Journal of Information Security Reserach

Thoughts on Several Issues of Commercial Cryptography Application and Innovation Development

2020, 6(11): 0-0.

Asbtract ( )

PDF (1311KB) ( )

Related Articles | Metrics

Being strictly and scientifically proven, cryptography is the fundamental technology of cyberspace security. A spiral development trend among cryptography, its serving objects and the technological development is presenting. With the rapid development of cyberspace technology and the inherent drive of cryptography attack and defense, the connotation and extension of cryptography have undergone major changes. Cryptography is not only the core technology of cyberspace security, but also the cornerstone of trust in the digital economy security..Faced with the severe situation of cyberspace security and the development trend of the digital economy, cryptography technology shall closely follow the applications to promote its innovation, cryptography industry shall be optimized to strengthen the cryptography supply, and cryptography evaluation shall be standardized to protect the cryptography application security. As a special strategic resource, cryptography cannot be bought from others, and it cannot be fully trusted even bought from others. It is of great significance to rely on independent innovation of our own cryptography. And the issues that discipline level of cryptography is set too deep, and high-end compound cryptography talents are of shortage shall be resolved as soon as possible.

Application Research of Zero Trust Architecture

2020, 6(11): 0-0.

Asbtract ( )

PDF (2356KB) ( )

Related Articles | Metrics

With the rapid development of technologies of cloud computing, big data and mobile internet, it brings the increasingly open and complex network boundaries and also with fast changing user groups. The flexible mobile office mode leads to the increasingly complex and fuzzy inner network boundary, which made the traditional safety protection system based on boundary gradually fail. It also could unable to prevent insider attacks and external APT attacks. Zero trust architecture focuses on identity, and also users, clients and behaviors as subset. Trust assessment and dynamic access control for all access from inside and outside the enterprise are implemented, which could reduce attack area and realize the objection of protection of the resource data. This paper analyzes the theoretical model of zero trust architecture. The application idea, implementation framework and mechanism of the model are proposed. The feasible solutions of mobile Internet, cloud computing and big data are given in the paper. Finally, the improvement measures of zero trust model in practical application are summarized.

Research on Mechanism and Method of Blockchain Governance

2020, 6(11): 0-0.

Asbtract ( )

PDF (1621KB) ( )

Related Articles | Metrics

This paper discusses the governance necessity and difficulties of blockchain under the characteristics of distributed and decentralized, and proposes three levels of content of blockchain governance: consensus protocol governance, resource governance and rule governance, as well as three methods of blockchain governance: on-chain governance, off-chain governance and hybrid governance. In order to be more suitable for the organizational structure of the blockchain, this paper proposes a centralized hybrid governance method of the blockchain, which enables the governance administration of blockchain organization to cooperate with the organization members to complete the governance decision-making process off the chain, and send the governance results to blockchain for automatic execution, so as to effectively complete the governance of the blockchain and avoid other governance processes drawback: less methodology, non-transparent, inefficient and split prone.

A Survey On Blockchain Network Layer Attacks And Countermeasures

2020, 6(11): 0-0.

Asbtract ( )

PDF (2371KB) ( )

Related Articles | Metrics

Blockchain has seen its wide application in recent years, and its security vulnerabilities, as well as the corresponding countermeasures, have attracted an increasing interest from developers and researchers. Essentially, Blockchain is a form of decentralized database which relies on network to exchange information and achieve consensus, so the network layer security of a blockchain system is becoming a hot topic. This paper first introduces the basic mechanisms of blockchain, then surveys and analyzes latest research works on its networking layer security. Based on that, future research directions are suggested and discussed.

Research on Evaluation System and Index of Cloud Computing Platform Security Capability

2020, 6(11): 0-0.

Asbtract ( )

PDF (1074KB) ( )

Related Articles | Metrics

As the basic support platform for providing cloud services, cloud computing platform not only bears important security functions and unlimited data value, but also means that cloud computing platform has become the main target of attack and faces huge security risks. How to evaluate the security capability of cloud computing platform is an important issue that needs to be solved urgently. Compared with the traditional information system, the cloud computing platform has its own characteristics and particularity. The traditional evaluation methods can not accurately evaluate the security capability of the cloud computing platform. At present, there is no feasible evaluation system to evaluate the security capability of the cloud computing platform. Based on the summary of practical experience, this paper constructs the security capability evaluation system of cloud computing platform from three aspects of dynamic security evaluation, performance efficiency evaluation and static compliance verification, constructs the security capability evaluation system of cloud computing platform, designs scientific and reasonable evaluation indexes and methods, which can comprehensively test the actual security capability of cloud computing platform and can horizontally compare each other The actual security capability of the cloud computing platform can support the assessment institutions to carry out the assessment of the security capability of the cloud computing platform, and also help the cloud service providers to improve the security service capability against risk issues.

Research on Industrial Internet Security Monitoring Audit and Trend Awareness Technology

2020, 6(11): 0-0.

