| With the development of Information Society, human's living way, living style and living behavior are being changed gigantically. The public network information system as the infrastructure of Information Society has been developed and applied to various branches of national economy and all aspects of social life, becoming indispensable parts of important areas such as state affairs, economic construction etc and people's daily life, affecting and improving human life greatly. But the information system security problems that affect and damage the people's normal life are ubiquitous anytime at anywhere due to the inherent vulnerability of information system. The security problem of information system is the major threats or risks faced by the Information Society. Fortunately, many security problems of public network information system can be avoided by scientific security management, therefore, management measures must be researched thoroughly to secure the safety operation of information system and then assure the normal order of social activities accordingly.This dissertation deals with security problem of public network information system. Aimed at the threat faced by information system security and accorded to the relevant standards, laws and regulations, following aspects such as initiative protection, active responding, website monitoring and controlling, legal control are proposed. Initiative protection carries out security measures through information system rank protection, optimizes the allocation of resources and improves protection capability by researching the grading and testing of information system rank protection. However, the information security incident is unavoidable even in the information system protected by ranked protection and measures must be taken for active response. Active response is try to find and tackle information security incident in order to minimize the losses by monitoring and responding the information security incident combined with the formulation of contingency plan and joint action system. Because the technique and management problem, detrimental information may leak out onto the public network by breaking through the monitoring facilities of security incident. By researching the information content monitoring system to increase monitoring efficiency, detrimental information can be found quickly and tackled legitimately to stop the proliferation and prevalence. All above measures must under the control of laws and regulations and law is the strongest means to suppress and crack down on cyber crime. Present legal system is researched to seek for better support of laws on formulation and implementation of security management measures of information system and to keep watching cyber crime more efficient or crack down on cyber crime more severely in order to enhance the guarantee capability of information system security.Attention and innovativeness of this dissertation are concentrated on:(1) Information system rank protection is a kind of measurement to protect information system actively against security threat. Rank testing is a fundamental part of information system rank protection and the evaluating of testing results is related to judge whether the information system meet the requirements of relevant rank protection. Base on the correlation between the testing results and the requirements of information system security rank protection, a synthetic evaluation system is introduced by analyzing the quantitative results of multi-hierarchical gray correlation for the understanding and applying of the testing results.(2) The public network information security incident is inevitable and needs to be monitored and managed integrally. Relevant security organization, department or individual person are cooperated and coordinated to attend the disposal of information security incident for the purpose of initiative monitoring, struggling avoiding and active controlling. Based on the research of information incident monitor and emergency response system, a hierarchical multi-element fusion invasion detecting algorithm, a detrimental information filtering and alarming system on gateway level and a information security incident monitor and emergency response platform are proposed. The formulating principle and model of contingency plan and the functions and mechanisms of joint action system are introduced. The information security incident monitor and emergency response system is combined with the contingency plan and joint action system to tackle the public network information security incident together.(3) To heighten the effect of website inspecting, an information content safety monitoring system with limited searching scope and controlled cycle is introduced as a tool to inspect and supervise the information content of designated website on the public network. A proposed algorithm of parsing web division respectively based on regular expression raises the speed of extracting main text information from web pages. Concrete methods dealing with search results are introduced.(4) The function of laws and regulations to guarantee the information system security is studied. Considering the differences between cyber crime and computer crime, the concept that cyber crime is computer crime both in real society and virtual society is introduced and the computer crime is included by cyber crime. Some consummating suggestions are introduced according to the deficiency of existing laws in safeguarding information system security and controlling cyber crime in order to play a greater role of laws and regulations in safeguarding the public network information system security.
|
PDF Full Text Request