This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t...This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].展开更多
Information technology have changed information media by networking and internet using technology in health as same as another part improve efficiency and effectiveness. Currently, the medical document is reality-base...Information technology have changed information media by networking and internet using technology in health as same as another part improve efficiency and effectiveness. Currently, the medical document is reality-based medicine, so that is the most important, richest and the most realistic source of medical and health information. Health information management systems that require systems to the storage, retrieval, storage and elimination of health records (by law), and adjust to the rules of professional. These processes are difficult and time consuming for human. In the meantime semantic HIM seem best solution.展开更多
The popularization of mobile devices has caused considerable impact on the security of the military of the Republic of China.The military barrack-areas have long been faced the control of mobile devices four issues:th...The popularization of mobile devices has caused considerable impact on the security of the military of the Republic of China.The military barrack-areas have long been faced the control of mobile devices four issues:the lack of accurate use of resources,the lack of protection of the mobile device from the overall point of view,the unclear division of responsibility among specialized agencies,and unclear members’responsibilities for their own duties.This study applies the structure behavior coalescence(SBC)methodology to integrate the organizational structure of the participating management and control units with effective management behaviors in a visualized and useful manner.The units can effectively communicate with each other and solve the four issues faced by the military barrack-areas for the control of mobile devices.This research fulfills improving the lack of control of the military mobile devices by using of management resources effectively and the establishment of mobile devices management with the overall concept,and strengthening the rights and responsibilities and information security awareness,through the logical verification and enterprise interview results.展开更多
The construction of archives in colleges and universities in China is in the process of development and improvement.With the development information technology,the informatization of college archives has been accelera...The construction of archives in colleges and universities in China is in the process of development and improvement.With the development information technology,the informatization of college archives has been accelerated.Network technology is developing rapidly in our country,and the number of network users has increased significantly.The use of network technology in university archives management can improve the management efficiency and quality of archives,but the safety factor has dropped significantly.For example,the archival system may face many problems such as virus infection,system paralysis,or cyberattacks,which affects the security of the university archives.Therefore,this paper presents an analysis of these problems in detail,and proposes corresponding solutions,so as to optimize and improve the information security management of college archives.展开更多
Geo-data is a foundation for the prediction and assessment of ore resources, so managing and making full use of those data, including geography database, geology database, mineral deposits database, aeromagnetics data...Geo-data is a foundation for the prediction and assessment of ore resources, so managing and making full use of those data, including geography database, geology database, mineral deposits database, aeromagnetics database, gravity database, geochemistry database and remote sensing database, is very significant. We developed national important mining zone database (NIMZDB) to manage 14 national important mining zone databases to support a new round prediction of ore deposit. We found that attention should be paid to the following issues: ① data accuracy: integrity, logic consistency, attribute, spatial and time accuracy; ② management of both attribute and spatial data in the same system;③ transforming data between MapGIS and ArcGIS; ④ data sharing and security; ⑤ data searches that can query both attribute and spatial data. Accuracy of input data is guaranteed and the search, analysis and translation of data between MapGIS and ArcGIS has been made convenient via the development of a checking data module and a managing data module based on MapGIS and ArcGIS. Using AreSDE, we based data sharing on a client/server system, and attribute and spatial data are also managed in the same system.展开更多
Our dependability on software in every aspect of our lives has exceeded the level that was expected in the past. We have now reached a point where we are currently stuck with technology, and it made life much easier t...Our dependability on software in every aspect of our lives has exceeded the level that was expected in the past. We have now reached a point where we are currently stuck with technology, and it made life much easier than before. The rapid increase of technology adoption in the different aspects of life has made technology affordable and has led to an even stronger adoption in the society. As technology advances, almost every kind of technology is now connected to the network like infrastructure, automobiles, airplanes, chemical factories, power stations, and many other systems that are business and mission critical. Because of our high dependency on technology in most, if not all, aspects of life, a system failure is considered to be very critical and might result in harming the surrounding environment or put human life at risk. We apply our conceptual framework to integration between security and safety by creating a SaS (Safety and Security) domain model. Furthermore, it demonstrates that it is possible to use goal-oriented KAOS (Knowledge Acquisition in automated Specification) language in threat and hazard analysis to cover both safety and security domains making their outputs, or artifacts, well-structured and comprehensive, which results in dependability due to the comprehensiveness of the analysis. The conceptual framework can thereby act as an interface for active interactions in risk and hazard management in terms of universal coverage, finding solutions for differences and contradictions which can be overcome by integrating the safety and security domains and using a unified system analysis technique (KAOS) that will result in analysis centrality. For validation we chose the Systems-Theoretic Accident Model and Processes (STAMP) approach and its modelling language, namely System-Theoretic Process Analysis for safety (STPA), on the safety side and System-Theoretic Process Analysis for Security (STPA-sec) on the security side in order to be the base of the experiment in comparison to what was done in SaS. The concepts of SaS domain model were applied on STAMP approach using the same example @RemoteSurgery.展开更多
