网络信息条件下我国国家信息安全与策略研究
|
摘要
网络信息环境下,信息技术遍布社会生产生活的各个方面,与此相应的,信息安全在国家安全中所占的战略地位越来越突出。因此,加强信息安全管理对保障我国国家安全有着非常重要的意义。本文针对我国面临的信息安全管理现状在借鉴国外信息安全管理的成功经验的基础上提出了我国信息安全管理的战略管理策略。
本文主要包括四个大部分:第一部分主要介绍国家信息安全及网络环境下国家信息安全的相关基础理论。第二部分总结归纳了以美国、英国、日本三国信息安全管理为代表的国外信息安全管理的成功经验及其对我国的启示。第三部分分析了我国目前信息安全管理面临的形势、面对的挑战及存在的问题。第四部分即在前面理论分析及实际分析的基础上提出了我国信息安全战略管理三个方面——法制建设、保障体系、监督机制三方面的策略。
本文的写作目的就是想通过本文的研究为我国完善信息安全管理系统提供战略角度的思考借鉴。根据本文的研究特点,本文在研究上采用了文献整理分析方法、对比分析方法等研究方法。本文的创新点在于归纳总结了国外信息安全管理的成功经验、在分析我国信息安全管理的实际的基础上提出了我国信息安全管理的战略管理策略。
Information technology throughout all aspects of social production and life under network environment, and at the same time, the strategic position of the information security in the share of the national security strategy is becoming more and more prominent. Therefore, it is very important significance to enhance information security management to protect our national security. In this paper, based on our current situation and the successful experience of foreign information security management, it China puts forward our strategic management strategy of information security.
This article includes four parts:The first part introduces the national information security and network environment, national security-related basic theory. The second part summers up the successful experience of foreign information security management and their inspirations represented by the United States, Britain and Japan. The third part analyzes of the situation, challenges and problems that our country now facing in the form of information security management. The fourth part puts forward our national information security strategic management strategy -legal system, security system and monitoring mechanism strategy based on the front of theoretical and practical analysis.
Purposes of this article are to provide strategic point of view of reference to improve our national security management system. According to the characteristics of this research, the paper used the research literature review analysis, comparative analysis and other methods. The innovation in this article is proposed strategic management of information security management strategy based on summarizing the success of foreign information security management experience and the actual management of information security.
本文主要包括四个大部分:第一部分主要介绍国家信息安全及网络环境下国家信息安全的相关基础理论。第二部分总结归纳了以美国、英国、日本三国信息安全管理为代表的国外信息安全管理的成功经验及其对我国的启示。第三部分分析了我国目前信息安全管理面临的形势、面对的挑战及存在的问题。第四部分即在前面理论分析及实际分析的基础上提出了我国信息安全战略管理三个方面——法制建设、保障体系、监督机制三方面的策略。
本文的写作目的就是想通过本文的研究为我国完善信息安全管理系统提供战略角度的思考借鉴。根据本文的研究特点,本文在研究上采用了文献整理分析方法、对比分析方法等研究方法。本文的创新点在于归纳总结了国外信息安全管理的成功经验、在分析我国信息安全管理的实际的基础上提出了我国信息安全管理的战略管理策略。
Information technology throughout all aspects of social production and life under network environment, and at the same time, the strategic position of the information security in the share of the national security strategy is becoming more and more prominent. Therefore, it is very important significance to enhance information security management to protect our national security. In this paper, based on our current situation and the successful experience of foreign information security management, it China puts forward our strategic management strategy of information security.
This article includes four parts:The first part introduces the national information security and network environment, national security-related basic theory. The second part summers up the successful experience of foreign information security management and their inspirations represented by the United States, Britain and Japan. The third part analyzes of the situation, challenges and problems that our country now facing in the form of information security management. The fourth part puts forward our national information security strategic management strategy -legal system, security system and monitoring mechanism strategy based on the front of theoretical and practical analysis.
