金融行业网络安全运营能力成熟度模型框架设计与实践  被引量:2

Framework Design and Practice for Cyber Security Operation Capability Maturity Model in Financial Industry

在线阅读下载全文

作  者:廖渊 赵鹏 张超凡 LIAO Yuan;ZHAO Peng;ZHANG Chaofan(Postal Savings Bank of China,Beijing 100068,China)

机构地区:[1]中国邮政储蓄银行,北京100068

出  处:《信息安全与通信保密》2024年第2期70-79,共10页Information Security and Communications Privacy

摘  要:当前,网络安全形势复杂多变,全面了解和评价自身网络安全能力对做好网络安全保障工作至关重要。根据国家有关法律法规、标准规范和监管要求,借鉴通用能力成熟度模型方法论并结合行业实践,提出一种金融行业网络安全运营能力成熟度评估模型,通过划分能力等级、明确评估要点,构建一套体系化、可度量的网络安全运营能力成熟度评价指标体系。通过指标评价,能够促进金融机构全面了解自身网络安全能力现状,发现短板和弱项,及时采取风险防范措施,进一步健全和规范安全运营体系,提高安全运营和资源投入效能,提升网络安全能力水平,助力金融数字化转型和高质量发展,也为其他行业提供有益借鉴。At present,the cyber security situation is complex and changeable,and it is crucial for financial institutions to fully understand and evaluate their own cyber security capabilities to ensure cyber security.According to relevant national laws and regulations,standards and specifications,as well as regulatory requirements,and drawing on the methodology of general capability maturity model and combining with industry practice,a cyber security operation capability maturity evaluation model for the financial industry is put forward,which constructs a set of systematic and measurable cyber security operation capability maturity evaluation index system by dividing the capability level and clarifying the key points to be evaluated.By evaluating indicators,the model can promote financial institutions to fully understand the current situation of their own cyber security capabilities,find out weak links,take timely risk prevention measures,further improve and standardize the security operation system,improve the efficiency of security operation and resource investment,enhance the level of cyber security capabilities,help financial digital transformation and high-quality development,and also provide useful reference for other industries.

关 键 词:安全运营 能力成熟度 过程域 评价 

分 类 号:TN915.08[电子电信—通信与信息系统]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象