| With the swift development in computer technology and its related fields, Electronic Government Affairs (known as EGA) has played an essential role in government working process. It is no exaggeration to say that the lack of electronic information technology or EGA malfunction due to security problems might lead to the government working disability, which subsequently brings about considerable negative influence over local economic development. Therefore, it is in time and necessary that we make a research on the issue of EGA security protection. In light of this, this thesis assumes some possible solutions and approaches concerning EGA security protection.There are several small and large objectives of a security program, but the main three principles in all programs are confidentiality, integrity, and availability. These are referred to as the CIA triad. The level of security required to accomplish these principles differs per system because their security goals and requirements may be different. All security controls, mechanisms, and safeguards are implemented to provide one or more of these principles and all risks, threats, and vulnerabilities are measured in their potential capability to compromise one or all of the CIA principles.Availability means the systems and networks should provide adequate capacity in order to perform in the predictable manner with the acceptable level ofperformance. Integrity is upheld when the assurance of accuracy and relibbility of information ans systems is provided,and unauthorized modification of data is preventd.Confidentiality provides the ability to ensure that the necessary level of secrecy is enforced at each junction of data processing and prevention of unauthorized disclosure.The first two parts of this thesis consist of the foreword, design objectives and EGA security building backgrounds. To realize the virtual construction of EGA security protection, the 3th part puts forward ISSE approach according to the present EGA security protection status of the Industry and Commerce Bureau in XX city. The following 4th part sets forth the general concept of information security. Then the 5th and 6th part not only generalize the rationale of Information Assurance Technical Framework (known as IATF), but also adopt the IATF-based PNE approach to complete the risk and requirement analyses in EGA system. Based on IATF multi-defense mechanism, the 8th part raises a detailed security plan for EGA system of the Industry and Commerce Bureau in XX city, In terms of protection for the web and infrastructure, zone border and external connection, the computational circumstance and back-up for infrastructure facilities. Meanwhile the thesis also goes to great length on the secret-key management system and SSO login system together with elaboration on the sub-part design notion and principle. At the thesis ending a brief summary of EGA security solution plan is offered accompanied by the general procedures and approaches pertaining to the EGA system security.
|
PDF Full Text Request