随着云计算的快速发展及其普及,企业的传统数据安全边界被打破,出现云资产管理混乱、越权、误操作等现象,对用户的信息安全产生巨大威胁。基于此,对目前云计算环境下身份认证和访问管理(identity and access management,IAM)的安全问题...随着云计算的快速发展及其普及,企业的传统数据安全边界被打破,出现云资产管理混乱、越权、误操作等现象,对用户的信息安全产生巨大威胁。基于此,对目前云计算环境下身份认证和访问管理(identity and access management,IAM)的安全问题进行研究,提出结合内生安全思想,采取拟态防御手段构建出一种具有内生安全效应的拟态身份认证和访问管理(mimicry identity and access management,MIAM)体系架构方案,并对其进行详细描述。将该方案分别进行稳定性测试、系统性能测试以及系统安全性评估,实验数据表明,该方案具有可行性和安全性。展开更多
Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in ...Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in educational institutions,determining the security level for a single IT system has been well developed.However,it is still dificult to evaluate the information security level of the entire educational institution consid-ering multiple IT systems,because there might be too many different IT systems in one institution,educational institutions can be very different,and there is no standard model or method to provide a just ifable information security evaluation among different educational inst itutions considering their differences.In light of these difi-culties,a security evaluation model of educational institutions'IT systems(SEMEIS)is proposed in this work to facilitate the information security management for the educat ional institutions.Firstly,a simplified educational industry information system security level protection rating(EIISSLPR)with a new weight redistribution strategy for a single IT systern is proposed by choosing important evaluation questions from EIISSLPR and redistributing the weights of these questions.Then for the entire educational institution,analytic hierarchy process(AHP)is used to redistribute the weights of multiple IT systems at different security levels.considering the risk of pos-sible network security vulnerabilities,a risk index is forulated by weighting different factors,normalized by a utility function,and calculated with the real data collected from the institutions under the evaluation.Finally,the information security performance of educational institutions is obtained as the final score from SEMEIS.The results show that SEMEIS can evaluate the security level of the educat ion institutions practically and provide an efficient and effective management tool for the information security management.展开更多
介绍了基于电力营销系统对SIM卡全生命周期管理的模式。通过在营销系统搭建对SIM卡的管理功能,以及编制SIM卡的运行管理办法,创建了SIM卡管理的规范流程,实现SIM卡的购置、领用、使用、返仓、报废的全过程管理,对仓库新SIM卡备用量、SI...介绍了基于电力营销系统对SIM卡全生命周期管理的模式。通过在营销系统搭建对SIM卡的管理功能,以及编制SIM卡的运行管理办法,创建了SIM卡管理的规范流程,实现SIM卡的购置、领用、使用、返仓、报废的全过程管理,对仓库新SIM卡备用量、SIM卡通信费用进行有效控制,提高了SIM卡资产管理水平,实践了SIM卡资产使用可靠性、使用效率、使用寿命和全生命周期成本总和最优的创先理念,实现了对S I M卡的精益化管理。展开更多
文摘This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].
文摘Information technology have changed information media by networking and internet using technology in health as same as another part improve efficiency and effectiveness. Currently, the medical document is reality-based medicine, so that is the most important, richest and the most realistic source of medical and health information. Health information management systems that require systems to the storage, retrieval, storage and elimination of health records (by law), and adjust to the rules of professional. These processes are difficult and time consuming for human. In the meantime semantic HIM seem best solution.
文摘The popularization of mobile devices has caused considerable impact on the security of the military of the Republic of China.The military barrack-areas have long been faced the control of mobile devices four issues:the lack of accurate use of resources,the lack of protection of the mobile device from the overall point of view,the unclear division of responsibility among specialized agencies,and unclear members’responsibilities for their own duties.This study applies the structure behavior coalescence(SBC)methodology to integrate the organizational structure of the participating management and control units with effective management behaviors in a visualized and useful manner.The units can effectively communicate with each other and solve the four issues faced by the military barrack-areas for the control of mobile devices.This research fulfills improving the lack of control of the military mobile devices by using of management resources effectively and the establishment of mobile devices management with the overall concept,and strengthening the rights and responsibilities and information security awareness,through the logical verification and enterprise interview results.
文摘The construction of archives in colleges and universities in China is in the process of development and improvement.With the development information technology,the informatization of college archives has been accelerated.Network technology is developing rapidly in our country,and the number of network users has increased significantly.The use of network technology in university archives management can improve the management efficiency and quality of archives,but the safety factor has dropped significantly.For example,the archival system may face many problems such as virus infection,system paralysis,or cyberattacks,which affects the security of the university archives.Therefore,this paper presents an analysis of these problems in detail,and proposes corresponding solutions,so as to optimize and improve the information security management of college archives.
基金This paper is financially supported by the National I mportant MiningZone Database ( No .200210000004)Prediction and Assessment ofMineral Resources and Social Service (No .1212010331402) .
