Please wait a minute...
档案学研究  2021, Vol. 35 Issue (3): 97-105    DOI: 10.16065/j.cnki.issn1002-1620.2021.03.014
     档案信息化 本期目录 | 过刊浏览 |
档案上云安全吗?—政务云环境中的档案安全风险分析
何思源1,2,3,刘越男1,2,3
1 数据工程与知识工程教育部重点实验室 北京 100872
2 中国人民大学信息资源管理学院 北京 100872
3 中国人民大学电子文件管理研究中心 北京 100872
Are Records in the Cloud Secure Enough?—Security Risk Analysis of Records Management in Government Cloud Environment
Siyuan HE1,2,3,Yuenan LIU1,2,3
1 Key Laboratory of Ministry of Education for Data Engineering and Knowledge Engineering,Beijing 100872
2 School of Information Resource Management in Renmin University of China,Beijing 100872
3 Electronic Records Management Research Center of RUC,Beijing 100872

输出:BibTeX | EndNote (RIS)      
摘要: 

档案上云既是政务信息系统集约化建设的必然趋势,也是实现档案工作提质增效的战略举措。在探索过程中,档案工作者既满怀期待,又心存顾虑,安全问题已成为制约档案行业采用云计算服务的关键因素。文章聚焦我国政务云环境,遵循风险管理基本流程,首先基于现有学术文献和政策文本,参照风险构成三要素,从风险因素、风险事件和风险损失三个维度探讨政务云环境中的档案安全风险;然后采用面向档案工作者的问卷调查法和面向专家的德尔菲法对风险因素进行排序和分级,评估风险发生的概率和危害的程度,以期为制定档案云安全保障策略提供参考,推动档案事业融入社会信息化和数字政府建设大局。
Abstract

The application of cloud computing in records and archives management(RAM)is not only an inevitable trend of intensive construction of government information system, but also a strategy to improve the quality and efficiency of RAM. In practice, records managers and archivists are full of expectations but worry about security issues. Security has become a key factor restricting the adoption of cloud computing in the field of RAM. This paper focuses on the government cloud in China and follows the basic process of risk management. Firstly, based on the existing academic literature and policies, referring to the three elements of risk, it discusses the records security risks in government cloud environment from the three dimensions of risk factors, risk events and risk losses. Then, it uses RAM professionals-oriented questionnaire survey and experts-oriented Delphi method to rank and grade the risk factors and assesses the probability of risk occurrence and the degree of hazards, in order to provide references for the development of records security strategy in cloud environment, and promote the integration of RAM into the overall situation of social informatization and digital government construction.
出版日期: 2021-06-17
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
引用本文:

何思源,刘越男. 档案上云安全吗?—政务云环境中的档案安全风险分析[J]. 档案学研究, 2021, 35(3): 97-105.
Siyuan HE,Yuenan LIU. Are Records in the Cloud Secure Enough?—Security Risk Analysis of Records Management in Government Cloud Environment. Archives Science Study, 2021, 35(3): 97-105.

链接本文:

http://journal12.magtechjournal.com/Jwk_dax/CN/10.16065/j.cnki.issn1002-1620.2021.03.014      或      http://journal12.magtechjournal.com/Jwk_dax/CN/Y2021/V35/I3/97

