信息化背景下的保密管理研究
|
摘要
随着透明化、公开化日渐成为公众和政府的热门话题,信息也成为我们社会关注的焦点。人们在享受信息公开和共享带来的便利的同时,却忽视了信息安全的问题。信息公开是有一定的限度,着重该考虑的并非是信息是否公开,而是信息如何公开的问题。在现代国家,出于其安全和利益的需要也总有一些不宜公开或一段时期内不能让外界知悉的信息,即国家秘密,需要对其进行保密,这就是保密工作。从世界各国看,无论是政务公开的先行者还是刚刚起步的后起国家,其政务公开的发展都不是毫无限制地进行,而是都毫无例外地将国家秘密排除在公开的范围之外,绝不因信息公开影响对国家秘密的保护,这些都关系到安全保密管理。
古人云:“事以密成,语以泄败”,“三军之事,莫重于密”,讲的就是信息保密的重要性。在当前的信息化条件下,加强和改进保密工作是应对窃密活动严峻挑战的需要,是适应信息化建设快速推进的需要,也是适应市场经济深入发展,切实提高党的执政能力,依法治国,维护国家安全和利益的需要。
在信息社会里离开了信息、信息技术和计算机网络人们将一事无成,寸步难行。各国的政治、军事、经济、社会、科技等各项活动,对信息和信息网络的依赖性越来越大。随着计算机技术的广泛应用,信息安全保密管理的对象、范围、手段、方式等方方面面都发生了巨大变化,安全保密的要求及难度也不断提高,形势非常严峻。目前我国信息安全保密管理发展还存在体制理不顺,法制不健全,保密意识淡薄,技术落后,人才缺乏等诸多问题,必须进行全面加强。
如何在信息公开时代下使保密工作符合信息公开对它所提出的要求,是政府的保密工作部门必须面临的新问题。保密工作面临的许多深层次的矛盾和问题,反过来又影响着信息公开,使信息公开的问题更加复杂化。
当前,保密工作部门面临的问题是:很多人并不清楚什么是国家秘密,所从事的工作中哪些是需要保密的;最严重的就是在信息化条件下,由于公众也包括很多机关工作人员缺乏相应的计算机及网络安全知识,怎样会造成失、泄密,或者怎样会存在失、泄密隐患,都是模糊概念,不甚了解。而在实际工作中,往往只有发生失、泄密事件了才会引起单位和个人的警觉,对于存在的失、泄密隐患却是虚心接受,死不悔改。面临这样的形势,面对这样的保密工作环境,保密工作部门该怎样改变工作思路和方法,变被动为主动,是本文探讨的重点。我个人认为,保密工作当前最主要的任务是:明确任务,积极防范,把工作关口前移,突出重点,保障重点,技术和管理并重,在被边缘化的工作领域尽可能地发挥管理职能,让人们知道保密工作部门的工作本身大部分并不“保密”,而是重在宣传保密法规常识和监督管理;保密工作不是事不关己,而是人人有责。
论文从介绍信息化和信息安全保密相关知识入手,在分析了信息化背景下安全保密管理新挑战的基础上,列举了国外在安全管理方面的有效策略及经验总结,随后阐述了我国信息安全管理的现状,重点分析了存在的问题及症结所在,最后提出了一整套完善信息安全保密管理的措施。
As transparency and publicization are becoming the hot topics of the government and the public, information also becomes a major concern of our society. The public neglect the information security while they enjoy the convenience of making information public and sharing information. There is a limit to information brought into the open. What should be mainly taken into consideration is not whether or not information should come out to the open, but is how information should be made public. In modern countries, out of considering the national interests and security, there are some information that are not suitable to or cannot be made public for a given period of time, e.g. state secretes, which should be guarded. That is the work of secret-guarding. Looking out at the countries all over the world, regardless of the pioneering countries or the following emerging ones in the process of making public their government affairs, their developments are not relentless, but all of them exclude state secrets from making public. Definitely not can the guarding of state secrets be affected due to making information public. All of this is concerned about secret and security administration.
