Loading...
Toggle navigation
Home
About
About Journal
Editorial Board
Author Center
Current Issue
Just Accepted
Archive
Most Read Articles
Most Download Articles
Most Cited Articles
E-mail Alert
RSS
Reader Center
Online Submission
Manuscript Tracking
Instruction
Download
Review Center
Peer Review
Office Work
Editor-in-Chief
Subscription
Contact Us
中文
Table of Content
15 October 2018, Volume 4 Issue 10
Previous Issue
Next Issue
Trend on Cybersecurity Policy Risks of the Trump Administration and China Countermeasures
2018, 4(10): 870-880.
Asbtract
(
)
PDF
(1337KB) (
)
References
|
Related Articles
|
Metrics
Risk Assessment on Identity Authentication Security of Intelligent Networking Devices
2018, 4(10): 881-888.
Asbtract
(
)
PDF
(3295KB) (
)
References
|
Related Articles
|
Metrics
With the popularity of intelligent networking device(IND), its security issues have become increasingly prominent. Currently, there is an identity authentication risk between IND and its controller in LANs in general. Attackers can impersonate a controller and control IND to execute malicious instructions, which poses a serious threat to the security of IND. In this paper, we propose a recognition method for identity authentication vulnerabilities of IND. Taking the INDs of two vendors as examples, we recognize their identity authentication vulnerabilities with this method. Furthermore, a simple identity authentication method is proposed to protect IND from identity authentication risk effectively.
Risk Assessment Service Capability Maturity Model Research
2018, 4(10): 889-897.
Asbtract
(
)
PDF
(2485KB) (
)
References
|
Related Articles
|
Metrics
Information security risk assessment service is one of the important links of information security assurance in China. The technology of information security risk assessment has been praised highly by the industry. At present, due to the influence of various factors, the level of information security risk assessment service capacity varies among regions and industries. Based on the SSE-CMM theory and the optimal practices of information security risk assessment services, this paper proposes the concept of risk assessment service capability maturity model, namely RAS-CMM. RAS-CMM proposes a theoretical evaluation framework for risk assessment service capability level based on resource allocation, technical process and project management.
The Practice of Network Security Risk Assessment in EGovernment
2018, 4(10): 898-903.
Asbtract
(
)
PDF
(1815KB) (
)
References
|
Related Articles
|
Metrics
government system is the network and information system that has become an important foundation for urban construction, operation, management, service, guarantee and emergency response, and involved national security, economic lifeline, social order and public interest. The safe and stable operation of the system has become an important basis for ensuring the normal operation of the city's informatization, and it is of great significance for ensuring urban security and social stability. Most of the e-government systems are defined as important information systems, and information security ratings, safety assessments, etc. have been carried out. However, they still have more security risks, such as, the emphasis on construction and neglect of operation and maintenance lead to insufficient daily security operations; the information security level is uneven, and the information security is obviously short; the inadequate implementation of information security management system causes more management vulnerabilities; the shortage of disaster recovery backup system construction causes the lack of ability to respond to major security incidents. The article based on published risk assessment related guidelines, specifications and guidelines conducts risk assessment on e-government information systems from the aspects of assets, threats, vulnerability and other aspects, understands the current security status of the e-government information systems, lays the foundation for the follow-up the safety rectification construction of the e-government information systems, ensures the E-government systems can run safely, stably and reliably.
Research on Information Security Risk Assessment of Power Industry Control System
2018, 4(10): 904-913.
Asbtract
(
)
PDF
(3885KB) (
)
References
|
Related Articles
|
Metrics
This paper briefly analyzed the information security threats faced by the industrial control system in the power industry. The main safety problems of industrial control system in electric power industry are listed. We also built an information security risk assessment and management model for industrial control systems, proposed methods and processes for information security risk assessment of industrial control systems. Hence, we summed up a set of information security risk assessment solutions for industrial control systems. Some new understandings about risk assessment and industrial control system network security are also discussed. The vulnerability of industrial control system network security is further analyzed. Therefore, the relevant units and relevant competent departments should further clarify and standardize the management of information security risk assessment of industrial control systems. Strengthen research on evaluation standards and technology. Increasing technical training for professional evaluation organizations and user units. Promoting the development of information risk assessment for industrial control systems in China.
Vulnerability Risk Assessment of IoT System Based on Game Model
2018, 4(10): 914-921.
Asbtract
(
)
PDF
(2129KB) (
)
References
|
Related Articles
|
Metrics
As the heat of the blockchain increases, the IoT terminal devices that hold wide distribution and large quantity are more likely to be attacked to form a mining botnet, so the security of the IoT system has been increasing valued. Accurate risk assessment and targeted defense are the key to ensure the security of the IoT system. To analyze attack strategies with vulnerability combinations, an attack-defense game model of IoT system was built in this paper according to the attack layers of IoT system, and it presented an method for attack-defense benefit and expenditure quantification. With the use of game model, the revenue expectation of both attacker and defender was comprehensive analyzed, and the paper quantitatively evaluated those vulnerabilities with low complexity, so that it could accurately assess the risk of specific attack layer of IoT system. Finally, an example was given to prove the feasibility of this vulnerability risk assessment algorithm.
An Application of OCTAVE Method in the Risk Assessment of E-Government Extranet System
2018, 4(10): 922-927.
