The Research Of The Security Supervision Framework Of The Key Information Systems In Shanghai

With the rapid economic growth and informatization progress in China, networks and information systems have become more and more important in terms of its foundational as well as influential position and information resource has become a new strategically important resource for the country in terms of the economic and social development. Meanwhile, information security also becomes a major task that is critical to the informatization development, the realization of the well-off society and the long-term social steadiness and national security. In the wave of the global informatization, Shanghai, as China's economic, financial, trade and shipping center, has its own features in the informatization and information security construction, and the security management of its information systems have taken shape. In different economic and social fields, there are a lot of information resource as well as application groups,because Shanghai's informatization and information security infrastructure are all developing quickly. Where are the security weakness and risks in these systems? How to improve their self-protective capacities? Government plays an important role. And an effective management framework is critical here.In this context, an analysis is made on the status quo of Shanghai's security supervision of information systems and a suitable supervision framework is proposed in the thesis, with the aim of enhancing the information security supervision in the city.Chapter One, Some issues on the information systems security are described on the basis of wide research. More attention is given to the analysis of information system goal, the establishment of the security model,an importance evaluation model of information systems based on a city's security influence and the use of risk management in the information system security supervision, laying a foundation for the later design of the supervision framework. Besides, the need of information system supervision in Shanghai is elaborated from the perspectives of establishing a harmonious society, building the city's information security guarding system and improving the city's capacity of safeguarding the key information systems.Chapter Two, Both the domestic and overseas situation of information system security supervision are analyzed. In terms of the overseas situation, description of the supervision means in US and UK is given. For the domestic situation, the focus is given to the challenges that the present information system security supervision framework is facing, including generally low protection level of the basic information networks and key information systems, too many supervising parties, absence of whole-process security supervision and incompletion of the relevant laws and regulations.Chapter Three, Based on the status quo of Shanghai's information system security supervision, analysis is given on the essential problems in the information system security supervision.Chapter Four, According to the problems in Shanghai's information system security supervision and its actual need, and based on the features of the different phases of the information system's life cycle, the key points in the design of the supervising framework is analyzed from the perspectives of the risk evaluation in the development, the security testing of the system before operation and regular evaluation and testing during the operation. Based on this, a set of relatively complete regulation is offered to ensure the government to fulfill its supervising role, which includes the rules on the examination of the security plan, rules on the risk evaluation, rules on the testing of system security, rules on the emergency plan and exercise, rules on the system security report and rules on the security training. Furthermore, how to evaluate the effectiveness of the supervision framework and the supporting measures for these rules are also described.Chapter Five,Summarizes the whole thesis.This study on the supervision framework of key information systems emphasizes on the importance of the risk management and system life cycle in the framework design as well as implementation and tries to form an information system security management pattern which fits in with Shanghai and China's special situation, with the hope that it would help to enhance the national information security, the city informatization development and further strengthen the foundation of the city's information security system.