Asbtract ( )

PDF (1759KB) ( )

Related Articles | Metrics

With the worse situation of network security environment, the boundaries of internal and external networks are gradually blurred. The government, finance and major enterprises inevitably suffer from Internet and internal attacks. Although traditional security devices and systems are deployed, security attacks and leaks are still increasing. New ways are needed to think about and design security products to help users improve threat perception It is very important to build a "overall" security situation awareness platform for defense and response capability. Based on this, we need to build a industrial Internet network security monitoring audit and situation awareness platform is proposed, and the functional modules such as network asset awareness, asset vulnerability awareness, security event awareness, network attack awareness and network risk awareness are analyzed.

Multi-dimensional Account Management and Control System Based on Risk Assessment

2020, 6(11): 0-0.

Asbtract ( )

PDF (6246KB) ( )

Related Articles | Metrics

This paper proposes to change the way of enterprise risk control, from the management direction driven by behavior events to the management perspective of staff account as the core. Based on this perspective do the research on the management model around the risk degree of staff account, through security audit and risk analysis of daily behaviors such as account access, operation, etc, to form the risk rating evaluation of staff account, thereby constructing multi-dimensional authentication system for staff accounts, providing stable and effective IT information security business support service for the enterprise.

Overview of Current Situation of Critical Information Infrastructure Security Protection at Home and Abroad

2020, 6(11): 0-0.

Asbtract ( )

PDF (763KB) ( )

Related Articles | Metrics

The higher the level of information development, the more dependent the country is on the critical information infrastructure. Strengthening the security protection of critical information infrastructure is the focus of all governments. This paper systematically reviews the progress of critical information infrastructure protection in the United States, Japan, Australia, the European Union and other information technology developed countries and regions from the aspects of strategic policies, laws and regulations, organization and management, analyzes the status quo and existing problems of China's critical information infrastructure protection, and proposes to improve the legal system, implement the protection level evaluation mechanism, and We should establish and improve the information sharing mechanism and strengthen the research of Frontier Science and technology.

Research on emergency governance mechanism driven by covid-19 public opinion response and leadership decision

2020, 6(11): 0-0.

Asbtract ( )

PDF (1157KB) ( )

Related Articles | Metrics

In recent years, after the occurrence of employee's behavior injury or product quality injury, consumers publish their consumption experience through network communication. The speed of information public opinion transmission is accelerated. Negative network public opinion will pose a huge threat to manufacturers. Therefore, the influence of remedial action on public opinion is more concerned. When public opinion occurs, it attracts the attention of leaders and employees. Leadership style plays a key role in public opinion resolution. According to information dissemination and influence, three research hypotheses are put forward: relationship between network public opinion and remedy of manufacturers, relationship between leadership style and remedy of manufacturers, and remedy of manufacturers after adding intermediary variables. Behavior improvement. Among them, the blocking growth model is used to predict the development of public opinion and the fuzzy evaluation model is used to evaluate the leadership style. The general regression analysis is used to add the intermediary variables such as employee behavior and product failure to evaluate the public opinion solution under the dual effects of network public opinion and leadership style, and with the help of exposure degree. A higher sample of listed companies conducts a research on the remedial behavior of firms under the dual effects of network public opinion and leadership style, and provides reasonable suggestions for similar firms.

Investigation and evidence collection of network fraud cases

2020, 6(11): 0-0.

Asbtract ( )

PDF (1499KB) ( )

Related Articles | Metrics

With the rapid development of Internet, network fraud molecules using the concealment of the network, intelligent and forensics characteristics such as the implementation of network fraud behavior more and more rampant, network fraud crimes rapid growth, increasing the difficulty of the public security organs to crack down on such cases, how to efficient and useful management in such cases has become an important task faced by the public security organ.This paper first expounds the current situation of network fraud cases, lists the new methods of fraud cases and summarizes their commonalities, then makes a systematic analysis of the difficulties, finds the breakthrough, and finally puts forward the new methods and means of network fraud cases.

A Survey of Data Security Protection in the Period of Telecommuting

2020, 6(11): 0-0.

Asbtract ( )

PDF (2704KB) ( )

Related Articles | Metrics

With the outbreak of the epidemic in the whole country and even in the world, although the epidemic situation in China has been effectively controlled, in order to cooperate with the national epidemic prevention and control, many companies implement remote office, but how to ensure the security of our data transmission in remote office is obviously an urgent need to be solved. It should not only meet the needs of many users' centralized access to the intranet office system, but also ensure the data transmission on the Internet and the network security of users' direct access from the Internet. Based on the comparison of several common network management methods, we mainly discuss the huge difference between the common network management architecture and the zero trust network( a more secure network access security architecture SDP(software defined perimeter)).

Digital Sovereignty of European Union: Analysis Based on the Digital Sovereignty Report of European Parliament

2020, 6(11): 0-0.

Asbtract ( )

PDF (789KB) ( )

Related Articles | Metrics

Cyber Security, the Fighter Plane in New Infrastructure

2020, 6(11): 0-0.

Asbtract ( )

PDF (433KB) ( )

Related Articles | Metrics

To Build a Strong Cyyptographic Defense Line for the Safe Development of Digital Economy

2020, 6(11): 0-0.