检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:顾翠 侯建宁 GU Cui;HOU Jianning(CETC Cyberspace Security Technology Co.,Ltd.,Beijing 100043,China)
机构地区:[1]中电科网络安全科技股份有限公司,北京100043
出 处:《信息安全与通信保密》2024年第2期60-69,共10页Information Security and Communications Privacy
摘 要:关键信息基础设施是关乎国家命脉的重要战略资源。通过介绍关键信息基础设施体系化安全防护的需求和问题,提出了采用商用密码进行安全防护既需满足定期评估“密码应用合规性”要求,又需实现动态监控“密码运行安全性”的观点;既要保证系统自身安全,又要提升关联业务系统的整体安全防护水平。在现有商用密码应用保障体系的基础上,构建了密码运行安全体系,提出建设商用密码态势感知平台以及密码应用成熟度评估体系的设想和建议。CII(Critical Information Infrastructure)is an important strategic resource related to the lifeblood of a country.By analyzing the needs and issues of systematic security protection of CII,it is proposed that using commercial cryptography for security protection should not only meet the requirements of regular evaluation of“cryptography application compliance”,but also realize dynamic monitoring of“cryptography operation security”.It is pointed out that important information systems in key areas should not only ensure their own security,but also improve the overall security protection level of associated business systems.On the basis of the existing commercial cryptography application assurance system,the cryptography operation security system is constructed,and some ideas and suggestions are put forward to build a commercial cryptography situational awareness platform and improve the cryptography application maturity evaluation system.
关 键 词:关键信息基础设施 商用密码 密码运行安全 态势感知 密码应用成熟度
分 类 号:TN918[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28