Administration For Industry And Commerce Application Research On Sensitive Information Security System

With the development of e-government, more and more government sectors useinformation systems to handle daily work affairs, such as common office system, businesssystem, electronic archiving system and so on. However, most of government departmentsonly focus on external security isolation on the security and protection of informationsystems, such as setting up a firewall, limiting into the internal network, and etc, but internalproblems, which are sensitive information disclosure due to improper operation or deliberatestealing, are often neglected.The current authentication method of e-government system is generally "account andpassword", users get permission to operate system through the mutua l matches betweenaccount and password. For this conventional authentication method, once user’s account andpassword are stolen, system security protection will be easy to lost completely, securityproblems that cause from here cannot be ignored. Using the enterprise electric informationmanaged in industrial and commercial sectors as an example, once sensitive contents ininformation are leaked, it will not only affect organizational credibility and image, but evenmore serious is that it will bring great troubles to entity. The electronic key can effectivelyremedy the defect of this conventional authentication with "account and password". Eachelectronic key has a hardware ID number, which is unique and unrepeatable, due to thisphysical characteristic, electronic key become a user’s identification in the digital worldwhich cannot be easily counterfeited.Based on the above findings, this paper presents the design and implementation aboutsecurity and protection system of enterprise sensitive informatio n for industrial andcommercial sectors. Researches are from security monitoring precaution for commonrevealing pathway, such as usual e-mail management, FTP sharing management, electronicdocuments management, external removable storage and so on, on the basis of conventionalauthentication of simple account plus password, as well as cooperate with electronic key’sfunctions of personal identity authentication and e-signature, in order to minimize therevealing risks of enterprises’ data which are filed in the industrial and commercial sectors.Double-insurance mechanism is formed by means of "account and password" and electronic key. If necessary, revealing sources and accountabilities can be traced according tomonitoring records and loggings.