Wei TIAN,Xiao-hu YANG,Xiao-yao XIE

1999-01-01

Abstract:In this article,we present research work which is focused on the Electronic Taxation System and its network security on Internet.Through analysis of the procedures of taxation and considerations of some of the characteristics of the current pragmatic network security technologies,we proposed a security model of ETS with reference to the system on Internet.

Lei Ping,Lei Zhanbo

2010-01-01

Abstract:In this study, based on the study of information security risk assessment, make a deep research of the E-government information security risk assessment by comparing the analysis of the relevant standards, make a improvements of the assessment model elements of the E-government information security risk, then through the form of expert advice to complete the content validity of the indicators of the detection, the lower indicators validity of the structure were removed. As the E-government information security risks are difficult to quantify the characteristics, the study integrated the AHP model and the Fuzzy model to build the Fuzzy-AHP model to assess the level of E-government information security risks, And by building a new method, we realized the E-government information security risk assessment.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

Zhou Guoqiang,Lu Wei,Zeng Qingkai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.11.002

2007-01-01

Abstract:An information security evaluation model is proposed.Based on the analyses of contents and functions of security evolution,the architecture of the security evaluation model and platform is presented,and its implementation is given.The main functions of this model are to organize,manage and control the security test and evaluation.It also has features in generalization,integration and configuration.

Li Hetian,Liu Yun,He Dequan

DOI: https://doi.org/10.1109/ICOSP.2006.345964

2006-01-01

Abstract:Risk assessment as one of the core technologies ensures IT system security. In this paper, the existing risk evaluation methods are briefly reviewed and analyzed. A Markov chain based model is presented to quantitatively evaluate security. Firstly, a model based on Markov chain is constructed to describe IT system behavior. Secondly, a Markov transition matrix is founded to quantitatively assess security risk factors. Finally, the proposed risk assessment methodology is applied on the Internet ticketing system to calculate the risk value for the system. The experiment shows this method is effective and efficient and can be used to quantify the security properties for IT system in practice.

Jing Fan,Pengzhu Zhang

DOI: https://doi.org/10.1109/ICSSSM.2011.5959454

2011-01-01

Abstract:This paper examines four types security countermeasures and their influence on information misuse or abuse behaviors of government internal officials' in the context of e-government information sharing. A research model was developed based on the General Deterrence Theory. Analysis of the data collected in a survey of 21 government agencies in Shanghai with 124 questionnaires who are specialized in the processes of government information sharing, including information collection and storage, information processing, information transfer and information usage. First, the findings indicated that static information security policies only can take effects when the policies are conveyed to employees clearly and the punishment is carried out well. Second, security awareness practice is one of the most important measures for internal officials. Third, when employees realize the organization is monitoring their information system behaviors and know consequence of information misuse or abuse behavior, the countermeasures can play more effects. Fourth, preventative software is still the strongest measure for e-government security.

Xiaotong Li,Hua Li,Bingzhen Sun,Fang Wang

DOI: https://doi.org/10.3233/jifs-172097

2018-01-01

Journal of Intelligent & Fuzzy Systems

Abstract:Through advancing in information and communications technology, Smart Cities provide many potential advantages like improved energy efficiency, new economic opportunities and management methods, however the information security in the top-level design of building a quite efficient smart city is easy to be ignored and caused a huge economic losses for citizens. We focus on mining information risks of smart city from the perspective of system, identifying the key risks and determining the importance of each factor, in order to measure the risk accurately. This paper presents a failure mode and effects analysis (FMEA) method to analyze five dimensions of the information security of smart city, and assess the risks on the basis of the fuzzy set theory and the grey relational theory. Due to the problem is the risk assessment of multi-dimension for an organization information security, we present a decision model that provides an efficient framework for calculating the value of risk assessment. The results indicate that aspects of the highest importance of the information security risk of smart city are the threats in natural, contrived and physical aspects, followed by the lack of public security education and training. Through the analysis we can find out the relationship between the failure modes and the overall situation of the system, then it can distinguish the main factors which play a driving role, and the secondary factors which have less impact on the system. According to the assessment results, some suggestions are put forward to guarantee the information security of smart city. The practical application of fuzzy and grey FMEA proposed in this paper helps enhance the reliability of the prediction, and the ranking of risk factors can be used for better decision-making concerning taking measures, which in turn will make smart city safer.

LI Hetian,LIU Yun,HE Dequan

DOI: https://doi.org/10.3321/j.issn:1001-4632.2007.01.023

2007-01-01

Abstract:A security risk evaluation method based on fuzzy-set comprehensive evaluation theory is demonstrated in this paper to obtain the aim of quantitatively assessing security risk.The security risk is evaluated by making the fuzzy matrix for security risk and addressing risk factor set,security risk indicator sets and the weigh coefficient of security risk factors and applied to the railway passenger ticket system.The security targets provided by the railway passenger ticket system consist of system security,availability,identification authenticity and transaction reliability in order to protect the physical assets and information assets in face of the threats which come from system itself,personnel, environmental and natural disasters.The proposed model for security risk evaluation is used to calculate the security severity of Web server for the system.The numeric results for security risk also provide a method to decide the most critical component of the system which should arouse the system administrator enough attention to take the appropriate technical or administrative security measure or controls to enhance the security of the system.

