检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:马力[1] MA Li(Information Classified Security Protection Evaluation Center of the Ministry of Public Security,Beijing 100142,China)
机构地区:[1]公安部信息安全等级保护评估中心,北京100142
出 处:《信息网络安全》2020年第5期1-10,共10页Netinfo Security
摘 要:文章分析了网络安全等级保护2.0时期国家标准的新变化对等级测评结论可能产生的影响,并用实际案例和数据论述了以往描述的基于测评指标和基于测评对象的定量分析方法存在的局限性。根据网络安全等级保护国家标准结构和内容的新特点,结合新的等级测评结论表述方法,文章提出了调整和优化定量计算产生等级测评结论的思路,给出了缺陷扣分的原理和缺陷扣分的定量计算方法,并比较了各种定量计算方法在计算结果上的差异,提出了适合新标准的测评结论定量计算公式。This paper analyzes the possible impact of the new changes of the national standard in classified protection of cybersecurity in the period of 2.0 on the assessment conclusions,and discusses the limitations of the quantitative analysis methods based on assessment indicators and assessment objects described in the past with actual cases and data,and puts forward the idea of adjusting and optimizing quantitative calculation to produce the assessment conclusions according to the new characteristics of the structure and content of the national standard in classified protection of cybersecurity.The principle of defect deduction and the quantitative calculation method of defect deduction are given,and the difference in the calculation results of various quantitative calculation methods is compared with the example,and the quantitative calculation formula of the assessment conclusion is proposed suitable for the new standard for the reader to analyze and reference.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.145