Web站点安全体系结构的研究与设计企业管理专业论文.docxVIP

哈尔 哈尔滨工业大学管理学硕士学位论文 哈尔 哈尔滨工业大学管理学硕士学位论文 - - PAGE IV - - - III - Abstract In today opening and distributing network environment, the problems of managing and controlling information security in Web Sites have become more and more important. Traditional security models are mostly limited in computers and networks, focus on technology processes too much, and so that ignore the most basic source and the importance of management in security problems. There is a saying in the field of management, “seventy percent management, and thirty percent technology”. Practices have proved that in information security, effects caused by reasons of people, organization and management are far more than security technology and products. So, in order to solve the security problems, people have become to regard the factors besides technology and products more and more importantly. Therefore, the purpose of this article is to do some research on the Web Sites’ security system structure in management field, which integrates the Systems Security Engineering Capability Maturity Model (SSE-CMM). This article first analyzes current situations of Web Sites’ security, then summarizes the characteristics of Web Sites’ security, based on SSE-CMM, combines the new generation of information security design methods, inosculates security best practice, project management facing process project management, risk management, system life cycle security and so on, establishes an management model of Web Sites’ security engineering. The mode contains 11 process areas (PA), 61 basic practices (BP), making it be possible for an enterprise to achieve security goals by process improvement. Either SSE-CMM or intelligence security project lifecycle mode gives only the principles in security system construction instead of the reference mode or operable way. This thesis describes security dimension from different views, gives multi-view system mode, which contains operation, protocol layers, security zone, securi