信息资源管理学报 ›› 2021, Vol. 11 ›› Issue (3): 50-58.doi: 10.13365/j.jirm.2021.03.050

• 专题-数据治理制度建设 • 上一篇    下一篇

云环境中学术数据安全事件的风险致因及其检视——以事故致因理论为视角

文禹衡 戴文怡   

  1. 湘潭大学知识产权学院,湘潭,411105
  • 出版日期:2021-05-26 发布日期:2021-06-22
  • 作者简介:文禹衡,讲师、硕士生导师,研究方向为数据安全与治理,jsjmyh@163.com;戴文怡,硕士生,研究方向为数据安全与治理。
  • 基金资助:
    本文系2018年度湖南省哲学社会科学基金一般项目“数据确权的范式嬗变、概念选择与归属主体”(18YBA419)和司法部法治建设与法学理论研究部级科研项目“数据确权与交易法律问题研究”(18SFB2038)成果之一。

Risk Cause and Validation of Academic Data Security Incidents in Cloud Environment——From the Perspective of the Theory of the Accident-causing

Wen Yuheng Dai Wenyi   

  1. School of Intellectual Property, Xiangtan University,Xiangtan,411105
  • Online:2021-05-26 Published:2021-06-22

摘要: 引入事故致因理论,以此为视角审视云环境中学术数据安全事件的风险致因。基于云环境分析学术数据安全事件与风险之间的关系,为学术数据安全事件发生前的预防与发生后的应急提供参考和依据。在“环境-物-人”的框架内,将云环境中学术数据安全事件的风险致因类型化,并以学术数据泄露、丢失、篡改和滥用的安全事件为例进行检视。云环境中学术数据安全事件的风险致因有环境致因(云环境)、物的致因(硬件错误、固件错误、软件缺陷等)和人的致因(安全意识、操作行为、管理行为、滥用行为),而某一具体安全事件的发生可能是单致因、双致因甚至是多致因作用的结果。

关键词: 学术数据, 安全事件, 事故致因, 云环境, 数据管理, 数据泄露, 数据篡改

Abstract: Based on the theory of accident causation, this paper examines the risk causation of academic data security incidents in cloud environment. Based on cloud environment, the relationship between academic data security incidents and risks is analyzed to provide reference and basis for prevention and emergency response. In the framework of "environment-object-human", the risk causes of academic data security incidents in cloud environment are categorized, and the security incidents of academic data leakage, loss, tampering and abuse are examined. Risk causes of academic data security incidents in the cloud environment includes environmental causes (cloud environment), object causes (hardware errors, firmware errors, software defects, etc.) and human causes (security awareness, operating practices, managerial practices, abuse), and the occurrence of a specific security incident may be the result of single, double or even multiple causes.

Key words: Academic data, Security incidents, Accident-causing, Cloud environment, Data management, Data breach, Data tampering

中图分类号: