摘要
电子政务系统已成为城市建设、运行、管理、服务、保障、应急的重要基础,涉及国家安全、经济命脉、社会秩序和公共利益的网络与信息系统.系统的安全稳定运行已经成为确保城市信息化正常运转的重要基础,对于保障城市安全、社会稳定具有重要意义.电子政务系统多数定义为重要的信息系统,并且开展了信息安全定级备案、安全测评等工作,但是仍存在较多安全风险,包括重建设、轻运维、日常安全运行保障能力不足;信息安全保障水平参差不齐、信息安全短板明显;信息安全管理制度落实不足,存在较多管理漏洞;容灾备份体系建设不足,缺少应对重大安全事件的能力.依据发布的风险评估相关准则、规范和指南针对电子政务信息系统进行风险评估,从资产、威胁、脆弱性等多方面进行评估,了解政务信息系统当前的安全现状,为政务信息系统后续的安全整改建设奠定基础,保障政务信息系统安全、稳定和可靠的运行.
Egovernment system is the network and information system that has become an important foundation for urban construction, operation, management, service, guarantee and emergency response, and involved national security, economic lifeline, social order and public interest. The safe and stable operation of the system has become an important basis for ensuring the normal operation of the city's informatization, and it is of great significance for ensuring urban security and social stability. Most of the e government systems are defined as important information systems, and information security ratings, safety assessments, etc. have been carried out. However, they still have more security risks, such as, the emphasis on construction and neglect of operation and maintenance lead to insufficient daily security operations; the information security level is uneven, and the information security is obviously short; the inadequate implementation of information security management system causes more management vulnerabilities; the shortage of disaster recovery backup system construction causes the lack of ability to respond to major security incidents. The article based on published risk assessment related guidelines, specifications and guidelines conducts risk assessment on e government information systems from the aspects of assets, threats, vulnerability and other aspects, understands the current security status of the e government information systems, lays the foundation for the follow up the safety rectification construction of the e government information systems, ensures the E government systems can run safely, stably and reliably.
作者
刘璐
贺强
Liu Lu;He Qiang(Beijing Anxin Tianxing Technology Company,Beijing 100080;China Infornmtion Technology Security Evaluation Center,Beijing 100085)
出处
《信息安全研究》
2018年第10期898-903,共6页
Journal of Information Security Research
关键词
电子政务系统
风险评估
资产
威胁
脆弱性
E government system
risk assessment
assets
threats
vulnerability