[1] Duranti L. A Clear Sky Forecast on a Cloudy Day:Making, Keeping and Preserving Records in a Public Cloud Environment[EB/OL]. [2020-06-19]. http://ada2014.ffzg.unizg.hr/wp-content/uploads/2014/07/08-Duranti-Making-Keeping-and-Preserving-Records-in-a-Public-Cloud-Environment.pdf.
[2] 国家档案局办公室. 关于档案部门使用政务云平台过程中加强档案信息安全管理的意见[EB/OL]. [2020-06-19]. http://www.saac.gov.cn/daj/tzgg/202005/9885bb218bb9452eb56c30aa27e28e1a.shtml.
[3] 朝乐门. 云计算环境下的电子文件迁移模型研究[J]. 档案学通讯, 2013(1):53-56.
[4] 杨巍, 李刚. 云计算环境下电子文件管理面临的问题浅析及对策[J]. 档案与建设, 2012(11):9-13.
[5] 崔海莉, 张惠达. 云计算环境下档案信息管理系统风险分析[J]. 档案学研究, 2013(1):56-60.
[6] 赵屹. 机遇与风险:云计算环境下的电子文件管理[J]. 档案与建设, 2013(10):4-6.
[7] Stuart K, Bromage D. Current State of Play:Records Management and the Cloud[J]. RecordsManagement Journal, 2010(2):217-225.
[8] Duranti L, Rogers C. Trust in Digital Records:An Increasingly Cloudy Legal Area[J]. Computer Law & Security Review, 2012(5):522-531.
[9] Duranti L. Preservation in the Cloud:Towards an International Framework for a Balance of Trust and Trustworthiness[A].Katre D,Giaretta.APA/C-DAC International Conference on Digital Preservation and Development of Trusted Digital Repositories[C]. New Delhi:EXCEL INDIA PUBLISHERS, 2014:23-38.
[10] 刘越男. 云中的机遇与风险:云计算环境下国外文件(档案)管理指南研究[A]. 刘越男. 2010-2015年电子文件管理发展与前沿报告[C]. 北京: 电子工业出版社, 2016:94-98.
[11] 程妍妍. 云计算环境下国外政府电子文件管理面临的挑战与实践[J]. 浙江档案, 2016(2):14-17.
[12] Borglund E. What About Trust in the Cloud? Archivists’ Views on Trust[J]. Canadian Journal of Information and Library Science, 2015(2):114-127.
[13] Mcleod J, Gormly B. Using the Cloud for Records Storage: Issues of Trust[J]. Archival Science, 2017(2):1-22.
[14] Archives & Records Association UK & Ireland. Storing Information in the Cloud: Project Report.[EB/OL].(2010-09-29)[2020-06-19]. http://static1.1.sqspcdn.com/static/f/787579/11572108/1301987771347/Cloud_computing_report_final-1.pdf?token=dlRSLiUNPpAyun6spBifkPUB868%3D
[15] InterPARES Trust Project. 10-Contract Terms with Cloud Service Providers[EB/OL].(2016-01-30)[2020-06-19]. https://interparestrust.org/assets/public/dissemination/NA10_20140520_ContractTerms_NAWorkshop3_Report_Final.pdf
[16] McKemmish S. Recordkeeping and Archiving in the Cloud.Is There a Silver Lining?[EB/OL]. [2020-06-19]. http://infoz.ffzg.hr/INFuture/2013/papers/1-02%20McKemmish,%20Recordkeeping%20and%20Archiving%20in%20the%20Cloud.pdf.
[17] Brown A, Fryer C. Achieving Sustainable Digital Preservation in the Cloud[EB/OL]. [2020-06-19]. http://www.girona.cat/web/ica2014/ponents/textos/id87.pdf.
[18] Oliver G, Knight S. Storage is a Strategic Issue:Digital Preservation in the Cloud[J/OL]. D-Lib Magazine[2021-02-27].http://dlib.org/dlib/march15/oliver/03oliver.html.
[19] The National Archives of Australia. Guidance on Managing Records in Cloud Computing Environments[EB/OL].(2010-09-18) [2020-06-19]. http://www.archives.gov/records-mgmt/bulletins/2010/2010-05.html
[20] The National Archives of Australia. Cloud Computing and Information Management[EB/OL]. [2020-06-19]. http://www.naa.gov.au/information-management/store-and-preserve-information/storing-information/cloud-computing-and-information-management.
[21] The National Archives of Australia. A Checklist for Records Management and the Cloud[EB/OL]. [2020-06-19]. http://www.naa.gov.au/sites/default/files/2019-10/Cloud-checklist-with-logo-and-licence.pdf
[22] The National Archives of Australia. Cloud Information Governance Policy[EB/OL].(2020-09-18) [2020-06-19]. http://www.naa.gov.au/about-us/our-organisation/accountability-and-reporting/our-cloud-information-governance-policy .
[23] Council of Australasian Archives and Records Authorities. Advice on Managing the Recordkeeping Risks Associated with Cloud Computing[EB/OL].(2010-07-19) [2020-06-19]. http://www.sro.wa.gov.au/sites/default/files/adri_cloud_computing.pdf .
[24] The National Archives. How Cloud Storage Can Address the Needs of Public Archives in the UK[EB/OL]. [2020-06-19]. http://www.nationalarchives.gov.uk/documents/archives/cloud-storage-guidance.pdf.
[25] Archives New Zealand. Cloud Services:Information and Records Management Considerations[EB/OL].(2019-07-14)[2020-06-19]. https://www.archives.govt.nz/manage-information/resources-and-guides/operational/cloud-services
[26] 中央网络安全和信息化领导小组办公室. 关于加强党政部门云计算服务网络安全管理的意见[EB/OL].(2014-12-30)[2020-06-19]. http://www.cac.gov.cn/2015-06/26/c_1115736157.htm
[27] 国务院. 关于大力推进信息化发展和切实保障信息安全的若干意见[EB/OL].(2012-06-28)[2020-06-19]. http://www.gov.cn/zhengce/content/2012-07/17/content_5906.htm
[28] 叶陈刚, 郑洪涛. 内部控制与风险管理[M]. 北京: 对外经济贸易大学出版社, 2011: 156,157.
[29] 市值蒸发14亿,微盟的黑洞,正点燃一个板块的机会[EB/OL]. [2020-06-19]. http://t.cj.sina.com.cn/articles/view/3100860304/b8d35f9000100ley2.
[30] Society of American Archivists.Security[EB/OL]. [2020-06-19]. http://www2.archivists.org/glossary/terms/s/security.
[31] ARMA International. Glossary of Records and Information Management Terms,5th Ed[EB/OL]. [2020-06-19]. http://www.arma.org/store/ViewProduct.aspx?id=10477245.
[32] 杨茜雅, 赵中新, 季德超. 云计算助推档案信息化的跨越式发展[J]. 中国档案, 2013(1):69-71.
[33] 程妍妍. 基于云的文件和档案管理问题研究[J]. 档案学研究, 2017(2):35-39.
[34] 张健. 电子文件信息安全管理研究[M]. 北京: 中国出版集团, 2012:133-135.
[35] 刘洋. 黑龙江省档案信息资源云共享平台建设研究[D]. 哈尔滨:哈尔滨工业大学, 2016.
[36] 杜梅, 蔡盈芳, 周文泓. 基于云服务的电子文件安全与保密研究[J]. 档案学研究, 2017(S1):28-34.
[37] 国家档案局办公室. 档案信息系统安全保护基本要求[EB/OL]. [2020-06-19]. http://www.saac.gov.cn/daj/xxgk/201601/27556e245b4247b09039b0609c78d3ef.shtml.
[38] 国家档案局办公室. 档案馆安全风险评估指标体系[EB/OL]. [2020-06-19]. http://www.saac.gov.cn/daj/yaow/201902/4b764375c7e643619cb96ef330b0ed87.shtml.
[39] Eskesen S D, Tengborg P, Kampmann J, et al. Guidelines for Tunnelling Risk Management:International Tunnelling Association,Working Group No. 2[J]. Tunnelling and Underground Space Technology, 2004(3):217-237.
No related articles found!
版权所有 ©《档案学研究》编辑部 | 联系我们
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn