Cyber Resilience through Real-Time Threat Analysis in Information Security

This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].

Trust and Security on Semantic HIM (Health Information Management)

Information technology have changed information media by networking and internet using technology in health as same as another part improve efficiency and effectiveness. Currently, the medical document is reality-based medicine, so that is the most important, richest and the most realistic source of medical and health information. Health information management systems that require systems to the storage, retrieval, storage and elimination of health records (by law), and adjust to the rules of professional. These processes are difficult and time consuming for human. In the meantime semantic HIM seem best solution.

Study on Architecture-Oriented Information Security Management Model for Using Mobile Devices Control

The popularization of mobile devices has caused considerable impact on the security of the military of the Republic of China.The military barrack-areas have long been faced the control of mobile devices four issues:the lack of accurate use of resources,the lack of protection of the mobile device from the overall point of view,the unclear division of responsibility among specialized agencies,and unclear members’responsibilities for their own duties.This study applies the structure behavior coalescence(SBC)methodology to integrate the organizational structure of the participating management and control units with effective management behaviors in a visualized and useful manner.The units can effectively communicate with each other and solve the four issues faced by the military barrack-areas for the control of mobile devices.This research fulfills improving the lack of control of the military mobile devices by using of management resources effectively and the establishment of mobile devices management with the overall concept,and strengthening the rights and responsibilities and information security awareness,through the logical verification and enterprise interview results.

Information Security Management Measures for College Archives Under the Network Environment

The construction of archives in colleges and universities in China is in the process of development and improvement.With the development information technology,the informatization of college archives has been accelerated.Network technology is developing rapidly in our country,and the number of network users has increased significantly.The use of network technology in university archives management can improve the management efficiency and quality of archives,but the safety factor has dropped significantly.For example,the archival system may face many problems such as virus infection,system paralysis,or cyberattacks,which affects the security of the university archives.Therefore,this paper presents an analysis of these problems in detail,and proposes corresponding solutions,so as to optimize and improve the information security management of college archives.

Developing a Geological Management Information System: National Important Mining Zone Database

Geo-data is a foundation for the prediction and assessment of ore resources, so managing and making full use of those data, including geography database, geology database, mineral deposits database, aeromagnetics database, gravity database, geochemistry database and remote sensing database, is very significant. We developed national important mining zone database （NIMZDB） to manage 14 national important mining zone databases to support a new round prediction of ore deposit. We found that attention should be paid to the following issues： ① data accuracy： integrity, logic consistency, attribute, spatial and time accuracy; ② management of both attribute and spatial data in the same system;③ transforming data between MapGIS and ArcGIS; ④ data sharing and security; ⑤ data searches that can query both attribute and spatial data. Accuracy of input data is guaranteed and the search, analysis and translation of data between MapGIS and ArcGIS has been made convenient via the development of a checking data module and a managing data module based on MapGIS and ArcGIS. Using AreSDE, we based data sharing on a client/server system, and attribute and spatial data are also managed in the same system.

Developing Dependability Requirements Engineering for Secure and Safe Information Systems with Knowledge Acquisition for Automated Specification

Our dependability on software in every aspect of our lives has exceeded the level that was expected in the past. We have now reached a point where we are currently stuck with technology, and it made life much easier than before. The rapid increase of technology adoption in the different aspects of life has made technology affordable and has led to an even stronger adoption in the society. As technology advances, almost every kind of technology is now connected to the network like infrastructure, automobiles, airplanes, chemical factories, power stations, and many other systems that are business and mission critical. Because of our high dependency on technology in most, if not all, aspects of life, a system failure is considered to be very critical and might result in harming the surrounding environment or put human life at risk. We apply our conceptual framework to integration between security and safety by creating a SaS (Safety and Security) domain model. Furthermore, it demonstrates that it is possible to use goal-oriented KAOS (Knowledge Acquisition in automated Specification) language in threat and hazard analysis to cover both safety and security domains making their outputs, or artifacts, well-structured and comprehensive, which results in dependability due to the comprehensiveness of the analysis. The conceptual framework can thereby act as an interface for active interactions in risk and hazard management in terms of universal coverage, finding solutions for differences and contradictions which can be overcome by integrating the safety and security domains and using a unified system analysis technique (KAOS) that will result in analysis centrality. For validation we chose the Systems-Theoretic Accident Model and Processes (STAMP) approach and its modelling language, namely System-Theoretic Process Analysis for safety (STPA), on the safety side and System-Theoretic Process Analysis for Security (STPA-sec) on the security side in order to be the base of the experiment in comparison to what was done in SaS. The concepts of SaS domain model were applied on STAMP approach using the same example @RemoteSurgery.

