Control and Management of National Academic Information Resources Security in Cloud Computing Environment

  • Wan Li ,
  • Hu Changping
Expand
  • 1. School of Journalism & Communication, Nanchang University, Nanchang 330031;
    2. School of Information Management, Wuhan University, Wuhan 430072

Received date: 2018-07-16

  Revised date: 2018-10-27

  Online published: 2019-04-05

Abstract

[Purpose/significance] In order to provide references for national academic information resources security, this paper aims to construct the security control framework for national academic resources in cloud computing environment. [Method/process] Based on Human-Machine-Environment organic unity in safety control theory of conventional complexity system, and Information Assurance Technical Framework that combines "the people, the operation, the technology", this paper integrates the key domain and governance domain in information security guarantee to construct the above security control framework. [Result/conclusion] Under the cloud computing environment, the key domains in the national academic information resources security include personnel management, control strategy, and safety assessment. The framework contains not only the national academic information resources security strategy, but also effectiveness measurements of it.

Cite this article

Wan Li , Hu Changping . Control and Management of National Academic Information Resources Security in Cloud Computing Environment[J]. Library and Information Service, 2019 , 63(7) : 5 -14 . DOI: 10.13266/j.issn.0252-3116.2019.07.001

References

[1] 王惠莅,杨晨,张明天,等.SP800系列信息安全标准研究[J].信息技术与标准化,2011(5):65-69.
[2] ISO/IEC-27003(CN)信息技术-安全技术信息安全管理体系实施指南[EB/OL].[2018-07-04].https://wenku.baidu.com/view/53ff26b6dd36a32d737581dd.html.
[3] 温克勒.云计算安全:架构、战略、标准与运营[M].刘戈舟,等译.北京:机械工业出版社,2012.
[4] Security and Privacy Controls for Federal Information Systems and Organizations[EB/OL].[2018-07-04].http://go.thalesesecurity.com/rs/480-LWA-970/images/NIST-Special-Publication-800-53-Revision-4.pdf.
[5] ISO/IEC 27017:2015 Information technology-Security techniques-Code of practice for information security controls based on ISO/IEC 27002 for cloud services[EB/OL].[2018-07-17].https://www.iso.org/standard/43757.html.
[6] ISO/IEC 27017 Extending ISO/IEC 27001 into the Cloud[EB/OL].[2018-07-17].https://www.bsigroup.com/Documents/iso-27017/resources/ISO-27017-overview.pdf.
[7] FedRAMP.Security Assessment Framework[EB/OL].[2018-07-17].https://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/482/2015/01/FedRAMP-Security-Assessment-Framework-v2-1.pdf.
[8] CSA CCM V3.0.1[EB/OL].[2018-07-17].https://cloudsecurityalliance.org/search/?s=Cloud+Controls+Matrix+v3.0.1.
[9] CAIQ (Consensus Assessments Initiative Questionnaire)[EB/OL].[2018-10-21].https://searchcloudsecurity.techtarget.com/definition/CAIQ-Consensus-Assessments-Initiative-Questionnaire.
[10] Security guidance for critical areas of focus in cloud computing v3.0[EB/OL].[2018-07-17].https://downloads.cloudsecurityalliance.org/assets/research/security-guidance/csaguide.v3.0.pdf.
[11] 胡昌平,吕美娇.云环境下国家学术信息资源安全保障组织研究现状与问题[J].情报理论与实践,2017,40(11):10-16.
[12] 王瑛汪送.复杂系统风险传递与控制[M].北京:国防工业出版社,2015.
[13] 虞文进,李健俊.基于IATF思想的网络安全设计和建设[J].信息安全与通信保密,2010(1):122-125.
[14] 云安全控制矩阵ccm中英文版[EB/OL].[2018-06-29].https://max.book118.com/html/2018/0303/155631961.shtm.
[15] 赵彦龙.UCDRS系统的功能特点及其在图书馆联合参考咨询服务网络中的应用[J].数字图书馆论坛,2006(7):66-68.
[16] 胡俊荣.构建跨系统联合数字参考咨询服务网络平台[J].图书情报工作,2006,50(5):83-87.
[17] 陈驰,于晶,等.云计算安全体系[M].北京:科学出版社,2014.
[18] 王祯学.信息系统安全风险估计与控制理论[M].北京:科学出版社,2011.
[19] 赵章界,刘海峰.美国联邦政府云计算安全策略分析[J].信息网络安全,2013(2):1-4.
[20] 周亚超,左晓栋.网络安全审查体系下的云基线[J].信息安全与通信保密,2014(8):42-44.
[21] 李天枫,姚欣,王劲松.大规模网络异常流量实时云监测平台研究[J].信息网络安全,2014(9):1-5.
[22] KPMG银行业操作风险研讨会.操作风险管理及与内控、合规管理的有机结合[EB/OL].[2018-06-29].https://wenku.baidu.com/view/8c790dfe03d276a20029bd64783e0912a2167c98.html?from=search.
[23] Trusted Computer System Evaluation Criteria[EB/OL].[2018-06-29].https://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria.
[24] BS7799-1:1999信息安全管理[EB/OL].[2018-06-29].http://doc.mbalib.com/view/8448db6df953cf0870802975331ebf51.html.
[25] NIST Special Publication 800-53A,Revision 1,Guide for Assessing the Security Controls in Federal Information Systems and Organizations[EB/OL].[2018-06-29].https://www.nist.gov/itl/nist-cloud-computing-related-publications.
[26] 信息安全技术信息系统安全等级保护测评过程指南[EB/OL].[2018-06-29].http://tds.antiy.com/biaozhun/6/index.html.
[27] 肖国煜.信息系统等级保护测评实践[J].信息网络安全,2011,36(7):86-88.
[28] 杨磊,郭志博.信息安全等级保护的等级测评[J].中国人民公安大学学报(自然科学版),2007,13(1):50-53.
Outlines

/