| With rapid development of enterprise information requirements, the open network information system of Sichuan Airline is becoming more and more huge and complex, and dangerous as well. How to construct, manage and evaluate the safety of information system and how to judge the safety actions of an information system have met the safety goal are urgent for information safety. The following items are emphasized in this article: 1. Features, technical protection mechanism, graded protection concept together with the close relationship clarification between human resource, technology and management. 2. Risk analysis to threat, Vulnerabilities points, comprehensive influence using the concept model of risk management put forward in CC standard are carried out. Feasible analysis and calculating method is given according to the engineering features. Based on the theory of graded protection, information domain of SCAL information network are divided as well according to the different safety grade of different data. 3. The essential nature of network communication under TCP/IP protocol environment are analysed based on the safety access control theory and the safety information flow control theory;the propagation features of worm in LAN are reasoned according to Markov process model. By combination of safety theories and SCAL network, the SCAL safety protection framework is given. 4. The division method of SCAL information network information safety domain and differed safety solutions for different safety domains are included in this essay as well. |
PDF Full Text Request