本文選題：信息系統(tǒng) + 安全性　； 參考：《廈門大學》2007年碩士論文

【摘要】： 隨著信息技術(shù)和信息系統(tǒng)的迅速發(fā)展,越來越多企業(yè)開始運用信息系統(tǒng),提高服務和管理水平,增強企業(yè)的競爭力,特別是互聯(lián)網(wǎng)的迅猛發(fā)展,使得信息系統(tǒng)已無所不在地影響著企業(yè)經(jīng)營管理和社會生活的方方面面,與此同時,信息技術(shù)固有的安全風險,以及針對重要信息系統(tǒng)和信息資產(chǎn)的入侵行為也呈上升趨勢,信息系統(tǒng)的安全問題已引起社會各界的廣泛關(guān)注。如何通過信息系統(tǒng)的安全性審計,以認證企業(yè)(單位)所使用的信息系統(tǒng)的安全性是否達到企業(yè)或使用者的安全需求,已逐漸成為審計業(yè)務新增長點,但在我國,信息系統(tǒng)審計尚沒有一套專業(yè)技術(shù)規(guī)范,更沒有針對信息系統(tǒng)安全性審計的技術(shù)規(guī)范及實施指南,目前不僅對信息系統(tǒng)安全性審計的目標和范圍不明確,而且所采用的通過對系統(tǒng)生命周期內(nèi)相關(guān)活動、系統(tǒng)功能及構(gòu)件的審計,來評價系統(tǒng)安全性的審計方法,也存在審計周期長、審計成本高的缺陷,針對這些問題,本論文探討了信息系統(tǒng)安全性審計的目標和范圍,以及運用風險導向?qū)徲嫹椒ㄟM行信息系統(tǒng)安全性審計的辦法,并對審計過程必須考慮的風險識別和審計風險評估等有關(guān)問題進行研究,為今后開展信息系統(tǒng)安全性審計工作打下理論和實踐基礎。 本論文分為六個部分:第一章分析了信息系統(tǒng)的組成、發(fā)展及其所存在的風險,以及實施信息系統(tǒng)安全防御的策略;第二章通過對信息系統(tǒng)安全性內(nèi)涵的探討,闡述了信息系統(tǒng)安全性審計含義、產(chǎn)生及其發(fā)展概況;第三章探討了信息系統(tǒng)安全性審計目標、范圍及常用信息系統(tǒng)安全性審計技術(shù)及其特點,為實施信息系統(tǒng)安全性審計打下基礎;第四章闡述了風險導向?qū)徲嫺拍罴捌涮攸c,并提出了風險導向?qū)徲嫹椒ㄔ谛畔⑾到y(tǒng)安全性審計中的應用方法,同時,對信息系統(tǒng)風險識別和評估、信息系統(tǒng)安全性審計計劃制定和審計風險評估等有關(guān)問題進行研究;第五章探討了如何評價被審計信息系統(tǒng)安全性,并提出了從信息系統(tǒng)安全治理的成熟度和計算機信息系統(tǒng)的安全級別兩個方面,對被審計系統(tǒng)安全性發(fā)表審計意見的方法;第六章通過對我國現(xiàn)有信息系統(tǒng)安全性審計現(xiàn)狀的分析,提出我國信息系統(tǒng)安全性審計的發(fā)展策略。
[Abstract]:With the rapid development of information technology and information system, more and more enterprises begin to use information system, improve the level of service and management, enhance the competitiveness of enterprises, especially the rapid development of the Internet. The information system has already affected all aspects of business management and social life everywhere. At the same time, the inherent security risks of information technology, as well as the invasion of important information systems and information assets, are also on the rise. The security of information system has attracted wide attention from all walks of life. How to pass the security audit of information system to verify whether the security of the information system used by enterprises (units) meets the security needs of enterprises or users has gradually become a new growth point of audit business, but in our country, There is not a set of professional technical specifications for information system audit, and there is no technical specification and implementation guide for information system security audit. At present, the objectives and scope of information system security audit are not clear. Moreover, the audit method used to evaluate system security by auditing related activities, system functions and components in the system life cycle also has the defects of long audit cycle and high audit cost. This paper discusses the goal and scope of information system security audit, and the method of applying risk-based audit method to information system security audit. In order to lay a theoretical and practical foundation for the information system security audit in the future, this paper studies the related problems such as risk identification and audit risk assessment that must be considered in the audit process. This paper is divided into six parts: the first chapter analyzes the composition, development and risk of information system, as well as the implementation of information system security defense strategy. This paper expounds the meaning, emergence and development of information system security audit. Chapter three discusses the goal, scope, common information system security audit technology and its characteristics of information system security audit. The fourth chapter expounds the concept and characteristics of risk-based audit, and puts forward the application method of risk-based audit in information system security audit, at the same time, Research on information system risk identification and evaluation, information system security audit plan formulation and audit risk assessment. Chapter five discusses how to evaluate the security of audited information system. It also puts forward the methods of issuing audit opinions on the security of the audited system from two aspects: the maturity of the information system security governance and the security level of the computer information system. The sixth chapter analyzes the present situation of information system security audit in our country, and puts forward the development strategy of information system security audit in our country.
【學位授予單位】：廈門大學
【學位級別】：碩士
【學位授予年份】：2007
【分類號】：F239.1

【引證文獻】

相關(guān)期刊論文 前1條

1 徐敏芝;;基于B/S模式高職院校教學管理系統(tǒng)安全性保障策略研究[J];電腦知識與技術(shù);2010年20期

相關(guān)碩士學位論文 前1條

1 張瑤;基于信息系統(tǒng)的計算機審計研究[D];山西財經(jīng)大學;2010年

，

本文編號：1934211