Current location - Quotes Website - Signature design - Try to explain the main contents of e-government security
Try to explain the main contents of e-government security

E-government involves the protection of national secret information and highly sensitive core government affairs, the design and maintenance of public order and the accurate implementation of administrative supervision, and the quality assurance of public services provided to the society. .E-government is an important means for effective decision-making, management, and services for party committees, governments, people's congresses, and CPPCC. It will inevitably encounter damage and attacks from various hostile forces, terrorist groups, and troublemakers. In particular, e-government is built on Internet technology. Network platforms include government intranets, government extranets, and the Internet. However, the security of the Internet is inherently insufficient. The Internet is a global network without administrative supervision. It lacks defense and has many security risks. It still lacks sufficient legal deterrence against Internet crimes. A large number of Transnational cybercrime brings great difficulty to law enforcement. All the above-mentioned elements have an opportunity to use the Internet to commit crimes, which makes e-government applications based on the Internet face severe challenges.

E-government applications Security threats include online hacker intrusions and crimes, the proliferation and spread of online viruses, the intrusion and theft of information spies, attacks and destruction by cyber terrorist groups, violations and illegal operations by insiders, vulnerability and paralysis of network systems, and loss of control of information products. etc., we should be alert enough and take security measures to deal with this challenge.

Security goals and security strategies of e-government

The security goal of e-government is to protect the value of government information resources Inviolability ensures that owners of information assets face minimal risks and obtain maximum security benefits, so that government information infrastructure, information application services and information content have confidentiality, integrity, authenticity and availability to resist the above threats. and controllability.

To achieve the above goals, active security strategies should be adopted:

State leadership, social participation. E-government security is related to the government’s office decision-making and administrative supervision. The high quality and credible implementation of public and public services must be coordinated by the state and actively participated by the society in order to effectively ensure e-government security.

Overall governance and active defense. E-government security must Only by adopting overall governance measures supported by legal deterrence, management constraints, technical support and security infrastructure, and implementing active defense methods of protection, detection, recovery and countermeasures can we be more effective.

Grade protection and guarantee Development. Based on the value level of information and the level of threats it faces, appropriate security mechanism strength levels and security technology support robustness levels should be selected to find a balance between investment and risk tolerance to ensure the health and positivity of the e-government system. development.

E-government security system framework

E-government security adopts the strategy of “state promotion, social participation, overall governance, active defense, hierarchical protection, and guaranteed development”. In view of E-government information security faces a high-tech confrontation and a comprehensive struggle involving many fields such as law, management, standards, technology, products, services and infrastructure. Therefore, e-government security must be considered from an overall perspective. Construct its security system framework to ensure the healthy development of e-government.

The e-government security system consists of six elements, namely security regulations, security management, security standards, security services, security technology products and Security elements such as security infrastructure.

Element 1: Security Laws and Policies

The work content and work processes of e-government involve national secrets and core government affairs, and its security is related to the country’s Sovereignty, national security and public interests, therefore the safe implementation and guarantee of e-government must be solidified in the form of national laws and regulations, forming a stipulation that is uniformly observed across the country and becoming the code of conduct for the implementation and operation of e-government. It is an important basis for international exchanges, protects the legitimate rights and interests of law-abiding and law-abiding people, provides legal basis for justice and law enforcement, and forms a strong deterrent to law-breakers and offenders.

"The People's Republic of China and the People's Republic of China" The Law on the Protection of State Secrets has been in effect for more than ten years. It is no longer fully adapted to the current status of confidentiality work in our country, especially the development of e-government affairs, and needs to be revised urgently.

Government information disclosure is an important part of e-government

For information security products used in the process, the state will formulate corresponding procurement management policies. Information security products involving passwords must have an approval certificate from the national encryption authority. Information security products should have certificates that have passed the security evaluation of the national evaluation authority. Maintenance The credibility of information security products.