Purposes of this article are to provide strategic point of view of reference to improve our national security management system. According to the characteristics of this research, the paper used the research literature review analysis, comparative analysis and other methods. The innovation in this article is proposed strategic management of information security management strategy based on summarizing the success of foreign information security management experience and the actual management of information security.
引文
① Buzzard K. Computer security-what should you spend your money on[J]. Computers& Security,2002(2):10-12
② Ernie Jordan. Information Security Management-Part2:Specification for Information Security Management Systems[M]. Computer Engineering, 2002
③ Campbell AT, Kounavis ME, Villela D Aetal. Spawning networks[J].IEE Network,2002(3):15-18
④ Nishio, Shuichi. Standardization of evaluation criteria for IT security [J]. NTT Review,2002(5):20-22
① Modiri N. The ISO reference model entities[M].IEEE Network:, Bratislava Slovakia,1999
② Lawrence A Gordon, Martin P Loeb. CSI/FBI Computer Crime and Security Survey 2004[M]. Computer Security Institute,2004
③ Denning D. An Intrusion-Detection Model[M].IEEE transaction on Software Engineering,1987
①张春江,倪健民.国家信息安全报告[J].人民出版社,2000(4):113-117
②李劲松.信息时代如何保障国家安全:信息安全的主要威胁及其对策[J].国家安全通讯,2007(7):67-69
①陆忠伟.非传统安全论[M].北京:机械出版社,2006
②王逸舟.西方国际政治学:历史与理论[M].上海:新华出版社,2002
③蔡拓等.转型中的政府与市民社会——东亚非传统安全问题研究[M].北京:国际文化出版社,2001
④张海滨.国外环境与安全问题研究述评[J].国际展望,2007(2):33-39
⑤韩慧群.信息时代如何保障国家安全:信息安全的主要威胁及其对策[J].国家安全通讯,2007(7):67-69
⑥陈峰.信息系统安全风险评估[J].计算机工程与应用,2006(4):145-148
⑦陈琦珺、唐慧琳.面向抗攻击测试的完整性检测系统设计.微计算机信息.2007(33)
⑧肖龙.一种定量的信息安全风险评估模型[J].空军工程大学学报,2005,6(06):56-59
① Michael Hateher, Jay Me Dannell and Staey Ostfeld. Computer Crimes[J].AI Ueriean Criminal Law Review, 1999(11):23-35
②许榕生.黑客突袭互联网.网络安全受关注[J].北京青年报,2007(2):14-17
③陈效卫.防不胜防:信息时代国家安全面临的挑战[J].国际展望,2007(2):33-39
①W.G.de Ru,J.H.P.Eloff.Risk analysis modelling with the use of fuzzy logic. Computer& Security,1996 (15):239-248
①Ri. Hard Clarke.Network Security[J].IT Security standardization,2004(12):6-11
①孔笑微.全球化进程中的信息主权[J].国际论坛,2000(10):102-105
① Richard Clarke.Keynote address:Threats to U.S.National Security:Proposed Partnership Initiatives Towards Preventing Cyber Terrorist Attacks[J].DePaul Business Law Journal,1999 (1):201-210
① Ban.RaveendranGreene[J].BVPv4Security Risk Assessmeni,2002(7):123-126
② Kwok L E.Information Security Management and Model-ing[J].Information Management and ComPuter Security,1999(5):89=94
①Hal R.Varian. Managing Online Security Risks[J]. New York Times,2000(1):2-3
