摘要
根据《信息安全技术信息系统安全等级保护基本要求》,三级信息系统必须具备相应等级的基本安全保护能力。在各级电力公司,信息系统等级保护工作正如火如荼展开,国家电网公司信息网络安全实验室采用风险评估的方法对多家网省电力公司的三级业务系统进行了等级保护测评。结合电网企业信息安全的实际,从技术和管理角度对信息安全等级保护部分细节进行了探讨,总结了等级保护测评中遇到的常见问题,提出了解决这些问题的改进建议。
According to "Information security technology-Baseline for classified protection of information system", Level 3 information system must have basic security protection functions of that level. In many electric power companies, a large amount of work has been done to protect the information systems according to their levels. Information Network Security Lab of State Grid evaluates the information security protection capabilities of Level 3 information systems of several provincial electric power companies using risk assessment method. Considering the real situation of information security in electric power enterprises, this paper discusses several details of information security protection from the view of management and technology, summarizes frequently occurred questions in practice and proposes corresponding improvement suggestions.
出处
《电力信息化》
2011年第3期65-68,共4页
Electric Power Information Technology
关键词
安全防护
等级保护
三级信息系统
security protection
classified protection
Level 3 information system
