摘要
自动售检票(AFC)系统作为地铁运营体系的核心部分,其信息的安全性需要得到充分保证。深圳地铁为了提升AFC系统的安全性,建立了信息安全管理体系。结合该体系建立过程,对风险评估的流程和重点进行了探讨。风险评估是在对AFC系统的资产、威胁和脆弱性进行详细的识别和估值后,再计算风险值,得出了系统中一系列存在风险的业务范围和较全面的安全需求。
As a core in metro operation system, the information security in AFC system needs to be assured adequately. Shenzhen Metro builds up an information security management system to advance the security of AFC system, which has obtained the certification of ISO27001. This paper discusses the development of the risk assessment, which defines the scope of risks in the system and the safety requirements after a detailed identification and evaluation of the assets,threats and frailties of AFC system.