According to characteristics and the realistic need of digital library, the paper takes the common criteria of ISO27002 as a standard, summarizes some control measures for information security management of digital library. Then it screens out the core control elements and referenced control elements about information security in digital library, and carries out risk control on digital library from organization control and technology control.
黄水清 任妮. 数字图书馆信息安全风险控制*[J]. 现代图书情报技术, 2010, 26(7/8): 39-44.
Huang Shuiqing Ren Ni. Control of Information Security Risk in Digital Libraries. New Technology of Library and Information Service, 2010, 26(7/8): 39-44.
[1] 北京知识安全工程中心.信息安全风险评估——概论、方法和实践[M].北京:中国标准出版社,2007:40-43.
[2] ISO/IEC 27001:2005, Information Technology—Security Techniques—Information Security Management Systems—Requirements[S]. Geneva: International Organization for Standardization, 2005.
[3] ISO/IEC 27002:2005,Information Technology-Security Techniques-Code of Practice for Information Security Management [S]. Geneva: International Organization for Standardization, 2005.
[4] ISO/IEC 27006:2007, Information Technology—Security Techniques—Requirements for Bodies Providing Audit and Certification of Information Security Management Systems[S].Geneva: International Organization for Standardization, 2007.
[5] 张红旗,王新昌,杨英杰,等.信息安全管理[M].北京:人民邮电出版社,2007:98-116.