摘要
国家网络安全审查制度必须正视"风险残余"的棘手问题,尽管各国为实现信息技术产品和服务安全均建立了相对完备的审查制度或过程,但网络安全的改善状况却并不乐观;指出造成国家网络安全审查效用低下的根本原因是安全风险的"泛在化",需要国家网络安全审查制度改变目前"节点控制"的审查方法,强调国家保有对风险的实时感知和应对能力;威胁态势感知可以作为理念引入到国家网络安全审查法律制度的塑造过程中,国家网络安全审查应确立"风险控制"的制度价值,采用"动态监测"的审查方式,明确"IT供应链"的审查范围。
The national cyber security review system must face the thorny issue of " risk residual",because the improvement of cyber security situation is not optimistic though most countries have alredy established review system or process in order to make the information technology products and services safe. The root cause of the low utility of cyber security review is that the risk is ubiquitous. On the basis of the above anaysis,this paper suggests that the national cyber security review system should change the current " node control" review method,and emphasizes that the state retain the ability to perceive and respond to the risks in real time. In this case,the threat situation awareness can be used as a concept in the process of model of national cyber security review legal system,which requires to establish the system value of " risk control",to use the dynamic monitoring review mode,and to make the " IT supply chain" review scope clear.
出处
《西安交通大学学报(社会科学版)》
CSSCI
北大核心
2016年第2期65-72,共8页
Journal of Xi'an Jiaotong University:Social Sciences
基金
国家社会科学基金重大项目(15ZDA047)
国家社会科学基金项目(15BFX050)
关键词
国家网络安全审查
威胁态势感知
风险控制
动态监测
IT供应链
national cyber security review
threat situational awareness
risk control
dynamic monitoring
IT supply chain
