Hu Zhongkui
(Gansu Province Land Resources Information Center)
Abstract The study of electronic documents is different from the formation of paper documents features, is the development of scientific electronic document management strategy, so as to implement the effective management of the base point. This paper mainly discusses the factors and problems affecting the security of electronic information, analyzes the main factors for safeguarding the security of electronic information, and puts forward a strategy for safeguarding the security of electronic information.
Keywords Electronic Information Security
0 Introduction
Electronic files are digital files related to archive management that appear in the process of informationization development, and their main features lie in the characteristics of digitization and the dependence of computer hardware and software. People have always regarded archives as an important carrier of social memory, and long-term safe preservation of electronic information is the proper meaning of archival work, and how to realize long-term safe preservation of electronic information with dependency in the information environment is the lifeline of electronic archival work. Research on electronic information security mechanism is conducive to broadening the research field of archival conservation, the development of archival conservation theory, the prosperity of the archival theoretical system, to guide the construction of archival informationization and archival cause of healthy and sustainable development.
How to extend the life of digital information is an important issue in the development of digital archives. However, because digital information to rely on computer hardware and software in order to be utilized, and computer hardware technology is constantly evolving, in the outdated hardware and software platform can be read out of the information is not necessarily read out by the current or future hardware and software platforms, this can not be accessed by the information, the life of its longer is also useless. Due to the inherent software and hardware dependence of electronic information, the volatility of the information environment, the instability of the digital carrier, coupled with a variety of special requirements in the data management activities, are to the electronic archives of information long term security and preservation of difficulties. At the same time, we should also be sober enough to realize that the long term security of electronic archives information preservation is a complex system, the need for a comprehensive technical, managerial, legal and various factors affecting the overall planning.
1 The main factors affecting the security of electronic information
The factors affecting the security of electronic information are both internal and external factors; both subjective and objective reasons. File made of material damage is the result of the combined effect of internal and external factors, subjective and objective factors. Specifically, the factors affecting the information security of electronic archives are mainly natural factors, environmental factors, technical factors, social factors, management factors and financial factors. At present, in the electronic archive information security operation and management, due to the impact of these factors, there are mainly the following problems:
1.1 Electronic information security management awareness needs to be strengthened
With the geological data information services cluster industrialization process, the data electronic information on the degree of dependence on network resources in the continuous enhancement of the information information information security and even national security involved All major problems will gradually appear on the network. Information information systems face from all sides of the security threat is not only growing, and presents a more frequent, more challenging and high-tech momentum.
The current understanding of electronic information security there are mainly such misunderstandings: a belief that as long as the system or computer is equipped with security products means security, a mention of the Internet is the first to think of purchasing security products, such as firewalls, etc., do not know that any one kind of security products can only be in a certain environment and conditions to play a role in security. Security issues are constantly changing, security technology is also in constant development, security vulnerabilities will continue to be found, so although the configuration of security products can reduce security risks, but can not completely eliminate security risks. Moreover, security products are also operated, used and managed by human beings. If the security awareness of the relevant personnel is not strong or they lack the necessary knowledge of security management, it will also bring great security risks. If there is no security awareness of the management personnel to improve, what advanced equipment will become virtually null and void. Practice shows that many information security problems are often not in the equipment, but precisely in the security awareness of managers. Some security experts have analyzed the history of electronic intrusion cases, the conclusion is that most of the means of invasion is very general, the internal management of the laxity of the hacker's big help. More powerful hackers to implement the attack, but also in the existing information systems to find a breakthrough, and these loopholes often come from the mistakes of internal personnel and management negligence.
