从“人、财、物”视角出发,提升网络空间的安全态势  被引量：4

作　　者：方滨兴 FANG Binxing(Harbin Institute of Technology(Shenzhen),Shenzhen 518055,China)

机构地区：[1]哈尔滨工业大学(深圳)计算机科学与技术学院,深圳518055 [2]信息内容安全技术国家工程实验室 [3]中国中文信息学会 [4]中国网络空间安全人才教育论坛 [5]中国网络空间新兴技术安全创新论坛

出　　处：《中国科学院院刊》2022年第1期53-59,共7页Bulletin of Chinese Academy of Sciences

摘　　要：网络安全已经成为保障经济发展、支撑现代科技进步的一个重要环节。随着万物依赖信息技术的应用,提升网络空间的安全态势变得愈发重要。如何采取有力的手段,切实提升网络空间的安全态势,是文章的核心命题。文章提出要从“人、财、物”的角度出发:(1)解决在网络安全人才供应不足的前提下,重点关注从其他信息技术领域平移过来的人才的能力认证问题,旨在向社会供应有细分领域才能的网络安全人才。(2)通过网络安全保险来解决残余风险的转移问题,以便解决在确定的网络安全态势前提下的成本控制问题;同时,通过网络安全保险来提升企业的风险管控水平,降低社会应对网络安全的总成本,树立企业网络安全应对能力的标杆,为企业的社会责任提供有效的应对工具,为网络安全产品提供能力背书。(3)通过“外打内”模式的网络靶场来提升信息技术产品的抗攻击能力,即通过构建符合系统孪生特性的影子系统来承受持续不断的众测,以强化相应系统的安全抗打击能力。通过这3种方式,达到大幅度提升网络安全态势的目标。Cyberspace security has been an important part in ensuring economic development and supporting the progress of modern science and technology.As more and more applications are relying on information technology(IT),it becomes very important to improve the security situation of cyberspace.How to take effective measures to practically improve the cyberspace security situation has become the core problem disscussed in this paper.This paper addresses it from the perspectives of“talent,finance and infrastructure”.First,on the premise of insufficient supply of cyberspace security talents,this paper proposes to establish the ability certification of talents transferred from other IT fields,in order to provide cyberspace security talents in many subdivided fields.Second,this paper proposes to solve the financial cost control problem under the determined cyberspace security situation through network security insurance,so as to improve the risk control level of enterprises,reduce the cost of social response to cyberspace security,establish the benchmark of response ability,and provide capability endorsement for security products.Third,this paper proposes to improve the anti-attack capability of IT products through the cyber range infrastructure with the“external attack internal”mode,which builds a shadow system to withstand continuous public testing,so as to strengthen the anti-attack capability of the corresponding system.Through the above three ways,the cyberspace security situation can be greatly improved.

关 键 词：安全态势 人才认定 网络保险 网络靶场 众测 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]