As the old sayings go:“Somethings succeed in keeping secret, lose in leaking secret”,“Among all the affairs in the army, the most important is keeping secret.”Both of them stress the importance of secret-guarding. Under the present circumstances of informatization, enhancing and improving of the work of secret-guarding meet the need of facing the rigid challenge of secret-stealing, meet the need of boosting information-based drives and also meet the need of adapting to the deeper development of market-oriented economy, truly improving the Party’s executing power, governing the country by the rule of law and safeguarding national interests and security.
Living in information society, people can do nothing without information, info-technology, computer network. A country’s activity in politics, economy, society, science & technology has more and more depent on information and information network. With publicizing of computer technology, The object, range, information secret-guarding management, method and mode as so on, all of these have be changed. The difficulty of secre-guarding increase continually and the situation is urgent extremely. At present, information secret-guarding management have many problems that management system is not suitable, legal system is not clear, conception of secret-guarding is not strong, technology is not advanced, IT technician is not so much. So it must be strengthen from all sides.
In the era of making information public, how to make the work of secret-guarding meet the requirements brought about accordingly by the former is a new problem the government secret-guarding departments must face. Many problems and paradoxies in deeper extent faced by the work of secret-guarding conversely exert an impact on making information public, making it much more complicated.
Now the problems the secret-guarding departments face are: a lot of people do not know what the state secrets are, what part of their work should be kept secret. Under the circumstances of informatization, most seriously, the public, also including staff of the government organs, are obscure or know less about what are going to result in secret losing and leaking or how the hidden troubles of secret losing and leaking are going to produce due to their lack of relevant knowledge of computer and internet safety. While in actual work, only can some cases of secret losing and leaking cause a vigilance to some units and individuals, and they usually accept the mistakes but are reluctant to correct them. Facing such situations and such secret-guarding conditions, how should the secret-guarding departments change the means and ways of their work and regain the initiative? That is the focus of this paper. In my opinion, the present most important tasks of the work of secret-guarding are : to make clear the tasks; to take early effective initiatives to positively prevent hidden troubles from producing; to make the key points of work stand out and safeguard them; to lay equal stress on technology and administration, giving a full play of the administrative functions as soon as possible in a brink work field in order to make people know that: first most of the work of secret-guarding departments itself is not“secret”, and the point is to publicize the common sense of secret-guarding regulations and laws and to pay high attention to administration and oversight; second the work of secret-guarding is not no immediate concern to theirselves, but it is everyone’s responsibility to carry it out.
The paper starts from introducing knowledge about informationization and information secret-guarding. On the basis of having analyzing the challenge of information-based secret-guarding, it enumerates policy and experience of foreign secret-guarding management. Subsequently, it describes the actuality of our country, analyses problems and reasons. Finally, it brings forward a whole series of measure of promoting information-based secret-guarding.
古人云:“事以密成,语以泄败”,“三军之事,莫重于密”,讲的就是信息保密的重要性。在当前的信息化条件下,加强和改进保密工作是应对窃密活动严峻挑战的需要,是适应信息化建设快速推进的需要,也是适应市场经济深入发展,切实提高党的执政能力,依法治国,维护国家安全和利益的需要。
在信息社会里离开了信息、信息技术和计算机网络人们将一事无成,寸步难行。各国的政治、军事、经济、社会、科技等各项活动,对信息和信息网络的依赖性越来越大。随着计算机技术的广泛应用,信息安全保密管理的对象、范围、手段、方式等方方面面都发生了巨大变化,安全保密的要求及难度也不断提高,形势非常严峻。目前我国信息安全保密管理发展还存在体制理不顺,法制不健全,保密意识淡薄,技术落后,人才缺乏等诸多问题,必须进行全面加强。
如何在信息公开时代下使保密工作符合信息公开对它所提出的要求,是政府的保密工作部门必须面临的新问题。保密工作面临的许多深层次的矛盾和问题,反过来又影响着信息公开,使信息公开的问题更加复杂化。
当前,保密工作部门面临的问题是:很多人并不清楚什么是国家秘密,所从事的工作中哪些是需要保密的;最严重的就是在信息化条件下,由于公众也包括很多机关工作人员缺乏相应的计算机及网络安全知识,怎样会造成失、泄密,或者怎样会存在失、泄密隐患,都是模糊概念,不甚了解。而在实际工作中,往往只有发生失、泄密事件了才会引起单位和个人的警觉,对于存在的失、泄密隐患却是虚心接受,死不悔改。面临这样的形势,面对这样的保密工作环境,保密工作部门该怎样改变工作思路和方法,变被动为主动,是本文探讨的重点。我个人认为,保密工作当前最主要的任务是:明确任务,积极防范,把工作关口前移,突出重点,保障重点,技术和管理并重,在被边缘化的工作领域尽可能地发挥管理职能,让人们知道保密工作部门的工作本身大部分并不“保密”,而是重在宣传保密法规常识和监督管理;保密工作不是事不关己,而是人人有责。