① Alfredo Garcia, Barry Horowitz. The Potential for Underinvestment in Internet Security:Implications for Regulatory Policy[J].The Fifth Workshop on Economics and Information Security,2006(32):43-56
① Andrew Odlyzko. Cryptographic abundance and pervasive computing. IMP[J].Information Impacts Magazine, 2000(6)::25-37
①王娜,方滨兴,罗建中.“5432”战略国家信息安全保障体系框架研究[J].通信学报,2008(7):1-9
①沈昌祥.基于可信平台构筑积极防御的信息安全保障框架[J]信息安全与通信保密,2004(9):17-18
①王会杰.公安局域网感染病毒的原因及防治对策[J]中国人民公安大学学报(自然科学版),2004(1):63-64
①李鹤田,刘云,何德全.信息系统安全风险评估研究综述[J]中国安全科学学报,2006(1):108-113
②王刊良,刘庆.我国推进信息化代价的系统分析[J]科学学与科学技术管理,2005(10):18-21
①沈昌祥.基于可信平台构筑积极防御的信息安全保障框架[J]信息安全与通信保密,2004(9):17-18
①李劲松.信息时代如何保障国家安全:信息安全的主要威胁及其对策[J]国家安全通讯,2001(7):23-26
①唐六华.网络安全的发展及其应对策略[J]信息安全与通信保密,2007(3):56-59
①张春江,倪健民.国家信息安全报告[J].人民出版社,2000(4):113-117
[1]Buzzard K. Computer security-what should you spend your money on[J]. Computers& Security,2002(2):10-12
[2]Ernie Jordan. Information Security Management-Part2:Specification for Information Security Management Systems [M]. Computer Engineering,2002
[3]Campbell AT, Microenvironmental Modeling Integrated With Geographic Information Systems for Exposure Analysis [J].IEE Network,2002(3):15-18
[4]Nishio, Shuichi. Standardization of evaluation criteria for IT security [J]. NTT Review, 2002(5):20-22
[5]Modiri N. The ISO reference model entities[M].IEEE Network:, Bratislava Slovakia,1999
[6]Lawrence A Gordon, Martin P Loeb. CSI/FBI Computer Crime and Security Survey 2004[M]. Computer Security Institute,2004
[7]Denning D. An Intrusion-Detection Model[M].IEEE transaction on Software Engineering,1987
[8]张春江,倪健民.国家信息安全报告[J].人民出版社,2000(4):113-117[1]李劲松.信息时代如何保障国家安全:信息安全的主要威胁及其对策[J].国家安全通讯,2007(7):67-69
[9]陆忠伟.非传统安全论[M].北京:机械出版社,2006
[10]王逸舟.西方国际政治学:历史与理论[M].上海:新华出版社,2002
[11]蔡拓等.转型中的政府与市民社会——东亚非传统安全问题研究[M].北京:国际文化出版社,2001
[12]张海滨.国外环境与安全问题研究述评[J].国际展望,2007(2):33-39
[13]韩慧群.信息时代如何保障国家安全:信息安全的主要威胁及其对策[J].国家安全通讯,2007(7):67-69
[14]陈峰.信息系统安全风险评估[J].计算机工程与应用,2006(4):145-148
[15]肖龙.一种定量的信息安全风险评估模型[J].空军工程大学学报,2005,6(06):56-59
[16]Michael Hateher, Jay Me Dannell and Staey Ostfeld. Computer Crimes[J].AI Ueriean Criminal Law Review,1999(11):23-35
[17]许榕生.黑客突袭互联网.网络安全受关注[J].北京青年报,2007(2):14-17
[18]陈效卫.防不胜防:信息时代国家安全面临的挑战[J].国际展望,2007(2): 33-39
[19]W.G. de Ru, J. H. P. Eloff. Risk analysis modelling with the use of fuzzy logic. Computer& Security,1996 (15):239-248
[20]Ri. Hard Clarke. Network Security [J].IT Security standardization,2004(12):6-11
[21]孔笑微.全球化进程中的信息主权[J].国际论坛,2000(10):102-105
