息社会的基础性设施,已发展应用到国民经济的各个领域和社会生活的各个方面,成为国家事务、经济建设等重要领域和人们日常生活必不可少的组成部分,深深地影响并改善着人们的生活。但是,公共网络信息系统本身所固有的脆弱性使得信息系统安全问题无处不有、无时不在,人们的生产生活秩序也随之受到影响或破坏,信息系统安全问题也因此成为信息社会所面临的重要威胁。好在多数公共网络信息系统安全问题是可以通过科学的安全管理来避免的,因此,有必要深入研究信息系统安全管理问题以保证信息系统安全运行,从而保证社会活动的正常有序。本文围绕公共网络信息系统安全问题,针对信息系统安全所面临的威胁,依据相关标准和法律法规,从主动预防、积极应对、巡查防控和法律控制等几个方面来研究公共网络信息系统安全管理问题。主动预防是通过信息系统安全等级保护来落实各项安全措施,通过研究信息系统安全等级保护的定级和测评来优化资源配置和全面提升系统防护能力。但是,实施了安全等级保护的信息系统难免也会发生信息安全事件,需要采取措施积极应对。通过对信息安全事件的监测和响应,结合应急预案和应急联动体系,力争及早发现和及时处置信息安全事件,将信息安全事件造成的损失降到最小。由于技术或管理的原因,一些违法信息会躲过安全事件监测设备的监管而出现在公共网络上。通过对信息内容安全巡查系统的研究来提高巡查效率,及时发现网上违法信息并进行合理的处置,防止和控制这些信息在公共网络上的扩散和传播。以上对信息系统实行安全等级保护、对信息安全事件的监测响应以及对网上违法信息的巡查防控等安全管理措施都需要依据有关法律法规的规定,同时,法律控制还是遏制和打击网络犯罪最强有力的手段。通过对现有法律体系的研究为制定实施信息系统安全管理措施寻求更好的法律依据,对网络违法犯罪活动进行更有效防范和更严厉打击,从而进一步提高信息系统安全保障能力。本文的主要研究工作及创新点有:(1)信息系统安全等级保护是主动防御信息系统安全威胁一种措施。等级测评是信息系统安全等级保护工作的一个基本组成部分,测评结果的评价关系到评判信息系统能否满足相应安全保护等级的要求。基于测评结果与信息系统安全等级保护要求之间的关系是灰色的,提出对信息系统安全等级保护工作的测评结果以灰关联方法进行量化分析,设计了一种信息安全等级测评结果的综合评价体系,用于对测评结果的理解和使用。(2)公共网络信息安全事件是难以避免的,需要从整体上统一进行监测和管理,组织协调有关信息安全单位或个人参与应对信息安全事件,做到主动监测、努力规避和积极控制。为此研究了信息安全事件监测和响应系统,提出了层次化多元素融合入侵检测算法、网关级有害信息过滤报警系统、安全事件监测与应急响应平台。给出了应急预案的制定原则和编制模式,确定了应急联动体系应具备的功能和工作机制,将信息安全事件监测响应平台与信息安全事件应急预案和应急联动体系相结合共同应对公共网络信息安全事件。(3)为提高网上搜索巡查效果,研究提出了信息内容安全巡查系统,巡查范围可限且巡查周期可控,为公共网络上指定网站的信息内容安全提供了一种监督检查手段。提出的基于正则表达式分层处理的启发式算法提高了抽取网页主要文本信息的速度。对搜索巡查结果提出了具体的处理措施。(4)研究了法律法规在保障信息系统安全管理上的作用,根据网络犯罪的特点及其与计算机犯罪的不同之处,提出网络犯罪是现实和“虚拟”两个社会中的计算机犯罪的概念,将原有的计算机犯罪纳入到网络犯罪的范畴。针对现有法律法规在信息系统安全保障和网络犯罪控制问题上的不足,提出了完善现有法律的建议,以便更好地发挥法律法规在保障公共网络信息系统安全上的重要作用。更多还原

【Abstract】 With the development of Information Society, human’s living way, living style and living behavior are being changed gigantically. The public network information system as the infrastructure of Information Society has been developed and applied to various branches of national economy and all aspects of social life, becoming indispensable parts of important areas such as state affairs, economic construction etc and people’s daily life, affecting and improving human life greatly. But the information system security problems that affect and damage the people’s normal life are ubiquitous anytime at anywhere due to the inherent vulnerability of information system. The security problem of information system is the major threats or risks faced by the Information Society. Fortunately, many security problems of public network information system can be avoided by scientific security management, therefore, management measures must be researched thoroughly to secure the safety operation of information system and then assure the normal order of social activities accordingly.This dissertation deals with security problem of public network information system. Aimed at the threat faced by information system security and accorded to the relevant standards, laws and regulations, following aspects such as initiative protection, active responding, website monitoring and controlling, legal control are proposed. Initiative protection carries out security measures through information system rank protection, optimizes the allocation of resources and improves protection capability by researching the grading and testing of information system rank protection. However, the information security incident is unavoidable even in the information system protected by ranked protection and measures must be taken for active response. Active response is try to find and tackle information security incident in order to minimize the losses by monitoring and responding the information security incident combined with the formulation of contingency plan and joint action system. Because the technique and management problem, detrimental information may leak out onto the public network by breaking through the monitoring facilities of security incident. By researching the information content monitoring system to increase monitoring efficiency, detrimental information can be found quickly and tackled legitimately to stop the proliferation and prevalence. All above measures must under the control of laws and regulations and law is the strongest means to suppress and crack down on cyber crime. Present legal system is researched to seek for better support of laws on formulation and implementation of security management measures of information system and to keep watching cyber crime more efficient or crack down on cyber crime more severely in order to enhance the guarantee capability of information system security.Attention and innovativeness of this dissertation are concentrated on:(1) Information system rank protection is a kind of measurement to protect information system actively against security threat. Rank testing is a fundamental part of information system rank protection and the evaluating of testing results is related to judge whether the information system meet the requirements of relevant rank protection. Base on the correlation between the testing results and the requirements of information system security rank protection, a synthetic evaluation system is introduced by analyzing the quantitative results of multi-hierarchical gray correlation for the understanding and applying of the testing results.(2) The public network information security incident is inevitable and needs to be monitored and managed integrally. Relevant security organization, department or individual person are cooperated and coordinated to attend the disposal of information security incident for the purpose of initiative monitoring, struggling avoiding and active controlling. Based on the research of information incident monitor and emergency response system, a hierarchical multi-element fusion invasion detecting algorithm, a detrimental information filtering and alarming system on gateway level and a information security incident monitor and emergency response platform are proposed. The formulating principle and model of contingency plan and the functions and mechanisms of joint action system are introduced. The information security incident monitor and emergency response system is combined with the contingency plan and joint action system to tackle the public network information security incident together.(3) To heighten the effect of website inspecting, an information content safety monitoring system with limited searching scope and controlled cycle is introduced as a tool to inspect and supervise the information content of designated website on the public network. A proposed algorithm of parsing web division respectively based on regular expression raises the speed of extracting main text information from web pages. Concrete methods dealing with search results are introduced.(4) The function of laws and regulations to guarantee the information system security is studied. Considering the differences between cyber crime and computer crime, the concept that cyber crime is computer crime both in real society and virtual society is introduced and the computer crime is included by cyber crime. Some consummating suggestions are introduced according to the deficiency of existing laws in safeguarding information system security and controlling cyber crime in order to play a greater role of laws and regulations in safeguarding the public network information system security.更多还原