摘要
在对现有的信息系统安全体系构架和安全风险模型进行分析的基础上,结合能力成熟度模型,提出基于能力成熟度模型的信息系统安全风险模型。该模型针对信息系统生命周期的不同阶段,通过风险识别、分析、评估过程,在人员、技术、管理等方面运用多个关键过程域对风险进行控制,保障信息系统安全。并以郑州北车站管理信息系统为例,详细探讨该模型的运用方案,对其他管理信息系统有着积极的指导意义。
It was proposed based on CMM information system security risk model with carrying on the analysis to the existing information system security system skeleton and the security risk model in the foundation, the combining Capacity Maturity Model(CMM). It was in view of the information system life cycle different stage, identify, analyze and evaluate through a risk, in the personnel, the technology, aspects and so on management utilized many essential processes to carry on controlling the risk, safeguarded the information system security. It was taken Management Information System at Zhengzhou North Station as an example, had in detail discussed implementation plan of this model, had the positive guiding sense to other management Information System.
出处
《铁路计算机应用》
2008年第6期21-25,共5页
Railway Computer Application
