摘要
信息安全保障与信息系统本身一样是一个复杂的系统。为了能够很好反映信息安全保障系统的功效,需要用可量化的参数作为衡量指标。从中国信息安全保障的国家战略、管理策略、工程规范和技术措施方面出发,提出了以"安全基线政策"(Security Baseline Policy)为核心的信息安全评价指标体系(Indicator);研究了具有双重反馈的评价思想和流程。利用信息安全保障评价指标体系有助于建立信息系统安全保障的长效机制,增强信息系统的安全性。
Both information system and information assurance are complex systems. To demonstrate the efficiency of information assurance better,it needs the quantitative parameters which are used as the indicators for the purpose of security evaluation. This paper presented the indicators for information assurance based on the core of security baseline policy,which is extracted from the juristic documents of national stratagem, management policy, engineering criterion, and technique measurements. The evaluate methods and procedures with double feedbacks were given in this paper. The indicators will help to improve the efficient and persistent of information assurance, and make the information system more secure.
出处
《计算机科学》
CSCD
北大核心
2010年第7期7-10,82,共5页
Computer Science
基金
国家973项目(No.2007CB311203)
国家863计划(No.2009AA012439)
国家自然科学基金委员会与中国民用航空总局联合资助项目(No.60776808)
天津市应用基础及前沿技术研究计划项目(No.09JCYBJC00400)资助