1.2 The hidden worries of the security of the electronic information system itself
Since the electronic archive information is transmitted in the environment of the Internet, the private network and the local area network (LAN), so in the electronic archive information generation, management and service utilization of the various aspects of the information are faced with information security problems at different levels:
1) Network layer security. Network layer security is to support the operation of the system of physical equipment security issues, including network infrastructure, such as network cabling, network connectivity, the construction of LAN and WAN environment, the selection of equipment and its various links in the consideration of security strategies, network equipment security also involves a large number of network equipment used by the system, such as switches and routers, etc., the security of the equipment itself will have a direct impact on the network system and its The security of these devices will directly affect the normal operation of the network system and its applications. Network security also includes the network surrounding environment and physical characteristics caused by the failure of network equipment and communication lines resulting in network system failure, including earthquakes, lightning strikes, fires, floods and other environmental accidents, power failures, human errors or mistakes in operation, electromagnetic interference, etc., may constitute a certain degree of harm to the archive information network.
2) Data layer security. The security system of electronic information is a database application system characterized by data storage and query, mainly involving the security of the data stored in the system, including the operating system, database management system, data storage, data backup, conversion of data formats, and various types of electronic documents for safekeeping and off-site storage, etc., as a result of the update of the version of the data, the conversion of the data format, accidental damage to the hardware equipment, the storage medium The data loss, data damage and even computer system damage and paralysis caused by data version update, data format conversion, accidental damage to hardware equipment, storage media aging, failure, natural disasters, etc., all pose a hazard to electronic information security.
3) Application layer security. Application layer security is an electronic management information system in the actual application of the operation of the process should consider the basic issues. In general, the file management information system's user model is divided into multiple levels, multiple roles, multiple functions or multiple forms of mixed use to define user rights respectively. Due to the actual operation of the computer, electronic data is quite fragile, always in a variety of intentional or unintentional damage to the threat, such as the operator's negligence caused by the entry of the deletion and data file coverage, the expiration date as the introduction of the current data, the rights of the irrational design of the general visitors to obtain different levels of privileges for the privilege to override the deletion and alteration of the malicious interpreters to crack the system's security defenses after the invasion, tampering and delete Data, users or staff to vent their dissatisfaction with the data storage media or computer violence damage, as well as computer crash, power failure, etc., will pose a serious danger to information security.
2 safeguard electronic information security strategy
Electronic file information security strategy should be safeguarded by the idea of security, technology and human resources security, legal system strategy security, standards security and other elements. Security ideological security is the premise of electronic archives information security, security technology and talent security is the support of electronic information security, security legal system strategy security is the means and core of electronic information security, security standards security is the basis of electronic information security.
2.1 Security Ideology Guarantee
Establish and adhere to a comprehensive, scientific and developmental view of electronic information security, is the ideological basis for safeguarding archival information security. Traditional security concept, confidentiality security concept, technical security concept, system security concept and network security concept are incomplete, incomplete, is static, one-sided, is the lack of dynamic, systematic conceptual understanding. The scientific concept of electronic information security is a synthesis of the information security subject, information security content, information security mode of understanding, is the electronic information record content, record mode and record carrier trinity of security concept. The new concept of information security is a historic leap for the establishment of a modern electronic information security system and planning electronic information security strategy, provides a correct theoretical guidance and value orientation.
Cultivating and enhancing the awareness of electronic information security is an important means of prevention and control of archival information security incidents. Strengthening electronic information crisis management can minimize and reduce the losses suffered by archival information. Improve the crisis management regulations and systems, the establishment of a network of crisis management institutions, the development of scientific and reasonable electronic disaster prevention and emergency plans, from the electronic information assets, electronic information facing security threats and security deficiencies, comprehensive and objective assessment of risk and analysis of the threat to do a good job of disaster prevention and emergency drills, training, archives off-site backup and other work, and improve the security of the decision-making and crisis prediction and response mechanism.
2.2 Security Technology and Talent Guarantee
Advanced scientific and technological research and application is the center of gravity for safeguarding electronic information security. Electronic information security technology not only involves the traditional "prevention" and "treatment" of technology, and has been extended to a variety of modern information technology. Traditional technologies and modern new technologies complement each other, combined with each other, from different perspectives, different levels to solve the problem of electronic information security, **** with the construction of electronic information security barrier.