Asbtract
(
)
PDF
(1541KB) (
)
References
|
Related Articles
|
Metrics
This paper introduces an information security risk assessment method based on OCTAVE, which consists of three phases and eight specific processes. Firstly, it created an asset-based threat outline, secondly it identified infrastructure vulnerabilities, at last, it produces a security strategy and project plan. Compared with the NIST method, this method highlights the advantages of the method autonomously and operability. Finally, the application of OCTAVE method in the risk assessment of e-government extranet system is described in detail. It creats asset-based threat profiles and developed security policies and link plans for infrastructure vulnerabilities. This includes the establishment of a reasonable safety management organization, strict implementation of management systems and background investigation requirements, and establishment of strict system protection measures.
Summary of Information Security Risk Management Standard System
2018, 4(10): 928-933.
Asbtract
(
)
PDF
(1732KB) (
)
References
|
Related Articles
|
Metrics
Information security risk management is an important cornerstone of the development of information security in China. Based on the investigation of the current information security risk management standard system, this paper analyzes the problems existing in the standard system, and puts forward the scientific construction method and system framework of the risk management standard system under the new situation, aiming at improving Scientific and practical of information security risk management in China.
Research on the Implementation Model of Information Security Risk Assessment
2018, 4(10): 934-939.
Asbtract
(
)
PDF
(2455KB) (
)
References
|
Related Articles
|
Metrics
Information risk assessment is the core component of risk management and control, but there are some problems in the process of implementation. Based on the revised national standards, this paper proposes three implementation models for the implementation of information security risk assessment, namely, High-level Information Security Risk Assessment Implementation Model. Detailed Information Security Risk Assessment Implementation Model, Detailed Information-High-level Information Security Risk Assessment Implementation Model. Through the study of three models, this paper discusses how to carry out the risk assessment of information security better under different circumstances, and puts the core content of the standard revision into the work. The actual cases show that the three models can effectively solve problems such as the limitations of current evaluation objects, the lack of information security risk assessment at the business level, and the lack of the basis or method for the overall risk assessment of the business or organization. The three models can effectively guide the information security risk assessment, meet the assessment needs from asset to business, from the individual to the whole, and provide a reliable basis for decision-making and implementation of security measures.
Research on Information System Security Risk Identification and Risk Database Construction of Commercial Bank
2018, 4(10): 940-945.
Asbtract
(
)
PDF
(1793KB) (
)
References
|
Related Articles
|
Metrics
Risk identification is the basis of the information system security risk management of the commercial Banks. The known risks can be managed effectively and efficiency. However, there is not a feasible risk identification method and lack of the common information system risk database in the banking industry. Because of that, it may lead to take the control as the core rather than the risk. Based on the industry standards and practices at home and abroad, and thorough analysis of a large number of information system security risk incidents, this essay established the risk factor model, risk identification method and risk database. Those unified risk perception; achieved effective information system security risk identification; clearly defined objectives and priorities of risk management and control; improved the level of bank information technology risk management; strengthened risk control ability; and offered support to the innovation and development of banking fintech.
Analysis of Information Security Risk Assessment Service Qualification Certification Found
2018, 4(10): 946-953.
Asbtract
(
)
PDF
(1903KB) (
)
References
|
Related Articles
|
Metrics
For organizations that provide information security risk assessment services to the outside world, certification of information security risk assessment service qualification is an important way to embody their technical and management capabilities. During the process of qualification certification for risk assessment services, our center found that most units often lack the basis, objectivity and persuasiveness in the implementation of risk assessment. When the risk assessment results are exported, they tend to focus on various charts and calculation models. This paper will explain the problems found, and based on the practice of risk assessment, give the idea of problem solving and handling, promote the practice and standards of information security risk assessment technology to improve constantly, and improve the level of information security risk assessment service capacity building.
Reasearch on Online Public Opinion Governance in Chinas Western Minority Regions
2018, 4(10): 954-958.
Asbtract
(
)
PDF
(1531KB) (
)
References
|
Related Articles
|
Metrics
For the intertwine of ethnic, religious, historical and cultural problems, western minority regions is an essential part for public opinion safety in China. Therefore, the changing trend of online public opinion in these areas has been the focus of online public opinion researches. Influenced by the false and malicious information from abroad and infiltrated by the overseas religious extremists, the difficulty of governing the online public opinion in minority areas of west China has increased sharply. Therefore, it is particularly important for the governance of online public opinion in these areas. Based on the salient characteristics of the public opinion in minority areas of west China, such as regionalism, complexity, politicality, sensitivity and internationality, this article intends to clarify the potential problems existing in the online public opinion in minority areas of west China at present, and to further discuss the influencing factors of online public opinion in these areas, and finally to probe a sound and effective way to govern the online public opinion in minority areas of west China.
Information Security Policy and Standard System of Industrial Control System in China
2018, 4(10): 959-964.
Asbtract
(
)
PDF
(2263KB) (
)
References
|
Related Articles
|
Metrics
The implementation of China Manufacturing 2025 and the “Internet Plus” strategy has made the information security problems of industrial control system becoming increasingly prominent. Investigating its root causes, industrial security related standards are not systematic, and the lack of guidance for practical work is one of the main factors. On the basis of investigating the status quo of China's information security national standard system construction and sorting out domestic industrial security related policies and standards, this paper proposes the security related policies of China's industrial control system by studying the international industrial security related standards system and combining the actual situation of domestic industrial security requirements and standard systems. The system can provide reference and guidance for the industrial control system application enterprise to plan and construct its industrial control system security protection system, formulate the industrial control system security management norms, and regularly carry out the industrial control security self-inspection activities, and effectively improve the information security guarantee capability of the enterprise industrial control system.
Author Center
Online Submission
Instruction
Template
Copyright Agreement
Review Center
Peer Review
Editor Work
Editor-in-Chief
Office Work