[22]Richard Clarke. Keynote address:Threats to U.S.National Security:Proposed Partnership Initiatives Towards Preventing Cyber Terrorist Attacks[J].DePaul Business Law Journal,1999 (1):201-210
[23]Ban. RaveendranGreene[J].BVPv4Security Risk Assessmeni,2002(7):123-126
[24]Kwok L E. Information Security Management and Model-ing[J].Information Management and ComPuter Security,1999(5):89=94
[25]Hal R. Varian. Managing Online Security Risks[J]. New York Times,2000(1):2-3
[26]Alfredo Garcia, Barry Horowitz. The Potential for Underinvestment in Internet Security:Implications for Regulatory Policy[J].The Fifth Workshop on Economics and Information Security,2006(32):43-56
[27]Andrew Odlyzko. Cryptographic abundance and pervasive computing IMP[J]. Information Impacts Magazine,2000(6)::25-37
[28]王娜,方滨兴,罗建中.“5432”战略国家信息安全保障体系框架研究[J].通信学报,2008(7):1-9
[29]沈昌祥.基于可信平台构筑积极防御的信息安全保障框架[J]信息安全与通信保密,2004(9):17-18
[30]王会杰.公安局域网感染病毒的原因及防治对策[J]中国人民公安大学学报(自然科学版),2004(1):63-64
[31]李鹤田,刘云,何德全.信息系统安全风险评估研究综述[J]中国安全科学学报,2006(1):108-113
[32]王刊良,刘庆.我国推进信息化代价的系统分析[J]科学学与科学技术管理,2005(10):18-21
[33]沈昌祥.基于可信平台构筑积极防御的信息安全保障框架[J]信息安全与通信保密,2004(9):17-18
[34]李劲松.信息时代如何保障国家安全:信息安全的主要威胁及其对策[J]国家安全通讯,2001(7):23-26
[35]唐六华.网络安全的发展及其应对策略[J]信息安全与通信保密,2007(3):56-59
[36]吴志忠.信息霸权——国家主权的新挑战[J].国际展望,2008(6):23-26
[37]黄元飞,栗欣.网络与信息安全标准研究现状及热点问题探讨[J].电信科学,2008(1):19-25
[38]吕连元.信息战装备技术发展浅议[J].电子对抗,2008(1):6-9
[39]刘跃进.系统安全观及其三层次[J].国际关系学院学报,’2007(2):3-9
[40]黄昌富.网络不安全因素[J].信息网络安全,2008(8):45-47
[41]Dr Walter Fumy, Network Security [J].IT Security standardization,2004(12):6-11
[42]A·托夫勒.预测与前提.托夫勒著作选(中译本[M].北京:国际文化出版社,1984
[43]阿尔温·托夫勒.未来的战争[M].上海:新华出版社,1996
[44]Ax·沙瓦耶夫.国家安全新论[M].广州:军事译文出版社,2002
② Ernie Jordan. Information Security Management-Part2:Specification for Information Security Management Systems[M]. Computer Engineering, 2002
③ Campbell AT, Kounavis ME, Villela D Aetal. Spawning networks[J].IEE Network,2002(3):15-18
④ Nishio, Shuichi. Standardization of evaluation criteria for IT security [J]. NTT Review,2002(5):20-22
① Modiri N. The ISO reference model entities[M].IEEE Network:, Bratislava Slovakia,1999
② Lawrence A Gordon, Martin P Loeb. CSI/FBI Computer Crime and Security Survey 2004[M]. Computer Security Institute,2004
③ Denning D. An Intrusion-Detection Model[M].IEEE transaction on Software Engineering,1987
①张春江,倪健民.国家信息安全报告[J].人民出版社,2000(4):113-117
②李劲松.信息时代如何保障国家安全:信息安全的主要威胁及其对策[J].国家安全通讯,2007(7):67-69
①陆忠伟.非传统安全论[M].北京:机械出版社,2006
②王逸舟.西方国际政治学:历史与理论[M].上海:新华出版社,2002
③蔡拓等.转型中的政府与市民社会——东亚非传统安全问题研究[M].北京:国际文化出版社,2001
④张海滨.国外环境与安全问题研究述评[J].国际展望,2007(2):33-39
⑤韩慧群.信息时代如何保障国家安全:信息安全的主要威胁及其对策[J].国家安全通讯,2007(7):67-69
⑥陈峰.信息系统安全风险评估[J].计算机工程与应用,2006(4):145-148
