Research on Assessment Model of Information System Security Based on Various Security Factors

With the rapid development of network technology, the meaning of layers and attributes in respect of information system security must be extended based on the understanding of the concept of information system security. The layering model (LM) of information system security and the five-attribute model (FAM) based on security factors were put forward to perfect the description and modeling of the information system security framework. An effective framework system of risk calculation and assessment was proposed, which is based on FAM.

Neuro-Computing Applications in Security of Network Information Systems

Currently computing information systems have entered a new stage and the security of systems is more and more serious, and the research on system security is developing in depth. This paper discusses neuro-computing applications in security of network information systems.

Application of VPN Technique in the Construction of Public Health Information System

Summary： Data communication and sharing of five level network of Public Health Information System, i.e. nation, province, district （city）, county, and town, as far as to the countryside level were described, and how to apply the three solutions, i.e. Access VPN, Intranet VPN, and Extranet VPN of VPN technique to achieve the appropriation of the public network was also presented.

Security-Critical Components Recognition Algorithm for Complex Heterogeneous Information Systems

With the skyrocketing development of technologies,there are many issues in information security quantitative evaluation(ISQE)of complex heterogeneous information systems(CHISs).The development of CHIS calls for an ISQE model based on security-critical components to improve the efficiency of system security evaluation urgently.In this paper,we summarize the implication of critical components in different filed and propose a recognition algorithm of security-critical components based on threat attack tree to support the ISQE process.The evaluation model establishes a framework for ISQE of CHISs that are updated iteratively.Firstly,with the support of asset identification and topology data,we sort the security importance of each asset based on the threat attack tree and obtain the security-critical components(set)of the CHIS.Then,we build the evaluation indicator tree of the evaluation target and propose an ISQE algorithm based on the coefficient of variation to calculate the security quality value of the CHIS.Moreover,we present a novel indicator measurement uncertainty aiming to better supervise the performance of the proposed model.Simulation results show the advantages of the proposed algorithm in the evaluation of CHISs.

Information Systems Security Threats and Vulnerabilities: A Case of the Institute of Accountancy Arusha (IAA)

All modern computer users need to be concerned about information system security (individuals and organisations). Many businesses established various security structures to protect information system security from harmful occurrences by implementing security procedures, processes, policies, and information system security organisational structures to ensure data security. Despite all the precautions, information security remains a disaster in Tanzania’s learning institutions. The fundamental issue appears to be a lack of awareness of crucial information security factors. Various companies have different security issues due to differences in ICT infrastructure, implementations, and usage. The study focuses on identifying information system security threats and vulnerabilities in public higher learning institutions in Tanzania, particularly the Institute of Accountancy Arusha (IAA). The study involved all employees of IAA, academics, and other supporting staff, which totalled 302, and the sample size was 170. The study utilised a descriptive research design, where the quantitative methodology was used through a five-point Likert scale questionnaire, and found that key factors that affect the security of information systems at IAA include human factors, policy-related issues, work environment and demographic factors. The study proposed regular awareness and training programs;an increase in women’s awareness of information system security;proper policy creation and reviews every 4 years;promote actions that lessen information system security threats and vulnerabilities, and the creation of information system security policy documents independently from ICT policy.

Implementation of a Comprehensive Information Management Platform for Public Security Based on Java Technology

Due to the rapid development of electronic information technology,the development of Internet technology and system software development technology has become more and more common.Especially,along with the development of public security,there are more and more provisions for standard administrative department management system,improving office efficiency and enhancing decision encouragement.Therefore,it is of great practical value to design and complete a comprehensive public security business information system.Based on java technology,this paper designs and builds a comprehensive information management platform for public security through the analysis of comprehensive public security business,and also gets good feedback during the actual test,which confirms the feasibility of the system.

Cybersecurity Requirements for Management Information Systems

Cybersecurity is therefore one of the most important elements of security in developed countries. Especially since there is an overall trend towards cybersecurity in all aspects of life, I have found that the idea of cybersecurity is based on protecting critical facilities: The nation’s information infrastructure. Information systems, including e-government management systems, are managed by key state agencies. As with economic, scientific, commercial, and other systems, threats are threats to a nation’s national security. We have therefore found that many countries are preparing institutions capable of integrating cybersecurity into protection, development, and information security. This concept has become the most important concern of developed countries, which have secured all scientific possibilities and systems to achieve it. The electronic information network has become an integral part of today’s daily lives in all places. In addition to personal uses, digital information is used, processed, stored, and shared. As this information increases and spreads, we have found that its protection has become more vital and has an effective impact on national security and technical progress.

Geographical Information System-Based Assessment of Ecological Security in Changbai Mountain Region

Ecological security defined as the creation of a condition where the physical surroundings of a community provide for the needs of its inhabitants without diminishing its natural stock,which is important for regional security and social stability.In recent years,land use patterns in the Changbai Mountain region have changed significantly with intensive human activities,and consequently led to increasing problems in regional ecological security.Based on the Pressure-State-Impact-Response(PSIR) model and the mathematical method of catastrophe progression supported by geographical information system(GIS),the ecological security situation of the study area under land use and cover change(LUCC) was evaluated.The results indicated that the ecological security in Changbai Mountain region varied nonlinearly,which got better from 1990 to 2000 but became worse from 2000 to 2007,the ecological security levels in Changbai Mountain region were mainly medium and medium to low during the past 17 years,with higher values of Ecological Security Index(ESI) in the central region and lower values in the east and west,the ecological security situation was more serious in the settlements and river valleys,where the LUCC was most remarkable.

