安全风险评估模型研究及其在海洋信息系统中的应用

发布时间：2018-10-31 19:37

【摘要】：我国是海洋大国,海洋在国民经济和社会发展中占有极其重要的地位。尤其近几年来,我国海洋产业GDP基本上保持稳步增长。据初步核算,2015年我国海洋产业生产总值达64669亿元,较上年增长了7%。上海市海洋局和上海市发展改革委也于去年组织开展了上海市海洋发展战略研究,并起草了《关于上海加快发展海洋事业的行动方案(2015-2020年)》。随着海洋强国战略和“一带一路”建设的推进,如何加强海洋信息化建设,提升预报减灾、环境保护、维权执法等海洋信息公共服务保障能力,成为各方关注的重大战略问题。从总体来看,我国海洋信息化建设至今已经取得了不错的进展。例如,我国已经制定并完善了国家海洋信息化规划,海洋数据的获取和处理能力、技术也有了提升,并且我国的多级海洋信息业务体系已经初步形成,建设了国家海洋综合管理系统,海洋信息安全工作也在不断加强。由于大部分的海洋数据都属于国家机密,海洋信息安全出现了任何一点技术漏洞或管理不当都有可能对我国利益带来严重后果,因此在建设海洋信息系统时,其信息安全问题不容忽视。据了解,国家海洋局、各省市、县级海洋局及其他涉海单位都有针对不同海洋业务的不同安全等级要求。由此,对于海洋信息系统的安全风险评估就成为海洋信息安全管理机制建设的基础。有效的风险评估模型可以判断评估对象系统的安全措施建设是否满足保护信息资产安全的要求,同时运用合理的模型也可以监控整个系统具体的安全状况,从而能够及时调整信息安全保障措施,始终将风险控制在可接受的范围内,用低成本从最大程度上保障整个系统的安全。首先,本文对现有的安全风险评估标准、评估模型、评估方法进行了深入的分析,以GB/T 20984-2007《信息安全技术信息系统的风险评估规范》和BS7799等国内外信息安全风险评估标准为指导,结合海洋数据属性及海洋信息系统特点,从而分析和研究海洋信息系统安全因素,提出一套较为全面、客观的海洋信息系统安全评估指标体系,基于层次分析法对指标体系进行定量与定性相结合的分析,从而筛选对海洋信息系统安全影响较小的指标。最后利用统计学中的效度系数和相关系数做出效度和信度检验,证明了本文中的指标体系具有一定的有效性和可靠性。其次,本文结合事故树和层次分析法在定性和定量分析上的优势,建立了基于改进层次分析法的海洋信息安全评估方法,将事故树中的结构重要度概念引入到层次分析法的判断矩阵构建过程中,利用结构重要度引出的判断因子的相互比较关系来建立判断矩阵并计算其权重,而后,结合传统层次分析法计算出的权重,进而计算分析得出各因素的综合权重。最后,基于改进层次分析法的海洋信息安全评估方法的基础上,提出海洋信息系统安全评估模型。该模型第一步是分析评估系统的安全风险因素;第二步是分别构建事故树和层次分析法的判断矩阵,计算各自权重,再计算各自的标度因子和一致性因子,从而结合权重赋值;第三步是利用模糊综合分析法结合权重得出系统的安全等级评价,并给出安全改进方案。通过实例应用,将本文提出的指标体系及安全评估模型运用到实际海洋信息系统中,并在实践中证明该安全评估模型是切合实际、可行有效的。最后实例应用计算及分析结果表明,本文研究的海洋信息系统安全评估指标及模型能够满足实际评估工作,并且符合实际情况。
[Abstract]:China is a great ocean power, and the ocean plays a very important role in the national economy and social development. Especially in recent years, China's marine industrial GDP has basically maintained steady growth. According to preliminary accounting, the gross domestic product of China in 2015 amounted to 6466.9 billion yuan, up by 7% from the previous year. The Shanghai Ocean Bureau and the Shanghai Development Reform Commission also conducted a study on Shanghai's marine development strategy last year, and drafted the Programme of Action on Accelerating the Development of Marine Business in Shanghai (2015-2020). With the strategy of ocean power and "Belt and Road" The promotion of construction, how to strengthen the construction of marine information, improve the protection ability of marine information public services such as forecast reduction, environmental protection and law enforcement, has become a major strategic issue of concern to all parties. Overall, the construction of China's marine informatization has made great progress. For example, China has formulated and improved the national marine information planning, the acquisition and processing capacity of ocean data, the technology has also improved, and China's multi-level marine information service system has been preliminarily formed, and the national marine comprehensive management system has been constructed. The work of marine information security is also increasing. Since most of the marine data belongs to state secrets, any technical vulnerability or improper management of marine information security may have serious consequences for our country's interests, so the information security problem cannot be ignored in the construction of marine information systems. It is understood that the State Oceanic Administration, the provinces and municipalities, the county-level maritime bureau and other relevant maritime units have different security levels for different marine operations. Therefore, the safety risk assessment of marine information system becomes the foundation of the construction of marine information security management mechanism. the effective risk assessment model can judge whether the safety measure construction of the evaluation object system meets the requirement of protecting information asset safety, and meanwhile, the specific safety condition of the whole system can be monitored by using a reasonable model, so that the information security guarantee measures can be adjusted in time, Always keep the risk within an acceptable range and ensure the safety of the entire system at a low cost to the maximum extent. Firstly, this paper deeply analyzes the existing safety risk assessment standard, evaluation model and evaluation method, and guides the information security risk assessment standards at home and abroad in GB/ T 20984-2007 and BS7799. Combined with the characteristics of marine data and marine information system, this paper analyses and studies the safety factors of marine information system, puts forward a comprehensive and objective system of safety assessment of marine information system, and analyses the quantitative and qualitative analysis of index system based on AHP. so as to screen the indexes which have less influence on the safety of the marine information system. Finally, the effectiveness and reliability test of the coefficient and correlation coefficient in statistics are used to prove the effectiveness and reliability of the index system in this paper. Secondly, combining the advantages of accident tree and analytic hierarchy process in qualitative and quantitative analysis, this paper establishes an ocean information security assessment method based on improved AHP, and introduces the concept of structural importance in the accident tree into the decision matrix construction process of AHP. A judgment matrix is established and the weight is calculated by the mutual comparison of the judgment factors derived from the structural importance, and then the weights calculated by the traditional analytic hierarchy process are combined, and then the comprehensive weight of each factor is calculated and analyzed. Finally, on the basis of improving the method of marine information security assessment based on the improved AHP, a model of security assessment of marine information system is proposed. the first step of the model is to analyze the security risk factors of the evaluation system, and the second step is to construct a judgment matrix of the accident tree and the hierarchy analysis method respectively, calculate the respective weights, and then calculate the respective scale factors and the consistency factors, thereby binding the weight assignments; The third step is to use the fuzzy comprehensive analysis method to combine the weight to get the safety class evaluation of the system, and give the safety improvement plan. By means of example application, the index system and safety evaluation model proposed in this paper are applied to the actual marine information system, and in practice it is proved that the safety evaluation model is practical and feasible. The results of the calculation and analysis of the last instance show that the safety assessment index and model of the marine information system studied in this paper can meet the actual assessment work and accord with the actual situation.
【学位授予单位】：上海海洋大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：P74;TP309