⑦陈琦珺、唐慧琳.面向抗攻击测试的完整性检测系统设计.微计算机信息.2007(33)
⑧肖龙.一种定量的信息安全风险评估模型[J].空军工程大学学报,2005,6(06):56-59
① Michael Hateher, Jay Me Dannell and Staey Ostfeld. Computer Crimes[J].AI Ueriean Criminal Law Review, 1999(11):23-35
②许榕生.黑客突袭互联网.网络安全受关注[J].北京青年报,2007(2):14-17
③陈效卫.防不胜防:信息时代国家安全面临的挑战[J].国际展望,2007(2):33-39
①W.G.de Ru,J.H.P.Eloff.Risk analysis modelling with the use of fuzzy logic. Computer& Security,1996 (15):239-248
①Ri. Hard Clarke.Network Security[J].IT Security standardization,2004(12):6-11
①孔笑微.全球化进程中的信息主权[J].国际论坛,2000(10):102-105
① Richard Clarke.Keynote address:Threats to U.S.National Security:Proposed Partnership Initiatives Towards Preventing Cyber Terrorist Attacks[J].DePaul Business Law Journal,1999 (1):201-210
① Ban.RaveendranGreene[J].BVPv4Security Risk Assessmeni,2002(7):123-126
② Kwok L E.Information Security Management and Model-ing[J].Information Management and ComPuter Security,1999(5):89=94
①Hal R.Varian. Managing Online Security Risks[J]. New York Times,2000(1):2-3
① Alfredo Garcia, Barry Horowitz. The Potential for Underinvestment in Internet Security:Implications for Regulatory Policy[J].The Fifth Workshop on Economics and Information Security,2006(32):43-56
① Andrew Odlyzko. Cryptographic abundance and pervasive computing. IMP[J].Information Impacts Magazine, 2000(6)::25-37
①王娜,方滨兴,罗建中.“5432”战略国家信息安全保障体系框架研究[J].通信学报,2008(7):1-9
①沈昌祥.基于可信平台构筑积极防御的信息安全保障框架[J]信息安全与通信保密,2004(9):17-18
①王会杰.公安局域网感染病毒的原因及防治对策[J]中国人民公安大学学报(自然科学版),2004(1):63-64
①李鹤田,刘云,何德全.信息系统安全风险评估研究综述[J]中国安全科学学报,2006(1):108-113
②王刊良,刘庆.我国推进信息化代价的系统分析[J]科学学与科学技术管理,2005(10):18-21
①沈昌祥.基于可信平台构筑积极防御的信息安全保障框架[J]信息安全与通信保密,2004(9):17-18
①李劲松.信息时代如何保障国家安全:信息安全的主要威胁及其对策[J]国家安全通讯,2001(7):23-26
①唐六华.网络安全的发展及其应对策略[J]信息安全与通信保密,2007(3):56-59
①张春江,倪健民.国家信息安全报告[J].人民出版社,2000(4):113-117
[1]Buzzard K. Computer security-what should you spend your money on[J]. Computers& Security,2002(2):10-12
[2]Ernie Jordan. Information Security Management-Part2:Specification for Information Security Management Systems [M]. Computer Engineering,2002
[3]Campbell AT, Microenvironmental Modeling Integrated With Geographic Information Systems for Exposure Analysis [J].IEE Network,2002(3):15-18
[4]Nishio, Shuichi. Standardization of evaluation criteria for IT security [J]. NTT Review, 2002(5):20-22
[5]Modiri N. The ISO reference model entities[M].IEEE Network:, Bratislava Slovakia,1999
[6]Lawrence A Gordon, Martin P Loeb. CSI/FBI Computer Crime and Security Survey 2004[M]. Computer Security Institute,2004
[7]Denning D. An Intrusion-Detection Model[M].IEEE transaction on Software Engineering,1987
