| As information technology and network technology, office automation system penetration, e-commerce and e-government progresses, a large number of electronic records generated Electronic records its vitality as indisputable record of human society, information transfer and retirement of the important tools, and the help of rapid development and wide application of information technology to become the present and future social mainly in the form of documents. The electronic documents had created a new archive form -- the electronic archives.Although electronic archives in China is not a new thing, its file workers already has more in-depth study, The characteristics also made in-depth discussions, but most of our organizations to electronic archives management, still take the traditional method of file protection, and its main target at the electronic archives vector physicochemical nature of the protection, As long as the protection of nondestructive vector information integrity can be protected, regardless of the objects, Technique is the guiding ideology is an evident simple. It is unable to adapt to the electronic archives special protection does not resolve the fundamental electronic archives and the various risks facing. Through the current industry archives the measures taken for analysis, found that the traditional management of the security measures there are five major constraints: blindness, non-systemic, low efficiency, and passivity and lack of institutional. These limitations exist, and no assurance that the current information technology-driven electronic file security.As a new form of archive, electronic archives in many aspects inherited the traditional nature of the vector archives, tasks, Track management methods, and therefore, the management of paper archives and traditional risk not leave, was almost full genetic down as a result of management errors resulted in the missing archives, leakage, retrieval does not come out, and the various natural and man-made damage, and so on, still exist, and the unique electronic archives of new risks, such as the authenticity of damage not read a flow phenomena, the rapid accumulation. It can be said that electronic archives management is the risk of traditional vector and electronic archives of the symbiotic risk or risk of superposition. Such risks of different characteristics are not a simple superposition of the cumulative volume, It will be complicated because of the relevance and impact of the germs, strengthen the new react to it, Electronic archives management risks naturally increased.Currently, the domestic and international risk management theory and practice the way to maturity, generally applied to many areas. Risk management practices refer to electronic file management, comprehensive, system to electronic archives management issues of comprehensive management, the establishment of a risk management system, rather than treating, problems piecemeal and shines territory.Risk management of electronic archives can bring two changes for archives sector. The first is to speed up the updating of knowledge. Due to historical and practical reasons, many workers haven't enough knowledge in the electronic archives, foreign language ability of a relatively weak lack of motivation to learn, professional knowledge of the aging phenomenon is very serious. Electronic archives of risk management can force workers to file more profound understanding of their own understanding of the defect, update their knowledge to meet the development. The second is to enhance the management level. Risk management is a management system, technical and management perfectly. In the Risk management, policy is the foundation, technology is the method, managing is the key. Risk management of electronic archives based on the current information technology, the full analysis to electronic archives management information technology, targeted for prevention through the system, including laws and regulations, standards and the establishment, strengthening to manage the workers and users, so as to ensure the largest electronic security archives.I believe that risk management of electronic archives is a thinking, have a theoretical value, as well as a systematic process of implementing its entire life cycle including risk identification, risk assessment and risk control. Electronic archives in risk management cycle every aspect of the error may have caused the delay in risk management and failures. Result in the loss of electronic archives its value.I think that information security risk management model construction for the risk management model of the electronic archives through analysis the overall risk management model, and clear risk management at all stages of the main objectives and tasks. Risk management of electronic archives is divided into three stages: risk identification, risk assessment and risk control. Each stage has its own mandate. Recognition of the risks to the value of electronic archives and related information to identify firm that clear to management the value targets. Through the management system loopholes in the monitoring systems and the possible threat of identification, to determine the input costs. Risk assessment is the basis of risk management at this stage to electronic archives facing the threat of vulnerability, the value of electronic archives and the three comprehensive role and the risks associated with the possibility of assessment ultimately determine the risk control measures.The risk control stage according to a risk assessment by the conclusions, the most reasonable control measures, to achieve archival value between input costs and maximize the benefits of. Risk control of electronic archives is the risk of electronic archives management is the ultimate objective. The three stages of risk management for electronic archives are linked together and dovetail closely, indispensable. Each stage will be the completion of the task for the next stage of the task laid a good foundation.Risk identification is one aspect of risk perception, electronic archives of the various risks, effective methods to inspect system, and better understand the types of risks, nature and possible risks consequences, Archives staff to enhance the identification of risks and perceptual abilities. The other is the analysis of risk events and the possible existence of the causes and potential risks inspected the situation, to ensure that electronic archives is integrity, authenticity, availability, accuracy, readability, confidentiality, effectiveness, contact, and all nature and transmissibility.Risk assessment model of the process, the authors address the following several major issues to consider:The first, Electronic archives to determine the protection aspect of what? direct and indirect value?The Second, the electronic archives which direct and facing a potential threat? Lead to threats of where does the problem lie? Threatened with the possibility of much?The third, the electronic archives which weakness may be use the threat? Use of the ease what?The fourth, the threat after the incident, how the organization will suffer loss or how to face the negative impact?Finally, organizations should take what measures can be taken to control the risk of loss to the minimum?When the archive worker through risk assessment has identified in the electronic archives management process risks pose a threat, it is necessary to adopt a system of security measures to control risks. Usually, we control the risk of the electronic archives use the following four methods: risk elusion, risk transfer, risk mitigation, risk recognition. Conduct risk control process to make flexible use of human, institutional and technical strategy. |
PDF Full Text Request