学生论文
|
论文查询结果 |
返回搜索 |
|
|
|
| 论文编号: | 9636 | |
| 作者编号: | 2120152986 | |
| 上传时间: | 2017/12/8 9:15:50 | |
| 中文题目: | 基于ISO/IEC 27001:2013的高校信息安全评估指标体系研究 | |
| 英文题目: | Research on the Evaluation Index System of Information Security in Colleges and Universities Based on ISO / IEC 27001: 2013 | |
| 指导老师: | 李颖 | |
| 中文关键字: | 高校;信息安全;信息安全管理;评估指标 | |
| 英文关键字: | university;information security;information security management;evaluation indicators | |
| 中文摘要: | 近年来,随着信息技术的不断进步,我国各行各业信息化建设也在深入发展,互联网时代带给我们的便利正在影响着我们的日常工作和生活。高校作为教育行业的代表机构,承担着许多国家重大科研项目和军工项目,涉及到众多教师和学生的个人隐私信息。在高校信息化建设不断推进的同时,信息安全问题也在逐步突显,虽然目前有些高校的信息安全意识已有所提高,已采取一些相应的防范措施,但我们需要更加全面系统的了解高校所存在的信息安全问题,提出相应的改善措施,以提高高校的信息安全水平。 本文首先回顾了国内外信息安全风险评估方法及高校信息安全评估研究现状。鉴于高校信息安全评估指标相关研究较少,而与行业标准相结合的更少,因此本文进一步整理了国内外信息安全相关行业标准,将国际通用的信息安全管理体系标准ISO/IEC 27001:2013引入到高校信息安全评估中,并以此为基础构建信息安全评估指标体系。笔者梳理了高校的信息环境特征和信息安全弱点,基于ISO/IEC 27001:2013的114项控制项目,遵循科学性、全面性、合理性、最小性及可量化原则,筛选整合出安全方针、人力资源安全、资产安全、访问控制、物理和网络安全、操作安全、系统获取/开发和维护、信息安全事件管理8个控制领域下38个具体评估指标。通过征求来自三所高校18名信息安全专家的意见,运用结构熵权法计算出各项指标的权重,构建出适合高校的信息安全评估指标体系。最后,通过对M高校的案例研究,得出M高校当前信息安全整体得分3.2412,整体信息安全水平较高。同时针对8大类指标,进行了具体的分析和改进对策建议,指出了M高校当前信息安全薄弱点及信息安全措施实施不到位的情况,并建议了行之有效的安全策略,提升M高校的信息安全。 本文的创新之处在于:一是率先运用国际通用标准ISO/IEC 27001:2013为基础构建了一套高校信息安全评估指标集。二是率先引入主观和客观相结合的结构熵权法来确定指标的权重,从而由指标集合和权重数值构建了完整的高校信息安全评估指标体系。这为后续高校信息安全评估研究提供了新的思路。 | |
| 英文摘要: | In recent years, with the continuous progress of information technology, information technology in all walks of life construction is also in-depth development, the Internet era to bring our convenience is affecting our daily work and life. University as a representative body of the education industry, bear a number of major national scientific research projects and military projects, involving numerous teachers and students' personal privacy information. While the information security of colleges and universities has been improved, information security issues are gradually revealed. Although some colleges and universities have improved awareness of information security and taken some appropriate preventive measures, but we need a more comprehensive and systematic understanding of information security in colleges and universities. Of the information security issues, put forward the corresponding improvement measures to improve the level of information security in colleges and universities. This paper first reviews the current situation of information security risk assessment methods and information security research in universities . In view of the relative researches on information security assessment indexes in colleges and universities are few and less than the combination of industry standards, this article has organized domestic and international information security related industry standards, and introduced ISO / IEC 27001: 2013, an international information security management system standard to information security assessment in colleges and universities, and as a basis for building information security assessment index system. Following the principle of scientificity, comprehensiveness, rationality, minimum and quantifiable, and the information environment characteristics and information security weaknesses of universities which have been screened out, the author screens and integrates 38 specific assessment indicators under eight broad categories based on the 114 control projects of ISO / IEC 27001: 2013: policy, human resource security, asset security, access control, physical and cyber security, operational security, system access / development and maintenance, and information security incident management. By soliciting the opinions of 18 information security experts from three universities, the structural entropy method is used to calculate the weight of each index, and a suitable index system of information security assessment for universities is constructed. Finally, through the case study of M university, we get the overall current information security score of 3.2412 in M university, and the overall information security level is high. At the same time, according to the eight categories of indicators, the article makes a concrete analysis and countermeasures for M university, points out the weak points of current information security in M university, and suggests effective security strategies to improve the level of M university in many aspects. The innovation of this article: First, it takes the lead in the use of international standards ISO / IEC 27001: 2013 as the foundation to build a set of university information security assessment indicators. Second, it takes the lead in introducing the structural entropy weight method combining the subjective and the objective to determine the weight of the index. Combined with the set of indicators and the weights, a complete index system of university information security assessment is constructed. This provides a new way for university information security assessment research. | |
| 查看全文: | 预览 下载(下载需要进行登录) |