节点文献
电子政务系统信息安全风险评估研究
The Research of Information Safety Risk Evaluation about Electron-Government-Affair
【作者】 李煜川;
【导师】 项文新;
【作者基本信息】 苏州大学 , 情报学, 2011, 硕士
【副题名】以数字档案馆为例
【摘要】 电子政务系统实现了政府组织结构和工作流程的优化,提高政府在行政、经济和服务方面的效率,但同时也面临着来自自然环境、物理环境和社会环境等方面的安全风险。电子政务系统一旦出现问题,就会对政府部门和社会公众产生危害,严重的还将对国家安全产生威胁,因此保障电子政务系统安全具有重大意义。信息安全风险评估作为判定信息系统安全风险的重要手段,在电子政务信息安全保障体系建设中发挥重要作用。论文首先分析电子政务系统所面临的安全风险,介绍针对电子政务系统信息安全风险评估的评估要素、评估形式和评估步骤等。重点研究了目前风险评估的常用方法,如OCTAVE、SSE-CMM、FAT、AHP等,在比较的基础之上提出了针对电子政务系统评估的方法和评估模型。论文以某市数字档案馆作为信息安全风险评估的对象,并且以OCTAVE模型来评估系统,同时把风险评估辅助软件应用到数字档案馆评估中,这样可以使评估结果更准确、减轻评估人员的负担。对数字档案馆风险评估实际操作流程为:进行资产评估、威胁评估和脆弱性评估。得出哪些是重要信息资产,关键资产面临什么样的威胁,其业务的开展怎样依赖这些资产,如果泄密会给组织带来多大的损失,在此基础上给出资产、威胁、脆弱性的赋值标准和风险等级判断准则,列出不同等级的保护。最后划定出风险值的大小,从而实现对数字档案馆的安全风险识别。
【Abstract】 Electron government affair realized the organization of government,optimized the flow of job,and improved the efficiency about administration, economy and service .There are some risk from element, physics and society. Risk evaluation is one of the most important content about security risk,and plays a very important role in the establish process of information safety.Firstly, this paper summarize the actuality and problem about electron government affair information system safety risk evaluation, analyzed the content and characteristic of the electron government affair information system, consult some rule of law, listed the factor and process of electron government affair information system risk evaluation.Secondly, introduced the mode and way about information safety risk evaluation, about OCTAVE、SSE-CMM、FAT、AHP etc,considering the electron-government-affair is a complicated network system, take digital archives of one city for example, as the information-safety risk-evaluation role,so it is very exact.Thirdly, we carry through asset evaluation, threat evaluation and frangibility evaluation about digital archives system, to get which is important information asset, what is the threat, how to rely on this asset, what is the loss if blow the gaff and bring forward the estimation rule about asset, threat and frangibility, list all kinds of safeguard. At last,combine practice and take numeric archives information safety risk evaluation of a city for example, evaluate the bulk about risk, wish this paper have some value to electron government affair information safety risk evaluation.
【Key words】 electron-government-affair; information-safety; risk-evaluation; Digital Archives; OCTAVE;