地级市金保工程安全体系研究与应用

发布时间：2018-03-23 01:03

本文选题：金保工程　切入点：安全等级　出处：《湖北工业大学》2017年硕士论文　论文类型：学位论文

【摘要】：随着信息系统的发展,信息安全已成为人们关注的热点。习近平总书记在主持召开的中央网络安全和信息化领导小组会议上指出“没有网络安全就没有国家安全,没有信息化就没有现代化”,并强调“网络安全和信息化是一体之两翼、驱动之双轮”。信息化建设在增强信息化服务,改变人们的生产生活方式的同时,也伴随着各种攻击,如木马、间谍软件、病毒、僵尸网络等。众所周知,信息系统的安全取决于防护系统中“马奇诺防线”中最为薄弱的一环,若没有合理的安全体系作指导,就容易出现“安全短板”现象,导致信息系统不堪一击。然而,纵观信息系统发展,普遍缺乏适合信息系统平台的安全体系结构。因此,我们要做好网络安全和信息化工作,就必须要处理好安全和发展的关系,从而构成了对信息安全的需要。本文参照《信息系统安全等级保护基本要求》的相关安全标准,分析地级市金保工程系统平台信息安全现状和风险,以最新的安全技术为基础,结合实际需求,确定在具体实施过程中按照第三级的安全保护等级要求的标准设计,并在文中指出了原信息系统安全方面的不足,给出了具体整改的做法。通过本方案的设计,可以进一步提高信息系统安全保护等级的符合性要求,尽可能降低或消除信息系统的安全风险,确保整个系统的安全保护水平提高到了一个较高水平,为地级市金保工程的信息系统的实际建设提供了有益的帮助。
[Abstract]:With the development of information system, information security has become the focus of attention. General Secretary Xi Jinping pointed out at the meeting of the Central Network Security and Informatization leading Group that "without network security, there would be no national security." "without information, there would be no modernization," and stressed that "network security and informatization are two wings of one, driven by two wheels." Information construction not only enhances information services and changes people's production and life styles, but also comes with various attacks. Trojans, spyware, viruses, botnets, etc. As we all know, the security of information systems depends on the weakest link in the "Mackinot Line" of the protective system, without a reasonable security system to guide them. However, throughout the development of information system, there is a general lack of security architecture suitable for information system platform. Therefore, we should do a good job of network security and information. It is necessary to deal with the relationship between security and development so as to form a need for information security. This paper refers to the relevant security standards of "basic requirements of Information system Security level Protection". This paper analyzes the present situation and risks of information security in the system platform of the city's Jinbao engineering system at the prefectural level, based on the latest security technology and combining with the actual demand, determines the standard design according to the requirements of the third level of security protection in the concrete implementation process. In this paper, the shortcomings of the original information system security are pointed out, and the concrete rectification methods are given. Through the design of this scheme, the conformance requirements of the information system security protection level can be further improved. The security risk of the information system is reduced or eliminated as far as possible, and the level of security protection of the whole system is raised to a higher level, which provides a beneficial help for the practical construction of the information system of the city Jinbao project at the prefectural level.
【学位授予单位】：湖北工业大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP309

【参考文献】