| Information system has been an important resource with its fast development, and information system security is more and more paid attention to. With the security threats of information system and security input growing day by day, it becomes practical and urgent to make security research on information system.Only when enterprises know their requirements on information system security, can they make better plans and implement their information system security work, even informationlization construction. Only when security facility and service providers understand the demand of object enterprises, can they provide better products and service. So the first step for information system security construction is to define the security demand of the information system at present or future.This thesis starts with study on the relationship between information-based degree and security demand level, exploring a new information system security analytical method, that is through quantitative description on enterprises' information-based degree to achieve information system security demands rank and structures. It has been tried out and examined with cases in the text.This thesis introduces "enterprise informationization degree" studied by national informationization assessing center, which is the relatively advanced scheme existing to appraise system. In this article, their three kinds of index, especially "basic index", have been carried on innovation, and the index of enterprise' s information-based degree quantitative analysis and computing technology has been improved.Because the research on enterprise information system security requirement is in its early stage, there is not quantitative analytical method of security demand. Author founds the theory of " Information System Security Requirements Level (ISSRL)", on the basis of his engineering practice. In this thesis, he defines the concept of ISSRL, and set up a whole set of ISSRL index and computing method. The value of ISRRL is not merely the quantitative description of the present enterprise information system security requirement, but also an index to deduce the qualitative analysis of present information system security requirements: security requirements rank and structure. This thesis announces the relationship between information-based degree and security requirements, describes their relation and variation tendencies. The conclusion is as followed: a) ISSRL always increases with improvement of the information-based degree.b) When information-based degree improve from low stage to higher one stage, ISSRL will jumpily increase.c) When information-based degrees rise, and after just entering higher one stage from lower stage, ISSRL will increase remarkably with higher speed.This thesis builds corresponding mathematics models as the practical tools for the project practice. In I-ISSRL model, I-ISSRL is a curve crossing the origin; Its slope is always a positive number; It is a Segmentation function, discontinuous, and its segment to click lies in the boundary between the lower information-based degree stage and higher one; I-ISSRL curve's slope in segmenting some nearby areas increases. Using this model, the enterprise can solve the corresponding ISRRL value by calculate the information-based degree value in the present stage or in the future, and deduce Its concrete information system security requirements rank and structure.
|
PDF Full Text Request