【作者】 苏骏；

【导师】 张浩；

【作者基本信息】 武汉理工大学 ， 信息管理与信息系统， 2008， 硕士

【摘要】 信息系统的安全性是一个系统的问题,以往的经验教训表明,不考虑建立安全标准体系,往往会造成整体功能不完备、存在薄弱环节、部件功能重复、效率低下、评估困难、不适应需求和技术变化、互操作困难等问题。随着计算机信息系统规模的不断扩大和信息安全技术的不断发展,为了加强计算机信息系统安全体系的设计、开发、使用、评估和管理,需要对计算机信息系统安全体系进行系统化的认识和规范化的建设,因此必须建立统一的计算机信息系统安全体系模型和实施标准,规范计算机信息系统的安全体系建设,构筑我国计算机信息系统安全防范体系。本文介绍了信息系统安全体系结构的概念由来及研究现状,并研究了信息系统安全体系结构的构成要素,以及当前流行的安全体系结构及相关理论,并分析其优劣势,讨论不同类型信息系统安全体系结构的特征,并研究了信息系统安全体系结构的构成要素;在安全体系模型的基础上,提出了基于网络的安全策略、基于主机的安全策略、基于设施的安全策略、基于安全事件的安全策略等定义。阐述了如何从系统层面上解决安全问题,即必须从体系结构的层面上全面的、考虑问题。设计了一个信息系统安全体系模型,通过实证对本模型的实用性进行验证。针对计算机信息系统安全体系模型和实施标准的不足,本文的创新主要集中在:(1)设计了一个信息系统安全体系模型,通过建立安全策略层、管理层、技术层、培训层来实现安全体系各层次的要素。它是基于P2DR模型的,将安全策略、安全管理、安全技术和安全培训共同结合到一个动态的模型中,并且它们分别是该模型的四个层次。从系统的角度上构建了一套完善的信息系统的安全体系。(2)通过实证对本模型的实用性进行验证,得出本模型在具体系统中应用的有效性。信息时代建立信息系统的安全体系对任何一个企业来讲有着至关重要的战略意义。信息系统安全一个永久性的问题,只有通过不断的改进和完善安全手段,才能保证系统的正常运行,才能提高系统的可靠性。更多还原

【Abstract】 The security of the information system is a matter of system, past experience and lessons indicate that if not considering establishing the system of safety standard of information system, it will often cause such problems as incompleteness of the whole function, some weakness parts, redundant of part function, low efficiency, difficultly assessing, not adapting demand and technology change, difficultly operating each other. With the constant enlargement of the scale of computer information system and constant development of the information security technology, in order to strengthen the design, development, use, assessment and management of the security system of computer information system, the security system of computer information system should be systematized understood and be carried on standardized construction. Therefore, it is necessary to set up the unified security system model of computer information system and implementation standard, standardize the security system construction of the computer information system, and then build the security counter measures system of computer information system in our country.The thesis having introduced the concept origins and research current situations of the security system structure of information system; On the basis of security system model, having proposed such definitions as security tactics based on internet, facility and host computer tactics; Having explained how to solve safe problem from systematic aspect, that is to comprehensively consider the problem from system structure. Having discussed the characteristic of the security system structure of different kinds of information systems, having analyzed the key component element of the security system structure of information system. Having introduced present and popular security system structure and relevant theories in detail, have analyzed its strength and weakness, having designed a security system model and the validity that a model uses in a system.For the deficiency of security system model of computer information system and implementation standard, the work that this thesis does is concentrated on mainly: (1) Having designed a security system model in common use that is based on building security tactics layer, administration layer, technology layer and training layer. It is based on P2DR model, and integrates four layers including security tactic, security management, security technology and security training into a dynamic model. Building a set of well-running information security system from systematic angle.(2) Having proved the usability of the security system model in common use through doing case study and the validity that a model uses in a system.In information age, it has essential strategic meanings for any enterprise to establish the system of security of the information system. The security of information system is a permanent matter. Only the security measure is continuously improved, can the running of the security system keep normal and the dependability of system be improved.更多还原