Recently, the Shenzhen Archives Society held a special lecture on the 2023 International Archives Day, "Forge ahead on a new journey, a new chapter in blue and Taiwan". Dr. Wang Jie, executive deputy general manager of Kaiyuan Network Security, was invited to participate in this lecture and shared "Archives Information Security Practice: Times and Prospects", explaining the security construction of smart archives in the digital age from the perspective of software supply chain security and management programs.
This symposium aims at the frontier of information technology development and explores the development path of smart archives. Staff from the Shenzhen Municipal Archives Bureau, district archives bureaus, professional archives, municipal agencies, enterprises and institutions attended the lecture.
Dr. Wang Jie said that with the gradual strengthening of archives management informatization, modern archives work is highly dependent on information technology and archives management systems . He believes that in the process of archives informatization construction, due to the frequent occurrence of software supply chain security issues, endless file theft and leakage problems also follow, posing a great threat to archives information security.
In recent years, the "Archives Law of the People's Republic of China", "Network Security Law of the People's Republic of China", and "Data Security Law of the People's Republic of China" promulgated by the state all stipulate that archives and agencies, groups, enterprises, institutions and other organizations should strengthen their archives. Informatization construction, and take measures to ensure the security of archives information.
Dr. Wang Jie pointed out that the archival industry is facing problems such as uncontrollable software supply chain upstream , huge risks of open source software , imperfect software security development process , and lack of security management and control system , which should be solved from the following aspects.
-
Use open source governance tools and SBOM platform to build an open source governance mechanism, and establish a software asset library and supplier software asset management process.
-
According to the best practice of "Software Supply Chain Security Management Requirements", establish a supplier security capability assessment form, sort out and formulate security baselines for supplier capability management requirements, and reduce security threats on the supplier side.
-
Introduce a software supply chain security management platform to conduct interactive software security testing, code security auditing, open source software compliance governance, mirroring security testing, and penetration testing, etc., to discover security issues before going online and detect security issues after going online.
-
By constructing the S-SDLC software development management process and operation and maintenance management process, establish and improve the closed-loop disposal process for security issues found in the software supply chain security governance process, and establish a software supply chain security governance process from the link of development → delivery → use , so that security issues can be dealt with effectively in a closed loop.
Through this study, archivists have strengthened their awareness of the importance of software supply chain security, improved the ability to deal with information security risks in modern archival work, and promoted the safe and efficient development of modern archival work.
Relying on years of technology and experience, Kaiyuan Network Security has provided a large number of government and enterprise units with software supply chain security construction services, security awareness training and other services, providing a solid security guarantee for the development of the digital economy. In the future, we will continue to help enterprises and institutions improve their network and information security capabilities, and effectively build a security line of defense for digital construction.