摘要
为了实现基于《信息系统安全保障评估框架》(SCC)的安全保障评估,该文研究了CAE证据推理模型,通过对SCC结构的梳理,建立SCC与证据推理模型和《信息系统信息安全等级保护基本要求》的映射关系,提出以CAE证据推理模型为统一描述框架、以SCC为评估规约的安全保障评估流程,以实现基于SCC标准的保障评估。
A CAE Evidence Reasoning Model is given analyze security assurance evaluations based on the "Evaluation Framework for Information Systems Security Assurance".The model structure for this framework is given with a mapping between the framework and the "Baseline for Classified Protection of Information System Security".Finally,this paper introduces an evaluation method using the CAE Model as a unified framework with the evaluation framework as the evaluation standard.
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2011年第10期1240-1245,共6页
Journal of Tsinghua University(Science and Technology)
关键词
信息系统安全
安全保障评估
证据推理模型
information systems security
security assurance evaluation
evidence reasoning model