| It is valuable as a wealth of information, through which all activities in the human life. Information system is an organic which constitutes the information collection and processing methodologies, processes, technologies based on certain rules. It is open Internet applications management system based the computer and data communications network, is information collection, storage, processing, analysis and transmission tool. With the development of information technology in particular the network technology, it makes information systems facing many security risks, which network has openness, connectivity and freedom, and other characteristics. So it is more and more important that meet security needs of information systems and information throughout the confidentiality, authenticity, accessibility and controllability, and information systems security has become a worldwide concern and research focus and attention to difficult problems. The thesis studied the security of information systems, researching and analyzing the security assurance system model of information systems.The security theory and practice of information systems development is progressing, and it develops from earlier confidential communications to the attention of information confidentiality, integrity, availability, controllability and undeniableness, and further to today's information security assurance and information security assurance systems. The thesis analyzed and compared the typical security models, such as the ISO security architecture models, P2DR and its derivative models, and so on. The ISO security architecture model has good guidance but too abstract, P2DR model has good practice guidance, emphasizing the importance of time and is dynamic and self-adaptive, but it doesn't has the consideration of man's importance and is short of management. On the contrary, this thesis presents an brand-new information system security assurance system model that should be based on the security strategy, people as the acting role, security technology as the body to support the implementation of security engineering system, safety management as a means to the relevant standards, laws and regulations as a guarantee, roundly and effectively to protect information systems security. These elements of the system are not isolated discrete, but complementary to each other and are mutually blend together for the role of information systems security. Next, the thesis analyzed and studied the factors of the assurance security system model one by one from within this field to the verge. |
PDF Full Text Request