A Study Of Digital Library Information Security Risk Management Based On Case Implementation

With the development of networking and digitalization,digital library construction at home and abroad has made remarkable achievements.But compared with the traditional library,digital library has more information security risks in the operation.Only to recognize the information security risk,and then take effective information security risk management measures,can minimize lose which these risks may cause,so that it can improve the comprehensive benefit and the management level of digital library.Therefore,the study of the digital library information security is now shifting from the information security technology level to the risk management level.At present,the research of digital library information security risk management has been more and more,but concrete application in practice is still few.The case study is a mature method.Through case analysis,the satus in quo and common problems can be summarized.At present,there are few digital libraries which have implemented information security risk management.So combined with case study,this paper adopts the method of case implementation to apply the digital library information security risk management framework to the actual application in different types of digital libraries,and do the case analysis,so as to find some common problems existing in the digital library information security risk management.The key steps of digital library information security risk management include risk assessment and risk control.The key steps of risk assessment include assets assessment,threat assessment,vulnerability assessment and risk grade calculation model.Firstly,this paper introduces digital library information security risk management research status at home and abroad,and finds that the risk management of digital library research stays in theory research stage and the specific case implementation is few.Secondly,in this paper,the methods of all the key steps in the risk management process are summarized.Suitable methods chosen from existing methods for case implementation,integrates the paper's digital library information security risk management framework.Thirdly,this paper chooses three representative digital libraries as typical case implementation objects,from the type of public library,the type of university digital library and the type of both the university library and public digital library.Meanwhile,this paper shows the process and results of case implementation.Finally,based on the case implementation results of three digital libraries'information security risk management,this paper compares those digital libraries' results of assets assessment,threat assessment,vulnerability assessment,risk level and risk control measures recommendedation,and summarizes the similarities and differences in different types of digital libraries from the value of the asset,threat level,vulnerability level and so on.At the same time,this article compares case implementation process with information security risk management's case implementation of other industries,and finds the integration of the digital library information security risk management framework in this paper can control time during implementing,and don't brings the burden on the time and manpower to digital library.Also this paper finds the whole digital library information security risk level is in the medium,but there are still a number of unacceptable risks.Digital library in the information security risk management work should pay attention to the cultivation of librarians' information security,strengthen the password control,access control,and information security,business continuity management in order to enhance the digital library information security risk management.