国内外信息安全评价政策研究

Studies on Information Security Evaluation Policies in and outside China

随着全球信息通信技术的发展和深入应用,重要行业、政府和企业对信息的依赖性日益增强。在这些机构的工作效率和效益不断提高的同时,信息安全问题逐步成为其可持续发展的一个重要挑战。科学评价各级组织的信息安全状况已成为很多国家普遍关注的重要研究课题。通过评价,不仅可以了解各个信息系统的安全态势,对组织信息安全体系的规划和构建同样具有重要的意义。该文比较分析了美国等发达国家和地区的信息安全评价政策和主要的评价标准,并讨论了我国信息安全评价的政策框架。

Pappidly advancing information-based technologies and increasingly competitive global environment have driven information into the center stage in society, government now. Therefore, information security has become a major challenge to most organizations for preserving sustainable development. In the global view, how to evaluate the security of an information system is an important topic not only for understanding the security situation, but also for information security plan, programming and construction. Information security policies and standards overseas are reviewed in this paper, and the information security evaluation policy framework of china has been talked about.