摘要
近年来,在公安部等部门推动下,国家信息安全等级保护制度正逐步得到落实。作为重要信息系统之一的国家机关和重要省市门户网站以及基于Web应用的业务系统,等级保护的安全级别原则上定为三级或四级,这些系统在受到攻击后将极大地影响政府和公众用户,给政府的政务形象、信息网络和核心业务造成严重的破坏。文中结合信息安全等级保护的相关政策以及制度要求,以三级Web应用安全建设为例进行了探讨分析。
[Abstract] Promoted by many ministries such as Ministry of Public Security in recent years, the classified protection mechanism for national information security is gradually implemented. As important information systems, the portal websites of state departments, major provinces and cities, as well as Web application-based business systems, in principle, belong to the third or fourth security-protection class. Any attack against these systems would significantly affect government reputation, information network and core business. Combined with related policies and regulations on classified protection of information security, this paper, with the third-class Web application security building- up as an example, gives an in-depth analysis on the classified protection mechanism.
出处
《信息安全与通信保密》
2012年第10期30-34,58,共6页
Information Security and Communications Privacy
关键词
等级保护
政府网站
Web安全防护
classified protection
government portal website
Web application security protection