文摘Geo-data is a foundation for the prediction and assessment of ore resources, so managing and making full use of those data, including geography database, geology database, mineral deposits database, aeromagnetics database, gravity database, geochemistry database and remote sensing database, is very significant. We developed national important mining zone database (NIMZDB) to manage 14 national important mining zone databases to support a new round prediction of ore deposit. We found that attention should be paid to the following issues: ① data accuracy: integrity, logic consistency, attribute, spatial and time accuracy; ② management of both attribute and spatial data in the same system;③ transforming data between MapGIS and ArcGIS; ④ data sharing and security; ⑤ data searches that can query both attribute and spatial data. Accuracy of input data is guaranteed and the search, analysis and translation of data between MapGIS and ArcGIS has been made convenient via the development of a checking data module and a managing data module based on MapGIS and ArcGIS. Using AreSDE, we based data sharing on a client/server system, and attribute and spatial data are also managed in the same system.
文摘Our dependability on software in every aspect of our lives has exceeded the level that was expected in the past. We have now reached a point where we are currently stuck with technology, and it made life much easier than before. The rapid increase of technology adoption in the different aspects of life has made technology affordable and has led to an even stronger adoption in the society. As technology advances, almost every kind of technology is now connected to the network like infrastructure, automobiles, airplanes, chemical factories, power stations, and many other systems that are business and mission critical. Because of our high dependency on technology in most, if not all, aspects of life, a system failure is considered to be very critical and might result in harming the surrounding environment or put human life at risk. We apply our conceptual framework to integration between security and safety by creating a SaS (Safety and Security) domain model. Furthermore, it demonstrates that it is possible to use goal-oriented KAOS (Knowledge Acquisition in automated Specification) language in threat and hazard analysis to cover both safety and security domains making their outputs, or artifacts, well-structured and comprehensive, which results in dependability due to the comprehensiveness of the analysis. The conceptual framework can thereby act as an interface for active interactions in risk and hazard management in terms of universal coverage, finding solutions for differences and contradictions which can be overcome by integrating the safety and security domains and using a unified system analysis technique (KAOS) that will result in analysis centrality. For validation we chose the Systems-Theoretic Accident Model and Processes (STAMP) approach and its modelling language, namely System-Theoretic Process Analysis for safety (STPA), on the safety side and System-Theoretic Process Analysis for Security (STPA-sec) on the security side in order to be the base of the experiment in comparison to what was done in SaS. The concepts of SaS domain model were applied on STAMP approach using the same example @RemoteSurgery.
文摘随着云计算的快速发展及其普及,企业的传统数据安全边界被打破,出现云资产管理混乱、越权、误操作等现象,对用户的信息安全产生巨大威胁。基于此,对目前云计算环境下身份认证和访问管理(identity and access management,IAM)的安全问题进行研究,提出结合内生安全思想,采取拟态防御手段构建出一种具有内生安全效应的拟态身份认证和访问管理(mimicry identity and access management,MIAM)体系架构方案,并对其进行详细描述。将该方案分别进行稳定性测试、系统性能测试以及系统安全性评估,实验数据表明,该方案具有可行性和安全性。
基金the Science and Technology Innovation Program of Shanghai Science and Technology Commit-tee(No.19511103500)。
文摘Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in educational institutions,determining the security level for a single IT system has been well developed.However,it is still dificult to evaluate the information security level of the entire educational institution consid-ering multiple IT systems,because there might be too many different IT systems in one institution,educational institutions can be very different,and there is no standard model or method to provide a just ifable information security evaluation among different educational inst itutions considering their differences.In light of these difi-culties,a security evaluation model of educational institutions'IT systems(SEMEIS)is proposed in this work to facilitate the information security management for the educat ional institutions.Firstly,a simplified educational industry information system security level protection rating(EIISSLPR)with a new weight redistribution strategy for a single IT systern is proposed by choosing important evaluation questions from EIISSLPR and redistributing the weights of these questions.Then for the entire educational institution,analytic hierarchy process(AHP)is used to redistribute the weights of multiple IT systems at different security levels.considering the risk of pos-sible network security vulnerabilities,a risk index is forulated by weighting different factors,normalized by a utility function,and calculated with the real data collected from the institutions under the evaluation.Finally,the information security performance of educational institutions is obtained as the final score from SEMEIS.The results show that SEMEIS can evaluate the security level of the educat ion institutions practically and provide an efficient and effective management tool for the information security management.
文摘介绍了基于电力营销系统对SIM卡全生命周期管理的模式。通过在营销系统搭建对SIM卡的管理功能,以及编制SIM卡的运行管理办法,创建了SIM卡管理的规范流程,实现SIM卡的购置、领用、使用、返仓、报废的全过程管理,对仓库新SIM卡备用量、SIM卡通信费用进行有效控制,提高了SIM卡资产管理水平,实践了SIM卡资产使用可靠性、使用效率、使用寿命和全生命周期成本总和最优的创先理念,实现了对S I M卡的精益化管理。