检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:张新跃[1] 冯燕春 李若愚 Zhang Xinyue;Feng Yanchun;Li Ruoyu(China Internet Network Information Center, Beijing 100190;National Research Center for Information Technology Security, Beijing 100044)
机构地区:[1]中国互联网络信息中心,北京100190 [2]国家信息技术安全研究中心,北京100044
出 处:《网络空间安全》2019年第1期55-60,共6页Cyberspace Security
摘 要:网络安全法从立法上明确了国家关键信息基础设施要在等级保护基础上实行重点保护,并要求定期进行安全风险检测评估。文章首先分析了关键信息基础设施的重要特性和安全保障要点,基于当前最新的风险评估标准模型,结合行业最佳实践,提出了基于关键信息基础设施业务特点识别关键属性,并围绕关键属性进行风险评估的方法论,给出了基于二维矩阵的风险分析实施方法、相关内容作为关键信息基础设施检查评估国家标准的重要补充,将为关键信息基础设施安全评估工作的执行提供参考。The network security law makes it clear from the legislation that the national critical information infrastructure should be protected on the basis of hierarchical protection and grade protection, and requires regular security risk detection and assessment. Firstly, this paper analyses the important characteristics and key security feature of the critical information infrastructure, and puts forward the critical information based on the latest risk assessment standard model and industry best practices. Based on the methodology of identifying critical features and risk assessment around critical features, the implementation method of risk Assessment based on two-dimensional matrix is presented. As an important supplement to the national standards of critical information infrastructure inspection and assessment, the relevant contents will provide reference for the implementation of critical information infrastructure security assessment.
分 类 号:TN711[电子电信—电路与系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28