FAN Jing,ZHANG Peng-zhu

2012-01-01

Abstract:Information security is one of the critical challenges during e-government development.Aimed at internal information misuse,a deterrence impact model of e-government information active security countermeasures was set up based on Security Action Cycle Theory and General Deterrence Theory.

Jin Yang,Cilin Wang,Le Yu,Caiming Liu,Lingxi Peng

DOI: https://doi.org/10.1007/978-3-642-34041-3_68

2012-01-01

Abstract:Cloud computing is an important innovation in the current computing model. The critical problem of cloud computing faced at present is the security issue. In the current network environment, that relying on a single terminal to check the Trojan virus is considered increasingly unreliable. Based on the correspondence between the artificial immune system antibody and pathogen invasion intensity, this paper is to establish a real-time network risk evaluation model in cloud computing. This paper builds a hierarchical, quantitative measurement indicator system, and a unified evaluation information base and knowledge base. The paper also combines assets evaluation system and network integration evaluation system, considering from the application layer, the host layer, network layer may be factors that affect the network risks. The experimental results show that the new model improves the ability of intrusion detection and prevention than that of the traditional intrusion prevention systems.

夏阳,唐亮,张强

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.01.036

2005-01-01

Abstract:At present, E-government is an application focus of computer technology based on web and the development trend of government office. But, it still exists many problems to be solved now. The conception, structure and technology of E-government are discussed and, the safety threat to E-government is analyzed and the corresponding method to resolve the problem is proposed. Also some questions about safety of E-government existed in our country are especially described and some advices according to current reality are presented.

LI Zhi-guo,ZENG Qing-kai

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.02.035

2008-01-01

Abstract:This paper proposes a quantitative security evaluation model,BFN,which reflects the probability relationship between functional components and threats in a system,based on risk analysis approach. By this model it can quantitatively evaluate the deficiency in functional components of a system as well as its impact on the system. The experiments demonstrate that the model can compare different systems in security,and optimize a system by analyzing its weakness.

Jing Fan,Pengzhu Zhang,Xinjie Zhao

2009-01-01

Abstract:Information security has been a high priority for government agencies nowadays. This study, based on the general deterrence theory, investigates how security countermeasures will result in more effective control of information misuse in government agencies. Data gathered through a survey of 21 government agencies in Shanghai and 124 effective questionnaires were obtained. The results show that security policies and security awareness training will significantly lower information misuse behaviors by increasing the perceived severity of sanctions. Meanwhile,, security monitoring practice will significantly lower information misuse behaviors by increasing the perceived certainty of sanctions. Preventative security software has no effect on perceived certainty and severity of sanction while it will prevent the invading actions directly. Knowledge about these relationships is useful for making key decisions about the security function.

Zhongmin Cai,Chenglong Li

DOI: https://doi.org/10.1155/2022/9023904

IF: 1.43

2022-05-18

Mathematical Problems in Engineering

Abstract:With the rapid development of modern society, the administrative information content rapid growth of e-government information resource sharing becomes the key of the government departments for effective social management. The cloud technology Internet big data are widely used and popular, which enable information resources to be shared among government data and are both an opportunity and challenge for effective e-government information resource sharing. It is of great significance to enhance government credibility. Information security risk assessment is a comprehensive evaluation of the potential risk of an uncertain stochastic process, traditional evaluation methods are deterministic models, and it is difficult to measure the security risk of uncertainty. On the other hand, with the opening and complexity of information system business functions, the nonlinearity and complexity of evaluation calculation also increase. By studying the relatively mature assessment criteria and methods in the field of information security, this study analyzes the information security status of small Internet of Things system based on the characteristics of Internet of Things information security. Combining the latest research results of information entropy neural network and other fields with the original risk assessment methods, the improved AHP information security risk assessment model is verified by simulation examples.

engineering, multidisciplinary,mathematics, interdisciplinary applications

SHI Zhiping,SHAN Tihua,LIU Wenfeng,ZHANG Xingping

DOI: https://doi.org/10.13335/j.1000-3673.pst.2015.11.033

2015-01-01

Abstract:Risk identification and evaluation, very importantfor enhancing management level of power grid operation, are presented in this paper. Based on analyzing operational risk sources of power grid enterprises, this paper put forward a hierarchical risk evaluation index, and proposed a risk assessment and dynamic management system for power grid operation. Then, power grid operation risk is quantitatively evaluated using matter-element extensible model, describing risks of different levels with different colors to discriminate them distinctly. Finally, a casestudy is conducted to verify rationality and effectiveness of the proposed model. Empirical results indicate that overall risk of the sample is low. Moreover, risk evaluation system indicates that two risk indicators, average recovery time of power transmission system fault and average interruption time of real-time data communication channel, are in high risk level, on which managers should pay large attention.