论文从介绍信息化和信息安全保密相关知识入手,在分析了信息化背景下安全保密管理新挑战的基础上,列举了国外在安全管理方面的有效策略及经验总结,随后阐述了我国信息安全管理的现状,重点分析了存在的问题及症结所在,最后提出了一整套完善信息安全保密管理的措施。
As transparency and publicization are becoming the hot topics of the government and the public, information also becomes a major concern of our society. The public neglect the information security while they enjoy the convenience of making information public and sharing information. There is a limit to information brought into the open. What should be mainly taken into consideration is not whether or not information should come out to the open, but is how information should be made public. In modern countries, out of considering the national interests and security, there are some information that are not suitable to or cannot be made public for a given period of time, e.g. state secretes, which should be guarded. That is the work of secret-guarding. Looking out at the countries all over the world, regardless of the pioneering countries or the following emerging ones in the process of making public their government affairs, their developments are not relentless, but all of them exclude state secrets from making public. Definitely not can the guarding of state secrets be affected due to making information public. All of this is concerned about secret and security administration.
As the old sayings go:“Somethings succeed in keeping secret, lose in leaking secret”,“Among all the affairs in the army, the most important is keeping secret.”Both of them stress the importance of secret-guarding. Under the present circumstances of informatization, enhancing and improving of the work of secret-guarding meet the need of facing the rigid challenge of secret-stealing, meet the need of boosting information-based drives and also meet the need of adapting to the deeper development of market-oriented economy, truly improving the Party’s executing power, governing the country by the rule of law and safeguarding national interests and security.
Living in information society, people can do nothing without information, info-technology, computer network. A country’s activity in politics, economy, society, science & technology has more and more depent on information and information network. With publicizing of computer technology, The object, range, information secret-guarding management, method and mode as so on, all of these have be changed. The difficulty of secre-guarding increase continually and the situation is urgent extremely. At present, information secret-guarding management have many problems that management system is not suitable, legal system is not clear, conception of secret-guarding is not strong, technology is not advanced, IT technician is not so much. So it must be strengthen from all sides.
In the era of making information public, how to make the work of secret-guarding meet the requirements brought about accordingly by the former is a new problem the government secret-guarding departments must face. Many problems and paradoxies in deeper extent faced by the work of secret-guarding conversely exert an impact on making information public, making it much more complicated.
Now the problems the secret-guarding departments face are: a lot of people do not know what the state secrets are, what part of their work should be kept secret. Under the circumstances of informatization, most seriously, the public, also including staff of the government organs, are obscure or know less about what are going to result in secret losing and leaking or how the hidden troubles of secret losing and leaking are going to produce due to their lack of relevant knowledge of computer and internet safety. While in actual work, only can some cases of secret losing and leaking cause a vigilance to some units and individuals, and they usually accept the mistakes but are reluctant to correct them. Facing such situations and such secret-guarding conditions, how should the secret-guarding departments change the means and ways of their work and regain the initiative? That is the focus of this paper. In my opinion, the present most important tasks of the work of secret-guarding are : to make clear the tasks; to take early effective initiatives to positively prevent hidden troubles from producing; to make the key points of work stand out and safeguard them; to lay equal stress on technology and administration, giving a full play of the administrative functions as soon as possible in a brink work field in order to make people know that: first most of the work of secret-guarding departments itself is not“secret”, and the point is to publicize the common sense of secret-guarding regulations and laws and to pay high attention to administration and oversight; second the work of secret-guarding is not no immediate concern to theirselves, but it is everyone’s responsibility to carry it out.