Domestic and foreign scholars and archivists have made a lot of promising results in the study of electronic information protection technology. In order to adapt to the development of the new situation, do a good job in the development and updating of electronic information security technology. Accelerate the application, promotion and transformation of the results of electronic information security technology, in the introduction, digestion and absorption of scientific and technological achievements in related fields, at the same time, adhere to independent innovation, take the road of localization, the development of independent intellectual property rights, to ensure the security of electronic information, the core technology and key equipment.
In electronic information security, education and training of talents is one of the key elements. People are the biggest guardian of information security, but also the maker of information security problems. The advancement of electronic informationization and the development of the archive cause, the requirements for archive personnel are getting higher and higher. Set up a modern concept of talent, planned, focused, hierarchical, type, multi-form, multi-channel, to carry out the archives of electronic information security personnel training and education.
The problem of electronic archives information security, prevention also rely on effective industry self-regulation and professional ethics education. Self-discipline to play a role in safeguarding the security of archival information, on the one hand, to follow the applicable principles of effective self-discipline, on the other hand, to develop a more operational, objective self-regulatory norms. Develop a code of professional ethics for archivists, and effectively strengthen the professional ethics of archivists and information workers.
2.3 Security legal system strategy guarantee
Electronic archive information security legal system guarantee is an important aspect of the construction of archive information security guarantee. China has now promulgated the "Chinese People's **** and State Regulations on the Security Protection of Computer Information Systems", "Chinese People's **** and State Interim Provisions on the Management of International Networking of Computer Information Networks", "Measures for the Administration of the Protection of International Networking of Computer Information Networks", "Chinese People's **** and State Archives Act", "Chinese People's **** and State Law on the Preservation of State Secrets", "Chinese People's **** and State Electronic Signature Law", "Measures for the Administration of Computer Virus Prevention and Control" and "Regulations on the Protection of the Right to Disseminate Information Networks" and other laws and regulations, which have strongly promoted the work of archive information security protection. Applicable to China's socialist market economy, in accordance with the laws of the socialist market economy to adjust the archives social relations, is the electronic information security legislation, archives information security law enforcement and other activities in the basic guidelines. However, the relevant laws and regulations of China's archive informatization are not perfect enough. In the future legal construction of digital archive information security, we should insist on following the principle of democratic participation, the principle of justice and equality, the principle of reward and punishment, the principle of security protection, the principle of comprehensive coordination and the principle of innovation and development.
Establish and improve the electronic information security regulations. Electronic information security regulations for regulating the activities of the main body of electronic information, coordination and resolution of various contradictions, to ensure the security of archival information resources have an important role. China's archive information security legislation level for the national law, administrative regulations, local laws and regulations, regulations and normative documents at five levels. In accordance with different standards, the framework of electronic information security protection legislation system consists of different parts. In the development of regulations, attention should be paid to normative and operable, systematic and compatibility, management and development of equal importance, attention should be paid to absorbing and learning from domestic and foreign experience in the construction of information security laws and regulations, timely cleanup and revision of existing laws and regulations, and in due course to formulate the electronic information security protection law and other new regulations.
In the past, electronic information violations intuitive, easy to detect, means and methods are relatively simple. However, in the information age, electronic information violations, criminal behavior not only has the characteristics of conventional violations, but also presents the method of concealment, the diversity of means, the seriousness of the consequences and the complexity of the act and many other new features. In response to the new characteristics of illegal behavior, to strengthen the new period of electronic information administrative law enforcement.
3 Conclusion
Electronic information security contains theoretical and practical issues, is a multi-level, multi-factor, multi-objective complete system concept. Electronic information security has the attributes of comprehensiveness, relevance, dynamism, relativity, vulnerability, intelligence and certifiability. The security of electronic information is to ensure that the content of archival information in the generation, storage, processing, transmission and utilization of the entire process, to maintain its authenticity, integrity, reliability and long-term readability, as well as to ensure that the electronic archival information recording methods and recording carriers are not subject to any damage to the strategy and process. In the future of digital archives information security legal system and daily work, as long as all departments and units cooperate, will be able to guarantee the safety of electronic information.