基于B/S结构的SIMS的软件设计与实现

基于B/S三层架构的学生信息管理系统(SIMS),采用的是ASP技术,并以VbScript作为主要脚本语言,系统的数据库使用的是Microsoft Office Access.系统功能完整,模块共分为系统管理、学籍管理、成绩管理、账号管理、数据管理和个人管理六个模块.文章首先简要阐述系统的研究背景与研究目的及意义,介绍一些与系统开发有关的技术与理论知识,随后详细介绍了该管理系统的设计与实现过程,包括后台数据库的设计、系统主页面的设计等.最后对系统进行测试,减少冗余,并对此次系统开发过程中遇到的问题以及解决的方法进行了叙述.

云计算环境下的拟态IAM系统设计实现方法

随着云计算的快速发展及其普及,企业的传统数据安全边界被打破,出现云资产管理混乱、越权、误操作等现象,对用户的信息安全产生巨大威胁。基于此,对目前云计算环境下身份认证和访问管理(identity and access management,IAM)的安全问题进行研究,提出结合内生安全思想,采取拟态防御手段构建出一种具有内生安全效应的拟态身份认证和访问管理(mimicry identity and access management,MIAM)体系架构方案,并对其进行详细描述。将该方案分别进行稳定性测试、系统性能测试以及系统安全性评估,实验数据表明,该方案具有可行性和安全性。

网站集群安全与管理模式分析

阐述校园网站的集群管理模式,它实现统一规划建设、灵活发布管理、实时反馈统计和审核机制,探讨网站的运行维护与安全管理的优化措施。

医院管理建设中智慧医保的SWOT分析

采用SWOT分析智慧医保在医院建设中的优势、劣势、机遇和威胁,了解智慧医保对于医院医保建设的影响,为医院医保精细化管理和便捷医保服务提供参考。依托信息平台给医院建设智慧医保服务和医保基金监管带来机遇,同时给医院医保“粗放型管理”转换为“精细化管理”带来挑战。医疗机构需牢牢抓住时代趋势,依靠自身优势以及信息技术的加持,不断加强医疗实力同时,注重智慧医保的机遇与威胁。医疗机构在享受智慧医保带来福利的同时,也要通过智慧医保更规范医院医保基金监管,通过优化信息系统让患者在实处体验到智慧医保带来的便民服务。

实验室管理信息系统的建设与应用

文章主要探讨了实验室管理信息系统的构成、功能、建设过程、优势和发展趋势。通过详细介绍实验室管理信息系统的主要组成部分和基本功能,阐述了该系统具有较强的数据管理、设备调度和实验进度跟踪功能,可以提高实验室管理的效率和精度。针对该系统的建设过程,强调了需对实验室管理的具体需求进行详细的分析和系统设计,同时选择适合的硬件设施和软件平台进行搭建,并利用网络通信和信息安全技术进行保障和优化。最后,提出了实验室管理信息系统将面临更多智能化和数据化趋势的展望,未来将经历更多深度集成和优化,以进一步提高实验室管理和研究工作的效率和质量。