The paper starts from introducing knowledge about informationization and information secret-guarding. On the basis of having analyzing the challenge of information-based secret-guarding, it enumerates policy and experience of foreign secret-guarding management. Subsequently, it describes the actuality of our country, analyses problems and reasons. Finally, it brings forward a whole series of measure of promoting information-based secret-guarding.
引文
1沈昌祥,左晓栋著.信息安全.-杭州:浙江大学出版社,2007.10
3吉增瑞.信息安全等级保护浅析[J]网络安全技术与应用,2005,(01) .
4周仲义.提高网络安全意识,加强信息安全保障2003-11.
5保密法比较研究,国家保密局法规处。2001.
6保密法比较研究,国家保密局法规处。2001.
7保密法比较研究,国家保密局法规处。2001.
10肖霞.国防科技期刊加强保密工作的对策[A]科技编辑出版研究文集(第八集) [C], 2005 .
11赵战生,杜虹,吕述望。信息安全保密教程.中国科学技术大学出版社.2006
18肖霞.国防科技期刊加强保密工作的对策[A]科技编辑出版研究文集(第八集) [C], 2005 .
19侯维青,王选敬.做好新形势下保密工作的重要性[J]山东省工会管理干部学院学报, 2003,(06) .
20沈昌祥.关于加强信息安全保障体系的思考[J].保密工作,2003,(2):26-28.
21《科技保密教程》编写组.科技保密教程(试用本,内部教材[R].北京:国家科技保密办公室,2002.112-115.第2期
22朱建明等.一种可生存的电子政务安全策略模型.网络安全技术与应用.2004:29~32
[1]沈昌祥,左晓栋著.信息安全.-杭州:浙江大学出版社,2007.10
[2]周仲义.提高网络安全意识,加强信息安全保障2003 -11.www.whitehouse.gov/omb /circulars/a130/a130trans4.pbf.
[3]吉增瑞.信息安全等级保护浅析[J]网络安全技术与应用,2005,(01) .
[4]保密法比较研究,国家保密局法规处。2001.
[5] Executive Order 12958-Classified Nationgal Security Information, as Amended. www.archives.gov/isoo/police-documents/eo-12958-amenment.html.
[6]王强.论信息安全在国家安全中的战略地位[D].山东师范大学,2006.
[7]彭秀刚.一个保密单位网络财务现状及安全保障体系研究[D].贵州大学, 2006
[8]黄海.论企业信息安全管理[D].郑州大学,2005
[9]新时期保密工作面临的挑战和对策[J].办公室业务, 2003,(05)
[10]李浩.电子政务安全策略研究[D].哈尔滨工业大学,2006
[11] Statement by Daniel G. Wolf Director of Information Assurance National Security Agency Before The House Select Committee on Homeland Security Subcommittee on Cybersecurity, Science and Research & Development. Hearing on“Cybersecurity? Getting it Right”, July 22,2003.
[12]张京.信息网络的发展与国家安全[J].信息安全与通信保密, 2001,(01) .
[13]崔玉华.对“信息安全等级保护”的探讨[J]信息网络安全,2005,(02) .
[14]吴满意,黄小芳.论网络时代的国家安全观[J]当代世界与社会主义, 2003,(04) .
[15]李岩,杨永川.从安全等级评估谈安全管理[J]中国人民公安大学学报(自然科学版) ,2005,(02) .
[16]张俊兵.对美国信息系统等级化保护的探讨[J]网络安全技术与应用,2005,(06) .
[17]董晓玲.认真做好新形势下的保密工作促进地方经济健康发展[J]吉林农业科技学院学报, 2007,(01) .
[18]肖霞.国防科技期刊加强保密工作的对策[A]科技编辑出版研究文集(第八集) [C], 2005 .
[19]侯维青,王选敬.做好新形势下保密工作的重要性[J]山东省工会管理干部学院学报, 2003,(06) .
[20]解庆芝,李军.努力做好信息安全保密工作[J].发展论坛, 2003,(06) .
[21]李学勇.认清形势,积极进取做好新时期的科技保密工作[R].2002年5月10日在全国科技保密工作会议上的报告.
[22]蒋美仕等.市场化网络化条件下我国科技保密管理体系的结构优化[J].中国科技论坛,2005,(4):61-64.
[23]蒋美仕等.市场化网络化条件下我国科技保密管理体系的机制探析[J].科技进步与对策,2005,(9):181-183.
[24]《科技保密教程》编写组.科技保密教程(试用本,内部教材[R].北京:国家科技保密办公室,2002.112-115.第2期
[25]胡亚文.市场化网络化条件下科技涉密人员人本管理问题研究[J].科技进步与对策,2004(5):124-126.
[26]沈昌祥.关于加强信息安全保障体系的思考[J].保密工作,2003,(2):26-28.
[27]王守信.保密工作管理概论[M].北京:金城出版社,1999:11-30.
[28]勤思.保密工作要建立新机制[J].保密工作,2002,(8):17.
[29]周三多,陈传明,鲁明泓.管理学[M].上海:复旦大学出版社,2003:120-173.
[30]纪柳玲.从源头上解决问题[J].保密工作,2002,(6):13.
[31]吴寿仁.技术秘密保护理论与务实[M].珠海:珠海出版社,1999:45-68.
[32]丛友贵.信息安全保密概论.金城出版社.2001:1-23.
[33] Network and Information Security: Proposal for European Policy Approach COMMUNICATION FROM THE COMMISSION TO THE COUNCIL,THE EUROPEAN PARLIAMENT,THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS.
[34]1oriowski5.Electronieauthentieation一morethanjustdigitalsignatures.ComPuter Lw&SeeurityRePort,2000,16(1):28一32
[35]万平国.网络隔离与网闸.机械工业出版社,2004.20一100
[36]朱建明,马建峰.基于容忍入侵的数据库安全体系结构.西安电子科技大学学报.2003:56一59
[37]YuH,JinC,CheH.Adeseriptionlogicforp trustdomainmodeling·Information Technology and APPlications,2005,7:524一528
[38]魏力,洪帆.电子政务要处理理好信息公开与保密的关系.信息安全与通信保密.2003
3吉增瑞.信息安全等级保护浅析[J]网络安全技术与应用,2005,(01) .
4周仲义.提高网络安全意识,加强信息安全保障2003-11.
5保密法比较研究,国家保密局法规处。2001.
6保密法比较研究,国家保密局法规处。2001.
7保密法比较研究,国家保密局法规处。2001.
10肖霞.国防科技期刊加强保密工作的对策[A]科技编辑出版研究文集(第八集) [C], 2005 .
11赵战生,杜虹,吕述望。信息安全保密教程.中国科学技术大学出版社.2006
18肖霞.国防科技期刊加强保密工作的对策[A]科技编辑出版研究文集(第八集) [C], 2005 .
19侯维青,王选敬.做好新形势下保密工作的重要性[J]山东省工会管理干部学院学报, 2003,(06) .
20沈昌祥.关于加强信息安全保障体系的思考[J].保密工作,2003,(2):26-28.
21《科技保密教程》编写组.科技保密教程(试用本,内部教材[R].北京:国家科技保密办公室,2002.112-115.第2期
22朱建明等.一种可生存的电子政务安全策略模型.网络安全技术与应用.2004:29~32
[1]沈昌祥,左晓栋著.信息安全.-杭州:浙江大学出版社,2007.10
[2]周仲义.提高网络安全意识,加强信息安全保障2003 -11.www.whitehouse.gov/omb /circulars/a130/a130trans4.pbf.
[3]吉增瑞.信息安全等级保护浅析[J]网络安全技术与应用,2005,(01) .
[4]保密法比较研究,国家保密局法规处。2001.
