摘要
当前全球网络化进程发展迅速,网络应用的类别日益增多,复杂程度越来越高,网络与信息安全正在上升为大家普遍关注的核心焦点之一。网络欺诈、利用应用软件漏洞进行传播恶意代码以致计算机或信息系统不可用等事件时有发生。分析了信息安全风险评估与等级保护的关系,明确了风险评估可以作为信息安全等级保护的基础性工作;同时建议各行业在选择服务商时可采信中国信息安全认证中心的信息安全风险评估服务资质认证结果。
The misuse or non-use of computer and information net work often occurs due to the network deception, malicious-code propagation by application software loophole. This article analyzes the situation of and relationship between information security RA(risk assessment) and CSP(classified security protection), defines that the risk assessment is the fundamental work for classified security protection. ISCCC awards to the information security RA service provider the qualification certification matched with its capability and in line with national standards. ISCCC certification is trustworthy and helpful to the customers in their purchasing decision.
出处
《信息安全与通信保密》
2011年第4期80-81,84,共3页
Information Security and Communications Privacy
关键词
信息安全
风险评估
等级保护
information security
RA(risk assessment)
CSP(classified security protection)
