检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:梁露露[1] 贺强[1] 宋璟[1] 白云波[1] 方硕[1]
出 处:《通信技术》2014年第5期549-556,共8页Communications Technology
摘 要:美国国家标准和技术研究院信息技术实验室为保护联邦信息系统的安全和隐私,开发了管理、技术、物理相关标准和指南。特别是在风险管理方面的研究,发布了特殊出版物800系列的研究报告,从项目建设规划、风险管理、安全意识培训等多方面形成一整套信息系统风险管理体系,成为美国和国际安全界广泛认可的实施标准和权威指南。风险评估是风险管理过程的核心内容,我国的风险评估研究尚处起步阶段,相关标准体系仍不完善。研究美国联邦信息系统和组织的风险管理体系,对美国联邦信息系统风险管理的原理和实施步骤进行了较为详细的阐释,这对促进我国风险管理标准体系的建立和风险评估业务的开展均具有重要意义。The Information Technology Laboratory (ITL) at the National Institute of Standards and Technol- ogy (NIST) develops administrative, technical, and physical standards and guidelines for the security and privacy of information in federal information systems. Especially in term of risk management for federal in- formation system, NIST issues a serial of Special Publication 800-series reports on ITL' s research, inclu- ding the plan of project implementation, risk management, security awareness training and so on. These publications, as the widely accepted standards and guidelines in the security industry provide a systematic process for risk management. Risk assessment is the key task in the process of risk management. However, in China, the study on the risk assessment is still in its initial stage and the standards on risk management are still insufficient. This paper makes a study on the risk management-related publications in NIST and gives an overview on the process of risk management in detail. It is very important and meaningful for pro- moting the establishing process of risk management standards system.
关 键 词:信息系统 风险管理 风险评估 美国国家标准和技术研究院
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.30