According to management needs, the information content of the e-government system can implement security monitoring and management of the information content to protect the security of government information and prevent possible failures due to internal violations or external intrusions. Network leakage, while also preventing the spread of harmful information content on the government network.

Develop e-government system personnel management, organization management, document management, operation management, asset and configuration management, media management, service management, emergency response Incident management, confidentiality management, fault management, development and maintenance management, operation continuity assurance management, standards and specification compliance management, physical environment management and other regulations ensure the safe operation of the e-government system.

Element 3: Security standards and specifications

Information security standards are conducive to the standardization of security products, ensuring product security and credibility, realizing product interconnection and interoperability, and supporting the interconnection and update of e-government systems and scalability, support the evaluation and evaluation of system security, and ensure the safety and reliability of e-government systems.

The country has officially established the "Information Security Standardization Committee", and recently established an information security standard system and coordination working group (WG1), Content Security Classification and Identification Working Group (WG2), Cryptozoological Algorithm and Cryptographic Module/KMI/VPN Working Group (WG3), PKI/PMI Working Group (WG4), Information Security Assessment Working Group (WG5), Operating System Work with the Database Security Working Group (WG6), Identity and Authentication Protocol Working Group (WG9), and Operating System and Database Security Working Group (WG10) to carry out the development of standards related to e-government security and support the development of e-government security standards. Requirements.

The following standards will also be formulated: classification and marking format of confidential electronic documents, content health classification and marking, content sensitivity classification and marking, cryptographic algorithm standards, cryptographic module standards, encryption Key management standards, PKI/CA standards, PMI standards, information system security assessment and information security product evaluation standards, emergency response levels, protection target levels, emergency response indicators, electronic evidence recovery and extraction, electronic evidence validity definition, electronic evidence protection , identity identification and authentication, database security level, operating system security level, middleware security level, information security product interface specifications, digital signature...

Element 4 Security Guarantee and Service 1. E-government system construction , it is necessary to build its technical security structure and establish a defense-in-depth system for large-scale e-government systems.

·Set up security and control strategies for the government intranet;

·Set up the government extranet Security and control strategies;

·Set security services and control strategies for accessing the Internet;

·Set security services and control strategies for renting public network trunks, including wired communications and wireless communications and satellite communications security services and control strategies;

·Set up security services and mechanisms for the government computing environment.

Adopting defense in depth and multi-level fortification is an important step in ensuring e-government security In principle, through overall security protection, security detection, rapid response, integrated security management and linkage control of security facilities, the system can achieve protection, detection, response and recovery capabilities.

2. Promote electronics The control method of government information system security engineering (ISSE) can fully realize the security service requirements.

The design of e-government security system must first analyze the value of system assets, such as the value of physical assets (system environment , hardware, system software), the value of information assets, the relevance of its data to national interests and departmental interests; the benefits arising from the normal operation of its business systems (models, processes, application software), thereby determining what system security should be protected The goal is to propose the security requirements of the entire security system based on the above analysis, further define the security functions that should be provided to meet these security requirements, and then explore the system's possible

The types of threats that can be faced and find out the vulnerabilities of the system itself. These threats and vulnerabilities include:

·Online hackers and computer crimes;

·The spread and destruction of network viruses ;

·Loss of confidential information and infiltration of information spies;

·Online terrorist activities and information warfare;

·Internal violations and violations;

>

·Out of control of online security products;

·The loopholes and vulnerabilities of networks and systems themselves.

In the face of these threats, it is necessary to analyze which threats the system mainly faces threats, which ones are minor, and how much impact they have on the system and tasks. Conduct qualitative and quantitative analysis, propose system security countermeasures, determine the ability to withstand risks, find the balance point between investment and risk tolerance, and then determine The security services and corresponding security mechanisms required by the system (see Table 1) are configured to configure the security elements of the system. Risk management and risk decision-making processes must be carried out during the life cycle of the project (see Figure 2). This risk management is necessary For the whole process of e-government.

