搜索
Procedia-SocialandBehavioralSciences,2014,Vol.45,pp.178-184StudyonSecurityStrategiesforInformationSystemsandInformationManagementRosenblad-WallinEDepartmentofConsumerTechnology,ChalmersUniversityofTechnology,Göteborg,Sweden.AbstractThisarticledescribesthecharacteristicsandstructureofinformationsystems,analyzesthesecurityofinformationsystems.Bysecurityconsiderationsofinformationsystems,securityrisks,securitymechanismstobuildsecureinformationsystemsderivedmeasures,andithasgreatpracticalsignificance.Keywords:informationsystems;informationmanagement;securityPolicy1InformationsystemInformationsystemsisaverycomplexsystemofmoderninformationresourcenetworkcomputersystemsandcommunicationssystemsisbased.Amongthem,thecomputeristhecoreofinformationsystems,softwareandhardwarecomponents,usedtocompletetheautomatedprocessingofinformation;communicationsystemconsistsofaworkstation,computernetworksandcommunicationnetworksconstitutedbyacomputerorbetweenthelineandthroughthelineandterminalequipmentbetweendatatransmission.Combinedwithcomputersystemsandcommunicationsystems,sothattheinformationtransmissionwithdynamic,randomandtransientcharacteristicssuchastheoccurrenceandtreatmentacrossgeographicbarrierstoachieveaglobalinterconnection.9majorfeatureisthesystemopeninformationsystems,resourcesharing,mediastoragedensity,dataexchangevisits,informationgatherbynatureconfidentialdifficulty,mediumremanenceeffect,electromagneticleakageresistance,communicationnetworksandothervulnerabilities.Obviously,thesecharacteristicsarecloselyrelatedtothesecurityofinformationsystems,determinestheinsecurityofinformationsystems.Thesecharacteristicsofitsinformationsystemssecurityposesapotentialdangerifthesecharacteristicsareutilized,systemresourceswillbeagreatlossto,orevenrelatedtotheorganizationofimportantsecrets.Therefore,strengthenthemanagementofinformationsystemshavegreatpracticalsignificance.2InformationSystemArchitectureInformationsystemisacomplextechnicalsystem,fromastructuralpointofviewdescriptionshouldincludeinfrastructure,architectureandbasicfunctionsofthreeparts,asshowninFig.1.Procedia-SocialandBehavioralSciences,2014,Vol.45,pp.178-184Fig.1InformationSystemArchitecture3ThesecurityofinformationsystemsInformationSystemsSecuritySecurityofinformationsystemsreferstopreventrunaccidentorvandalismofinformationsystems,ortheillegaluseofinformationresources,informationsystemssecuritymeasurestaken.Factorsassociatedwiththeinformationsystemsecuritymainlyinthefollowingsevenkinds:a.Naturalandirresistiblefactors:mainlyhazardsoffire,electricity,water,staticelectricity,dust,harmfulgases,earthquakes,lightning,strongmagneticfields,electromagneticpulsesandsocialviolenceorwar,etc.,someofthesehazardscandamagethesystemequipment,Thedatawillbedestroyed,andevendestroytheentiresystemanddata.Thesefactorswilldirectlyendangerthesecurityofinformationsystemsentities.b.Thehardwareandphysicalfactors:Referstoasecureenvironmentandareliablesystemhardware,includingsecurityroomfacilities,computermainbody,thestoragesystem,auxiliaryequipment,datacommunicationfacilities,andinformationstoragemedium.c.Electromagneticfactors:thecomputersystemanditscontrolofinformationanddatatransmissionchannel,inthecourseoftheirworkwillproduceelectromagneticradiation,inacertaingeographicrangeiseasilydetectedandreceivedbyaradioreceiver,whichmayresultininformationviaelectromagneticradiationleaks.Inaddition,thespaceelectromagneticsystemmayproduceelectromagneticinterference,affectingthenormaloperationofthesystem.d.Softwarefactors:illegaldeletion,duplicationandtheftsoftwarewillmakethesystemaloss,andmaycauseleaks.Computervirusisasoftwarenetworkintrusionsystemsasameansofdestruction.e.Datafactors:referstothedatainthestorageandtransmissionofinformationintheprocessofsecurity,whichisthemaincoreofcomputercrime,thatmustbethefocusofsecurityandconfidentiality.f.Humanandmanagementfactors:thequalityofthestaffinvolved,responsibility,andstrictadministrativesystemsandlawsandregulationstoprotectagainstthethreatofman-madefactorsProcedia-SocialandBehavioralSciences,2014,Vol.45,pp.178-184activesafetysystemsdirectlycaused.g.Otherfactors:referstosystemsecurityifthereareproblems,canminimizetheloss,theimpactislimitedtotheextentpermitted,toensurerapidandeffectiverecoveryofallfactorsthatthesystemisrunning.ThemainsafetyhazardsSystemsecurityrisksininformationsystemsfrequentlyoccurarethefollowing:a.Dataentryproblems:datainputdevicesintothesystem,theinputdataisvulnerabletotamperingoradulteration;b.Dataprocessingproblems:dataprocessingpartofthehardwarecaneasilybedestroyedortheft,andsusceptibletoelectromagneticinterferenceorbecauseofinformationleakagecausedbyelectromagneticradiation;c.Communicationlinesrisks:informationandcommunicationlinescaneasilybeinterceptedonthelinecaneasilybedestroyedortheft;d.Softwaresystemproblems:operatingsystems,databasesystemsandapplicationssoftwareandtheintegrityoftherelevantinformation,specificallyincludingsoftwaredevelopmentdisciplines,softwaresecuritytesting,softwaremodificationandreplication;e.Outputsystemproblem