Home > other >  The understanding of information security
The understanding of information security

Time:09-27

In the face of the rapid development of modern information technology, information security is faced with severe situation, national informatization expert advisory committee QuCheng just stand at the height of the global, and deeply analyze the four characteristics of the information security and the difficulty, pointed out that the information security should be to create four kinds of ability and the "six", and starting from the top-level design of information security, summed up the four global strategies,

A, the information security to create "four abilities"

1. To build the perfect information security infrastructure, provide public information security support ability: such as established by the digital certification, safety evaluation, network monitoring, event notification, emergency support, disaster recovery, public opinion management and other basic information security support platform and supporting system,

2. Improving the capacity of information security protection and against: information security attack and prevention is a process, in the early warning, monitoring, protection, restoration and counter process each link such as to take effective countermeasures, will work,

3. To build the network of disaster emergency disaster emergency and ability: when network suddenly disaster comes, to start the emergency early warning, and take the disaster recovery mechanism, even if the destruction in the system, also can be used in long-distance real-time information system, maintain the sustainability of the business,

4. Strengthening the management of information security control ability: because of the complexity of the information system and the diversity of use behavior, technology alone is not fully effective, must use the means of management control, combination, so the countermeasures of information security technology and management means and,

Second, information security to safeguard information and its services with "six"

The "six" include: information "confidential", "integrity" of information, system and service "availability", information content and the main body behavior "verifiable", "authenticity" of the identity of the subject and object, main body behavior and the information content of "control",

Three, determined to promote the global information security countermeasures

1. The level of implementation of information security protection system

In the information security investment (money, manpower, assets, etc.) and the system can bear for science of balance between the minimum risk, protect the country, in the best interest of the society,

2. The construction of network information system of "information security guarantee system"

According to the information system security level, according to the national standards and specifications are published, in based on the analysis of the information system security requirements, build or adjust the information security of the network information system security system, focus on the following: (1) the design of network defense in depth system, scientific division of security domain and security boundary of effective isolation; (2) the network dynamic protection mechanism design, the security mechanism can effectively in the process of whole life cycle of security against the synergy and confrontation; (3) the construction of good online trust system based on password technology, including identity authentication, authorization management and responsibility identification, and (4) strengthen the internal audit, from the network level, database level, system level, the global audit of host level and medium level, and gradually make the reach audit point; (5) good construction of information system of information security management system (ISMS), follow the PDCA model, constantly optimize the ISMS,

3. Deal with the risk assessment of information security evaluation work

In view of the network information system is a complex giant system, its detection and information security risk assessment is a "system project", at the same time, attaches great importance to cultivate the ability to assess to focus through professional third party commissioned assessment (administrative examination evaluation or service), instant found hidden dangers and take countermeasures to adjust system, enhance strength, and the security level of the identified match,
  • Related