摘要
随着我国信息化的快速发展,信息安全变的越来越重要,信息安全等级保护、信息安全风险评估和安全检查作为我国信息安全保障的重要手段和制度越来越被政府和各行各业重视.笔者通过积累多年的信息安全测评经验,以及结合金融行业和国税总局等多个全国联网大系统的风险评估、等级保护测评和安全检查三项整合工作的经验总结,提出在信息系统信息安全三合一整合的综合信息安全测评中采用基于模糊综合评价方法论,进行信息安全的综合评价具有实际的可操作性和指导意义.
With the rapid development of Chinese information technology, information security becomes more and more important, the information level of security protection, risk assessment and security check as an important means of information security in China. Through the accumulation of years of information security evaluation experience, we combined with the risk assessment of the financial industry and the State Administration of Taxation of the national network system, grade protection evaluation and security check of three integrated work experience presented in the triple integration of information systems Information Security Information Security Evaluation, which operability and guidance based on fuzzy comprehensive evaluation methodology. Then we get fuzzy evaluation information security model.
出处
《计算机系统应用》
2012年第11期7-10,160,共5页
Computer Systems & Applications
关键词
信息安全
风险评估
安全等级保护
安全检查
模糊综合评价
information security
risk assessment
level of security protection
security check
fuzzy comprehensive evaluation