帮信罪与拒履网安义务罪适用差异研究——以刑法网络治理模式为视角

帮助信息网络犯罪活动罪的司法案件数量和学术讨论热度远超拒不履行信息网络安全管理义务罪,教义学分析无法充分解释二罪差异。实证分析二罪理论文献及司法解释文件,发现国家对拒不履行信息网络安全管理义务罪的网络治理效能抱有期待。适当转变司法治理思维,减少直接性控制,承认社会个体治理能力,建立“共建共享公治”的多元网络治理格局,既符合我国的社会发展趋势也具备政策基础。多元治理利于调动网络安全管理义务人网络专长,及时处理信息。即使无法完全采取多元治理模式,也应对帮助信息网络犯罪活动罪的体系突破进行限缩,防止其持续膨胀。

高职院校档案数字化管理的信息安全问题研究

随着信息技术的快速发展,高职院校档案数字化管理已成为趋势。数字化管理具有高效、便捷、易存储等优点,但也存在数据泄露、非法访问、恶意篡改、人为误操作等信息安全问题。如何确保档案信息的保密性和完整性成为亟待解决的问题。通过探讨高职院校档案数字化管理的概念及现状,深入剖析高职院校档案数字化管理过程中所面临的信息安全问题及成因,有针对性地从技术与管理两个维度提出了应对策略,以期提升高职院校档案数字化管理信息安全的持续性和稳定性。

New Approach for Information Security Evaluation and Management of IT Systems in Educational Institutions

Security evaluation and management has become increasingly important for Web-based information technology(IT)systems,especially for educational institutions.For the security evaluation and management of IT systems in educational institutions,determining the security level for a single IT system has been well developed.However,it is still dificult to evaluate the information security level of the entire educational institution consid-ering multiple IT systems,because there might be too many different IT systems in one institution,educational institutions can be very different,and there is no standard model or method to provide a just ifable information security evaluation among different educational inst itutions considering their differences.In light of these difi-culties,a security evaluation model of educational institutions'IT systems(SEMEIS)is proposed in this work to facilitate the information security management for the educat ional institutions.Firstly,a simplified educational industry information system security level protection rating(EIISSLPR)with a new weight redistribution strategy for a single IT systern is proposed by choosing important evaluation questions from EIISSLPR and redistributing the weights of these questions.Then for the entire educational institution,analytic hierarchy process(AHP)is used to redistribute the weights of multiple IT systems at different security levels.considering the risk of pos-sible network security vulnerabilities,a risk index is forulated by weighting different factors,normalized by a utility function,and calculated with the real data collected from the institutions under the evaluation.Finally,the information security performance of educational institutions is obtained as the final score from SEMEIS.The results show that SEMEIS can evaluate the security level of the educat ion institutions practically and provide an efficient and effective management tool for the information security management.

基于区块链技术的辐射事故应急管理系统设计

放射性设备的应用发展导致辐射事故增多,对环境和公众健康产生威胁,需建立高效可靠的辐射事故应急管理体系。传统辐射事故应急管理系统存在数据孤岛、信息不透明等问题,而基于区块链技术的辐射事故应急管理系统具有去中心化、数据不可篡改、高度安全等特性,可实现应急响应流程自动化和智能化,提高响应速度和效果。区块链技术在辐射事故应急管理系统中的应用可有效解决传统管理系统存在的问题,提高管理效率和效果,为保障环境和公众健康提供技术支持。

信息安全中Safety与Security的比较研究

文章针对Security和Safety在信息网络安全领域和在具体行业中应用的含义进行了探讨,给出了它们的相关定义,对信息安全风险评估、风险管理、等级保护及信息安全评价指标体系的研究具有一定的指导意义。

基于电力营销系统的SIM卡全生命周期管理模式

介绍了基于电力营销系统对SIM卡全生命周期管理的模式。通过在营销系统搭建对SIM卡的管理功能,以及编制SIM卡的运行管理办法,创建了SIM卡管理的规范流程,实现SIM卡的购置、领用、使用、返仓、报废的全过程管理,对仓库新SIM卡备用量、SIM卡通信费用进行有效控制,提高了SIM卡资产管理水平,实践了SIM卡资产使用可靠性、使用效率、使用寿命和全生命周期成本总和最优的创先理念,实现了对S I M卡的精益化管理。