构建云计算环境的安全检查与评估指标体系

Building Security Check and Risk Assessment Index System on Cloud Computing Environment

在云计算日益发展并广泛应用的浪潮下,云计算环境的安全问题也引起了业界的重视。文章首先对云计算环境安全现状进行分析,通过对云计算安全保护结构的深入研究,建立云计算环境安全保护基本要求框架;然后给出框架中具体指标项的构建方法,即从风险分析角度出发,通过实际环境安全需求调研、云安全事件以及国内外相关研究成果分析,对云计算框架中的保护对象在面临存在的风险时,应该采取何种有效措施提出要求,进而得出相应测评指标项;最后给出指标打分模型来测量和评价云计算环境的安全风险及安全保护措施的有效性。文章研究成果可为国家制定云计算安全相关标准以及有关机构履行云计算环境的检查评估职责提供参考。

With the increasing development and wide application of cloud computing, the issue of security in cloud computing environment has attracted more attentions in technology information. Initially, this article involves in analyzing the status of security in cloud computing environment. It establishes the framework for cloud computing environment security under basic requirements through the deep research of this subject. In addition, it clearly identiifes the speciifcations and methods required by this framework. It focuses on considering the risk analysis, the actual environmental safety requirements investigation, cloud security event analysis and related research achievements. From above, it takes effective measures when the protection objects faces risks in cloud computing framework and then draws the corresponding manipulated variables. Finally, according to marking model, it can measure and evaluate the security risks in cloud computing environment and the efifciency of security measures. This article could provide the relative reference for the relevant departments to develop cloud computing security standards and fulifll the evaluation of inspection and duty.