摘要
本文在辨析信息安全策略概念基础上,提出了信息安全战略和特定信息安全策略相结合、特定信息安全策略以资产安全保护策略和共性安全防护措施使用策略为经纬的安全策略架构,并针对安全策略生命周期中的关键活动给出了指导方法。
On the base of analyzing the definition of information security policies and its relationship with other definitions, the paper provides a framework which consists of information security strategy and information security policies, and the latter combine policies protecting assets with policies providing common controls, and gives guidelines on the key activities in the lifetime of information security policies.
出处
《信息网络安全》
2011年第3期49-52,共4页
Netinfo Security
关键词
信息安全
安全策略
information security
security policies