| Nowadays, information as a valuable wealth has been throughout all activities of human life. Information system is an organic integration constructed by methodologies, processes and technologies of information collection and processing based on certain rules. In order to compete with others to realize the goal of enlarging the production scale and getting more benefit, information-based enterprises should have built their own information system. The security of the information system has become a key problem after the appearance of the information system. In order to find a good way to solve the problem, we have to analyze and evaluate all kinds of threats and attacks, then get the countermeasure and solution. In this thesis, we will do something to find a solution for the information security.First, this thesis analyzed the threats faced by the information system security of information-based enterprises and the reasons of generating threats, evaluated the security risks of information systems in information-based enterprises, and then further discussed the genius properties, security requirements and the features of information security in information-based enterprise.Second, this thesis gives the design principles and structures of the information assurance system in information-based enterprise. The information assurance system in information-based enterprise consists of the security policy, the support system of security service, the safety system of security technology, the safeguard system of security management and the criterion system of security standard. In the system of information assurance in information-based enterprise, human is the principal action part, the security policy is guide rule of action, the security technology is supporter, the security management is measure to carry out, the criterion is pledge, and so the security of information system can be guaranteed roundly and effectively. This thesis introduced the security policy, the security service and technology safeguard, and the criterion of security standard in detail.In the end, the thesis research the work process and analyze the security of S/KEY one-time password authentication scheme, then point out the security flaws of the authentication scheme. The thesis design a new one-time password authentication system NPPS and point out a implement scheme in two aspects consisting of physics security and network security, then designed the information security assurance solution scheme in information-based enterprise. In this scheme, all kinds of threats and attacks are taken into account and we will make full use of various security techniques to deal with them. |
PDF Full Text Request