CHEN Xiu-Zhen,ZHENG Qing-Hua,GUAN Xiao-Hong,LIN Chen-Guang

DOI: https://doi.org/10.1360/jos170885

2006-01-01

Journal of Software

Abstract:Evaluating security threat status is very important in network security management and analysis. A quantitative hierarchical threat evaluation model is developed in this paper to evaluate security threat status of a computer network system and the computational method is developed based on the structure of the network and the importance of services and hosts. The evaluation policy from bottom to top and from local to global is adopted in this model. The threat indexes of services, hosts and local networks are calculated by weighting the importance of services and hosts based on attack frequency, severity and network bandwidth consumption, and the security threat status is then evaluated. The experiment results show that this model can provide the intuitive security threat status in three hierarchies: services, hosts and local networks so that system administrators are freed from tedious analysis tasks based on the alarm datasets to have overall security status of the entire system. It is also possible for them to find the security behaviors of the system, to adjust the security strategies and to enhance the performance on system security. This model is valuable for guiding the security engineering practice and developing the tool of security risk evaluation.

Guohua Chen,Qin Yang,Xuexi Chen,Kongxing Huang,Tao Zeng,Zhi Yuan

DOI: https://doi.org/10.3390/su13126560

IF: 3.9

2021-06-08

Sustainability

Abstract:With the expansion of urbanization, the interaction between different hazards has become increasing evident. In order to promote sustainable development of urban areas, it is particularly important to systematically analyze and evaluate urban safety and security under the coupling effect of multi-hazard risks. In response to the practical needs of urban safety and security assessment practice, this paper constructs an application-oriented urban safety and security quantitative assessment methodology. First, following the comprehensive risk management perspective, the logical relationship between urban safety and security elements is analyzed. It proposes “comprehensive screening, key analysis, and comprehensive evaluation” as a new assessment concept. Second, a system of urban safety and security assessment methods consisting of a weighting method and a function model is constructed. The function model includes two sub-models: a quantitative risk assessment model that considers triggering effects and a quantitative assessment model of emergency capacity that considers the evolution of emergencies. Finally, the method was applied to a coastal urban area in south China. The case study proved that the proposed method system can not only effectively evaluate various disaster risks and emergency capacity but also provide evidence for the formulation and implementation of urban safety and security management measures.

environmental sciences,environmental studies,green & sustainable science & technology

ZHANG Tao,HU Ming-zeng,YUN Xiao-chun,ZHANG Yong-zheng

DOI: https://doi.org/10.3321/j.issn:1000-436x.2005.12.017

2005-01-01

Abstract:The research of security analysis needed a systemic security analysis model that was from the system resource and security factor of computer network.For the classification,rate and the main threaten of the security requirement,system devices,access privilege,host connection relation and vulnerability were analyzed,and the computer network attack from the point of view that the attacker's objective was to get privilege escalation was described.The computer system security analysis by fault tree and the network system security analysis by attack graph use the security analysis model.

CHEN Qiuling,ZHANG Qing,XIAO Lu

DOI: https://doi.org/10.3969/j.issn.1672-884X.2010.06.017

2010-01-01

Abstract:The paper firstly introduces the logical framework of the security situation in the city based on the perspective of emergency and designs the structure of four-dimensional evaluation index system of the degree of urban safety from the aspects of social safety,production safety,public health safety and environmental safety;Secondly,it proposes mutation types of the safety situation in the city based on catastrophe theory and constructs the catastrophe model to measure the degree of urban safety,then put forward assessment methods and procedures;Finally,the paper uses the model above to determine the degree of safety of Shanghai.

Yu-peng LIU,Shi-you QU

DOI: https://doi.org/10.3969/j.issn.1007-3221.2014.01.021

2014-01-01

Abstract:In recent years , more and more evidence shows that the security of information systems and information management within the organization is a major security risk .Therefore , it is particularly urgent and important that internal staff shall be evaluated and a staff competenly information security responsibility is found to eliminate internal attack behaviours of employees and ensure the security of information systems and information manage-ment.Consequently information security competency evaluation for internal staff is an important issue .Under the analysis of the characteristics of the aggressive behavior from internal staff and a comprehensive summary of the competency research , internal staff information security competency evaluation index system is built .On this base , organization internal staff information security competency evaluation model is proposed .Based on safety and risk prevention thinking , the model divides the evaluation into two stages and takes into account the person-ality advantage of the decision makers in decision-making preferences and individuality advantage , which more realistically reflects the difference between the team members .Finally, the effectiveness and practicality of the evaluation model is verified through case analysis .