Investment strategy analysis of information system security in consideration of attackers

In order to solve the problem of howa firm makes an optimal choice in developing information systems when faced with the following three modes: development by its own efforts, outsourcing them to a managed security service provider( MSSP) and cooperating with the MSSP, the firm 's optimal investment strategies are discussed by modeling and analyzing the maximum expected utility in the above cases under the condition that the firm plays games with an attacker.The results showthat the best choice for a firm is determined by the reasonable range of the cooperative development coefficient and applicable conditions. When the cooperative development coefficient is large, it is more rational for the firm to cooperate with the MSSP to develop the information system. When the cooperative development coefficient is small, it is more rational for the firm to develop the information system by its own efforts. It also shows that the attacker's maximum expected utility increases with the increase in the attacker 's breach probability and cost coefficient when the cooperative development coefficient is small. On the contrary, it decreases when the cooperative development coefficient is large.

Construction of Public Security Risk Governance System under the View of Risk Society Theory

With the development of economy,China has to fight against the increasing public security risk. The theory of risk society points out that the traditional system of hierarchical management should be transformed into the governance system led by government and participated in by multiple parties to avoid and reduce risk in modern society. In order to achieve modernization of the national governance system and capacity,we have to deal with these two important subjects,that is,what can we learn from the Western risk society theory and how to establish a scientific and efficient public security risk management system based on the characteristics of modern public security risk.

Research on the Construction of Safety Guarantee System for Police Technical and Tactical Training in Public Security Colleg

The security system for police technical and tactical training in public security colleges in China is mainly composed of seven security guarantee systems: management organization, safety education, laws and regulations, training control, site equipment, safety supervision and emergency plan, scienti??cally and rationally constructing a security system in relevant public security colleges. This paper has carried out a comprehensive research on Hebei Vocational College of Public Security Police, and provided corresponding safety theory and guarantee for the security protection of the college during the police training period.

Research on Mobile-Based Logistics Information System for Hainan Agricultural Products

The current situation,information technology and problems of logistics for agricultural products were summarized.Some key technologies involved in mobilebased logistics information system for Hainan agricultural products were analyzed,such as information classification and retrieval,user information authentication via QR code,and logistics information services based on WEB and mobile devices.Emphasis was given to study the design idea,content,method for the system.

Developing a Geological Management Information System: National Important Mining Zone Database

Geo-data is a foundation for the prediction and assessment of ore resources, so managing and making full use of those data, including geography database, geology database, mineral deposits database, aeromagnetics database, gravity database, geochemistry database and remote sensing database, is very significant. We developed national important mining zone database （NIMZDB） to manage 14 national important mining zone databases to support a new round prediction of ore deposit. We found that attention should be paid to the following issues： ① data accuracy： integrity, logic consistency, attribute, spatial and time accuracy; ② management of both attribute and spatial data in the same system;③ transforming data between MapGIS and ArcGIS; ④ data sharing and security; ⑤ data searches that can query both attribute and spatial data. Accuracy of input data is guaranteed and the search, analysis and translation of data between MapGIS and ArcGIS has been made convenient via the development of a checking data module and a managing data module based on MapGIS and ArcGIS. Using AreSDE, we based data sharing on a client/server system, and attribute and spatial data are also managed in the same system.

Research on the Analytical Efficiency of Public Security Intelligence Based on SEM

In the new era,the efficiency of public security intelligence analysis is one of the decisive factors for the reforms of public security work quality,efficiency as well as the impetus transforming,which also has a profound impact on the strategic decision-making of public security work,risk prevention and control,the prevention of illegal and criminal activities as well.This article,by constructing SEM(Structural Equation Model)which takes the organizational support,perceived behavioral control,the intelligence sharing,external constraint factors,and public security intelligence analysis efficiency as latent variables,explores the deep inner link among latent variables,in order to provide the public security intelligence analysis efficiency with scientific,objective,and reliable guidance theory and practice research efficaciously.

An Innovative Soft Design Science Methodology for Improving Development of a Secure Information System in Tanzania Using Multi-Layered Approach

This paper presents an innovative Soft Design Science Methodology for improving information systems security using multi-layered security approach. The study applied Soft Design Science Methodology to address the problematic situation on how information systems security can be improved. In addition, Soft Design Science Methodology was compounded with mixed research methodology. This holistic approach helped for research methodology triangulation. The study assessed security requirements and developed a framework for improving information systems security. The study carried out maturity level assessment to determine security status quo in the education sector in Tanzania. The study identified security requirements gap (IT security controls, IT security measures) using ISO/IEC 21827: Systems Security Engineering-Capability Maturity Model (SSE-CMM) with a rating scale of 0 - 5. The results of this study show that maturity level across security domain is 0.44 out of 5. The finding shows that the implementation of IT security controls and security measures for ensuring security goals are lacking or conducted in ad-hoc. Thus, for improving the security of information systems, organisations should implement security controls and security measures in each security domain (multi-layer security). This research provides a framework for enhancing information systems security during capturing, processing, storage and transmission of information. This research has several practical contributions. Firstly, it contributes to the body of knowledge of information systems security by providing a set of security requirements for ensuring information systems security. Secondly, it contributes empirical evidence on how information systems security can be improved. Thirdly, it contributes on the applicability of Soft Design Science Methodology on addressing the problematic situation in information systems security. The research findings can be used by decision makers and lawmakers to improve existing cyber security laws, and enact laws for data privacy and sharing of open data.

A Survey of Web Information System and Applications

The fourth international conference on Web information systems and applications （WISA 2007） has received 409 submissions and has accepted 37 papers for publication in this issue. The papers cover broad research areas, including Web mining and data warehouse, Deep Web and Web integration, P2P networks, text processing and information retrieval, as well as Web Services and Web infrastructure. After briefly introducing the WISA conference, the survey outlines the current activities and future trends concerning Web information systems and applications based on the papers accepted for publication.