[8]张春江,倪健民.国家信息安全报告[J].人民出版社,2000(4):113-117[1]李劲松.信息时代如何保障国家安全:信息安全的主要威胁及其对策[J].国家安全通讯,2007(7):67-69
[9]陆忠伟.非传统安全论[M].北京:机械出版社,2006
[10]王逸舟.西方国际政治学:历史与理论[M].上海:新华出版社,2002
[11]蔡拓等.转型中的政府与市民社会——东亚非传统安全问题研究[M].北京:国际文化出版社,2001
[12]张海滨.国外环境与安全问题研究述评[J].国际展望,2007(2):33-39
[13]韩慧群.信息时代如何保障国家安全:信息安全的主要威胁及其对策[J].国家安全通讯,2007(7):67-69
[14]陈峰.信息系统安全风险评估[J].计算机工程与应用,2006(4):145-148
[15]肖龙.一种定量的信息安全风险评估模型[J].空军工程大学学报,2005,6(06):56-59
[16]Michael Hateher, Jay Me Dannell and Staey Ostfeld. Computer Crimes[J].AI Ueriean Criminal Law Review,1999(11):23-35
[17]许榕生.黑客突袭互联网.网络安全受关注[J].北京青年报,2007(2):14-17
[18]陈效卫.防不胜防:信息时代国家安全面临的挑战[J].国际展望,2007(2): 33-39
[19]W.G. de Ru, J. H. P. Eloff. Risk analysis modelling with the use of fuzzy logic. Computer& Security,1996 (15):239-248
[20]Ri. Hard Clarke. Network Security [J].IT Security standardization,2004(12):6-11
[21]孔笑微.全球化进程中的信息主权[J].国际论坛,2000(10):102-105
[22]Richard Clarke. Keynote address:Threats to U.S.National Security:Proposed Partnership Initiatives Towards Preventing Cyber Terrorist Attacks[J].DePaul Business Law Journal,1999 (1):201-210
[23]Ban. RaveendranGreene[J].BVPv4Security Risk Assessmeni,2002(7):123-126
[24]Kwok L E. Information Security Management and Model-ing[J].Information Management and ComPuter Security,1999(5):89=94
[25]Hal R. Varian. Managing Online Security Risks[J]. New York Times,2000(1):2-3
[26]Alfredo Garcia, Barry Horowitz. The Potential for Underinvestment in Internet Security:Implications for Regulatory Policy[J].The Fifth Workshop on Economics and Information Security,2006(32):43-56
[27]Andrew Odlyzko. Cryptographic abundance and pervasive computing IMP[J]. Information Impacts Magazine,2000(6)::25-37
[28]王娜,方滨兴,罗建中.“5432”战略国家信息安全保障体系框架研究[J].通信学报,2008(7):1-9
[29]沈昌祥.基于可信平台构筑积极防御的信息安全保障框架[J]信息安全与通信保密,2004(9):17-18
[30]王会杰.公安局域网感染病毒的原因及防治对策[J]中国人民公安大学学报(自然科学版),2004(1):63-64
[31]李鹤田,刘云,何德全.信息系统安全风险评估研究综述[J]中国安全科学学报,2006(1):108-113
[32]王刊良,刘庆.我国推进信息化代价的系统分析[J]科学学与科学技术管理,2005(10):18-21
[33]沈昌祥.基于可信平台构筑积极防御的信息安全保障框架[J]信息安全与通信保密,2004(9):17-18
[34]李劲松.信息时代如何保障国家安全:信息安全的主要威胁及其对策[J]国家安全通讯,2001(7):23-26
[35]唐六华.网络安全的发展及其应对策略[J]信息安全与通信保密,2007(3):56-59
[36]吴志忠.信息霸权——国家主权的新挑战[J].国际展望,2008(6):23-26
[37]黄元飞,栗欣.网络与信息安全标准研究现状及热点问题探讨[J].电信科学,2008(1):19-25
[38]吕连元.信息战装备技术发展浅议[J].电子对抗,2008(1):6-9
[39]刘跃进.系统安全观及其三层次[J].国际关系学院学报,’2007(2):3-9
[40]黄昌富.网络不安全因素[J].信息网络安全,2008(8):45-47
[41]Dr Walter Fumy, Network Security [J].IT Security standardization,2004(12):6-11
[42]A·托夫勒.预测与前提.托夫勒著作选(中译本[M].北京:国际文化出版社,1984
[43]阿尔温·托夫勒.未来的战争[M].上海:新华出版社,1996
[44]Ax·沙瓦耶夫.国家安全新论[M].广州:军事译文出版社,2002