【相似文献】

相关期刊论文 前10条

1 黄西安;海洋信息学简介[J];海洋开发与管理;2004年01期

2 陈伯镛;传播海洋信息 发展海洋事业——《海洋信息》创刊10周年纪念[J];海洋信息;1996年02期

3 荆公;联合增效,加速海洋信息产业的发展[J];海洋信息;1998年05期

4 吴克勤;海洋信息工作的挑战与机遇[J];海洋信息;1998年08期

5 陈奎英;兴海强国,加快海洋信息化建设步伐[J];海洋信息;2004年02期

6 何亚文;苏奋振;杜云艳;肖如林;;海洋信息网格服务平台的设计与实现[J];地球信息科学学报;2010年05期

7 周莉;周亚珠;徐兰芬;韩真;邵艳;;舟山海洋信息资源调查及开发[J];海洋信息;2010年04期

8 李雪;;国家海洋信息中心召开年度工作会议[J];海洋信息;2006年02期

9 罗续业;我国海洋信息联机服务[J];海洋技术;1996年03期

10 吴克勤;英国海洋信息系统的开发[J];海洋信息;2001年02期

相关重要报纸文章 前8条

1 集美大学 谢钦铭;应加强海洋信息综合管理体系建设[N];中国海洋报;2006年

2 ;谱写海洋信息事业发展新篇章[N];中国海洋报;2006年

3 记者 侯小健　通讯员 许小贝 邓韶勇;我省有了海洋信息专用网络[N];海南日报;2011年

4 海辛;我国海洋信息系统国际先进[N];中国船舶报;2000年

5 张新民;国家海洋信息中心举行成立50周年庆典[N];天津日报;2008年

6 国家海洋信息中心 徐胜;改革创新 开创海洋信息工作新局面[N];中国海洋报;2014年

7 实习记者 刘川;我国首个海洋信息三维可视化平台建成[N];中国海洋报;2011年

8 国家海洋信息中心;以“七一”讲话、“三个六”为发展和创新动力[N];中国海洋报;2011年

相关硕士学位论文 前3条

1 邱俊浩;基于Hadoop的海洋信息OLAP与数据挖掘系统的研究与实现[D];东北大学;2014年

2 王t;安全风险评估模型研究及其在海洋信息系统中的应用[D];上海海洋大学;2016年

3 马飞飞;基于GIS的水声计算数据环境设计与集成[D];辽宁师范大学;2009年

，

本文编号：2303327

suoshi