铁路信息系统的安全评估及策略研究.pdfVIP

要 铁路的跨越式发展促进了铁路信息化的大发展，铁路信息系统是指在铁路运 输组织、客货营销、经营管理三个层面的信息化，它包括相关的硬件设备、网络、 电力、应用系统、管理维护等。计算机病毒、非法入侵、信息盗窃日益普遍，铁 路信息系统面临着各种各样的安全威胁，它的安全问 并逐步受到铁路信息部门 和相关单位的重视，进行广泛的安全评估是完全有必要的。 铁路信息系统的安全评估工作还刚起步，本文结合铁路信息系统的实际情况， 系统地介绍了铁路信息系统的建设情况，从技术漏洞、管理制度、人为因素等方 面分析了铁路信息系统现状并指出了存在的问题，依据安全评估体系和方法，对 铁路信息系统进行安全评估，并以实例的方法说明了安全评估的过程，针对存在 的问 从技术安全策略、管理安全策略、等级保护和建立铁路信息系统安全管理 体系几个方面提出了相应的策略。 关键词：铁路信息系统 安全评估 安全策略 安全管理体系 1 Abstract Railway informational management system has seen great development with the leaping forward of train transportation. This system mainly refers to the information technology applied to aspects such as transportation arrangements, and business management, which deals with management of the facilities, network, and application system. The railway informational security is under all kinds of threats with computer viruses, illegal access and informational breach spreading more widespread day by day. The security issues have drawn great attention from railway informational department and concerning sects. It is absolutely necessary to have thorough and extensive security assessments. It is absolutely necessary to have thorough and extensive security assessments, which are still on its early stage. This thesis first focuses on the current practices in railway information system together and progress in its construction then moves forward to talk about its potential problems caused by technological loophole, management, and human resources according to Assessments and Methods for Security systems. Examples are given to demonstrate this process for evaluation. At the same time, strategies to solve the existent problems are offered in various aspects, including tactics for technological