[5] Executive Order 12958-Classified Nationgal Security Information, as Amended. www.archives.gov/isoo/police-documents/eo-12958-amenment.html.
[6]王强.论信息安全在国家安全中的战略地位[D].山东师范大学,2006.
[7]彭秀刚.一个保密单位网络财务现状及安全保障体系研究[D].贵州大学, 2006
[8]黄海.论企业信息安全管理[D].郑州大学,2005
[9]新时期保密工作面临的挑战和对策[J].办公室业务, 2003,(05)
[10]李浩.电子政务安全策略研究[D].哈尔滨工业大学,2006
[11] Statement by Daniel G. Wolf Director of Information Assurance National Security Agency Before The House Select Committee on Homeland Security Subcommittee on Cybersecurity, Science and Research & Development. Hearing on“Cybersecurity? Getting it Right”, July 22,2003.
[12]张京.信息网络的发展与国家安全[J].信息安全与通信保密, 2001,(01) .
[13]崔玉华.对“信息安全等级保护”的探讨[J]信息网络安全,2005,(02) .
[14]吴满意,黄小芳.论网络时代的国家安全观[J]当代世界与社会主义, 2003,(04) .
[15]李岩,杨永川.从安全等级评估谈安全管理[J]中国人民公安大学学报(自然科学版) ,2005,(02) .
[16]张俊兵.对美国信息系统等级化保护的探讨[J]网络安全技术与应用,2005,(06) .
[17]董晓玲.认真做好新形势下的保密工作促进地方经济健康发展[J]吉林农业科技学院学报, 2007,(01) .
[18]肖霞.国防科技期刊加强保密工作的对策[A]科技编辑出版研究文集(第八集) [C], 2005 .
[19]侯维青,王选敬.做好新形势下保密工作的重要性[J]山东省工会管理干部学院学报, 2003,(06) .
[20]解庆芝,李军.努力做好信息安全保密工作[J].发展论坛, 2003,(06) .
[21]李学勇.认清形势,积极进取做好新时期的科技保密工作[R].2002年5月10日在全国科技保密工作会议上的报告.
[22]蒋美仕等.市场化网络化条件下我国科技保密管理体系的结构优化[J].中国科技论坛,2005,(4):61-64.
[23]蒋美仕等.市场化网络化条件下我国科技保密管理体系的机制探析[J].科技进步与对策,2005,(9):181-183.
[24]《科技保密教程》编写组.科技保密教程(试用本,内部教材[R].北京:国家科技保密办公室,2002.112-115.第2期
[25]胡亚文.市场化网络化条件下科技涉密人员人本管理问题研究[J].科技进步与对策,2004(5):124-126.
[26]沈昌祥.关于加强信息安全保障体系的思考[J].保密工作,2003,(2):26-28.
[27]王守信.保密工作管理概论[M].北京:金城出版社,1999:11-30.
[28]勤思.保密工作要建立新机制[J].保密工作,2002,(8):17.
[29]周三多,陈传明,鲁明泓.管理学[M].上海:复旦大学出版社,2003:120-173.
[30]纪柳玲.从源头上解决问题[J].保密工作,2002,(6):13.
[31]吴寿仁.技术秘密保护理论与务实[M].珠海:珠海出版社,1999:45-68.
[32]丛友贵.信息安全保密概论.金城出版社.2001:1-23.
[33] Network and Information Security: Proposal for European Policy Approach COMMUNICATION FROM THE COMMISSION TO THE COUNCIL,THE EUROPEAN PARLIAMENT,THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS.
[34]1oriowski5.Electronieauthentieation一morethanjustdigitalsignatures.ComPuter Lw&SeeurityRePort,2000,16(1):28一32
[35]万平国.网络隔离与网闸.机械工业出版社,2004.20一100
[36]朱建明,马建峰.基于容忍入侵的数据库安全体系结构.西安电子科技大学学报.2003:56一59
[37]YuH,JinC,CheH.Adeseriptionlogicforp trustdomainmodeling·Information Technology and APPlications,2005,7:524一528
[38]魏力,洪帆.电子政务要处理理好信息公开与保密的关系.信息安全与通信保密.2003