Classified information systems dealing with security issues

Others 2019-12-16 17:54:48 views: null

Classified information systems dealing with security issues

Classified information systems security and confidentiality policy is to ensure that classified computer information system security and confidentiality of documents and the development of a series of documents is to regulate the implementation of the confidentiality of classified information systems and management measures for security protection technology is the use of classified information systems staff when using classified information systems must follow the code of conduct.

The main contents of security and confidentiality policies, including security and confidentiality management structure, physical security policy, operational security policy, information security policy, backup and recovery strategy, viruses and malicious code protection policies, emergency planning and response. When strategic planning, policy modules for each subject in accordance with various embodiments subdivided into a number of sub-strategies, tactics such classified information systems on the basic perfected. For example, the information security policy module includes authentication, perimeter protection, access control, application systems and database security, information exchange and security policy child. Write each child policy should be unified unified format ideas, while clearly answer three questions, namely the implementation of the policy implementation of the object, content strategy, and strategy. Finally, taking into account the systemic security strategy should be developed on the structure, the intelligibility of the content, the technical realization of the enforceability of the management.

safe question

1, hacker attacks

Hacker attacks are one of the major threats to the security of classified computer local area network, although defense against hackers with the development of computer network technology continues to upgrade, but the endless stream of malicious damage, steal information still widespread. Especially for special Trojan secret network is endless, they can cause system data loss, malicious tampering, forgery, software, storage media use to destroy viruses, information interception and so on. 

2, viruses

Classified computer local area network to facilitate resource sharing and dissemination of information within the network users, but it also gives the opportunity to a large number of computer viruses sneak into and the spread of computer viruses are generally caused by two cases, one internal hackers or malicious network users infection, and second, self negligence led to computer virus infections, regardless of the route of infection, its harmful consequences are very serious. A large number of viruses continue to replicate, resulting in network congestion, a computer terminal paralysis, or even loss of leaks, with very serious consequences. Common virus worms, Trojan horses, there will be a series of new viruses in the future, whether you need to take precautions now an important hurdle to good computer local area network security technology.  

3, loopholes in management

Scientific and strict management is a key factor classified computer network security design, strict management awareness of its people is not strong, which led to different levels of software and hardware damage, unreasonable configuration, operating system disorder, authentication security vulnerabilities and so on, a series of mismanagement causing a computer to a LAN serious security risks. Therefore, strengthening the network management awareness, rational attack from the facility configuration can effectively fill the security holes to prevent internal and external networks. 

4, the network use of personnel issues

Secret network use of personnel during use, there will inevitably misuse, classified computer network which makes a large number of hidden leaks out, it continuously through the system design and implementation, to gradually reduce the risks generated during the use .

5, border protection risks

Classified LAN respective boundaries are at risk and may lead to unauthorized access and uncontrollable factors occur, so when designing networks, physical and virtual security must be fully taken into account.

Classified information systems security audit is the use of various techniques, comprehensive testing various sessions and events information systems, record and analyze suspicious

Behavior, abuse, help locate the source of security events and trace evidence, prevention and detection of illegal Internet activity.

 

At present, China is no more perfect, authoritative, have normative security audit regulations and guidelines, and now the audit work is carried out in accordance with their experience, auditees, audit methods, audit analysis point of view is different.

In general, the audit objects can be divided in two ways: (1) divided by the audit body: mainly for system administrators, security administrators, and other relevant personnel security auditor; (2) divided by Audit Object: The main of the secret network devices, servers, user terminals, applications, security products, databases, security management implementation.

Audit methods are generally safe to use analysis software audit, the auditors audit manual and audit methods and security audit software audit artificial combination. Audit analysis is a complex process, a keen sense of awareness in the audit analysis and rapid response capacity, can be associated with a variety of events, analyze its hidden vulnerabilities and threats.

Risk assessment

Classified information systems risk assessment of the predictability of the life cycle of information systems for each assessment calculations, understand the current and future information systems risk, to assess the impact of these security threats and possible risks. No accurate and timely risk assessment, can not make accurate judgments about information security systems. 

Classified information systems risk assessment revolves around four elements unfold: information assets , threats, vulnerabilities and risk analysis. Which is valuable information assets of the enterprise, organization of information or resources, it is a security policy to protect. The possibility of threat factors or events for companies, institutions and their assets constitute the potential damage. Vulnerability assessment is the existence of the asset itself vulnerabilities, which can be exploited by the threats, causing damage to assets, a risk assessment is an important content. Risk analysis is an understanding of the risks to develop appropriate strategies to make a strong to resist and reduce risk. To achieve the control and management of risk, risk value can be hierarchical processing, risk can be divided into five, the higher the rating, the higher the risk.

 

Guess you like

Origin www.cnblogs.com/csj0907569-/p/12050157.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com