When the system is put into operation, its security must be effectively evaluated. That is, the evaluation evidence given by the evaluator and the technical support facilities adopted by the builder can indeed convince the system owner. The technical countermeasures have been selected, which have indeed reduced the security risks of the system and met the necessary risk strategies (the risk strategy can be a "zero" risk strategy, a minimum risk strategy, a maximum tolerable risk strategy or a no-risk strategy), so that it can protect system assets. Capabilities necessary for value (see Figure 3). The above effective evaluation process can be described by the security technical assurance robustness level (IATRn):

IATRn=f(Vn, Tn, SMLn, EALn)

Tn: Threat level

Vn: Asset value level

SMLn: Security mechanism strength level

EALn: Evaluation assurance level

Element five safety technologies and products

1. Strengthen the independent development and innovation of security technologies and products.

Due to the national confidentiality of e-government, the security of e-government system engineering requires a variety of information security technologies and products with independent intellectual property rights, and comprehensive promotion Independent research and development and innovation of these technologies and products are the needs of e-government security. These products and technologies can be divided into six categories:

Basic categories: risk control, architecture, protocol engineering, effective assessment, engineering Method;

·Key categories: password, security base, content security, anti-virus, IDS, VPN, RBAC, strong audit, border security isolation

Isolation;

·System category: PKI, PMI, DRI, network warning, integrated management, KMI;

·Application category: EC, EG, NB, NS, NM, WF, XML, CSCW;

·Physics and environment: TEMPEX, physical recognition;

·Forward-looking: immune technology, quantum cryptography, drift technology, semantic understanding and recognition.

2. Selection of e-government security products.

The security of the entire e-government involves the overall matching and scientific arrangement of information security products. Product selection should fully consider the autonomy and self-control of the product.

Products can include secure operating systems, secure hardware platforms, secure databases, PKI/CA, PMI, VPN, security gateways, firewalls, data encryption machines, intrusion detection (IDS), vulnerability scanning, computer virus prevention tools, strong audit tools, Secure Web, secure email, security facility integrated management platform, content identification and filtering products, secure backup, electromagnetic leakage protection, secure isolation client, secure gatekeeper.

Element six security infrastructure

Information security infrastructure is a social infrastructure that provides information security public services and support to information system application subjects and information security law enforcement subjects. It facilitates the rapid configuration of security protection mechanisms for information application subjects and is conducive to the promotion of information security. The healthy development of application business is conducive to the standardization of information security technologies and products and the improvement of their credibility.

The supervision and law enforcement of information security functional departments are conducive to enhancing the information security transfer and protection skills of the whole society, and are conducive to the construction of the national information security system. Therefore, to promote the development of e-government, attention should be paid to the construction of relevant information security infrastructure.

There are two major categories of information security infrastructure.

1. Social public service type

·Trust and authorization system based on PKI/PMI digital certificate;

·Evaluation and evaluation system of information security products and systems based on CC/TCSEC ;

·Computer virus prevention and service system;

·Network emergency response and support system;

·Disaster recovery infrastructure;

·KMI-based key management infrastructure.

2. Administrative supervision and law enforcement

·Network information content security monitoring system;

·Internet crime supervision and prevention system;

·Electronic information confidentiality supervision system;

p>

·Network investigation and control and anti-theft system;

·Network monitoring, early warning and counterattack system.

Related articles
  • What materials do Canadian immigrants need to notarize?
  • I am lucky to meet you!
  • How to sign insurance without editing?
  • What does controversy mean?
  • Ask Kaito Kuroba qq nickname+signature.
  • Is the village Committee's certificate valid without seal?
  • "SMS can't hear the tone, phone can't see the expression", designed as Martian's signature, with many symbols.
  • 50 short sentences I like at first sight
  • Qiu Renka's illness is called Ai Zhonghua transliteration, not Roman characters, thank you! ! !
  • Extension of enterprise name

    • copyright 2024 Quotes Website All rights reserved