摘要
研究铁路业务系统网络安全测评问题.在整理现行国家网络安全标准和铁路规章制度对网络安全测评要求的基础上,分析铁路现阶段开展的网络安全测评工作与国家标准要求之间的差距,提出基于等级保护、风险评估、安全测评三位一体的网络安全测评概念,基于三位一体的概念形成铁路系统全生命周期的网络安全测评模型和测评体系,为开展网络安全检测工作提供参考.
To study the cybersecurity testing and evaluation of railway business system.On the basis of sorting out the current national cybersecurity standards and railway regulations for cybersecurity testing and evaluation.Analyze the gap between the current cybersecurity testing and evaluation work carried out by the railway and the requirements of national standards.Put forward the concept of safety assessment based on the trinity of classified protection,risk assessment and security testing and evaluation.Based on the concept of the trinity form the cybersecurity testing and evaluation model and system in the whole life cycle of the railway system,which provides reference for the cybersecurity detection.
作者
张彦
司群
冯凤娟
Zhang Yan;Si Qun;Feng Fengjuan((Institute of Computing Technologies,China Academy of Railway Sciences Corporation Limited,Beijing 100081;School of Software,Beijing Jiaotong University,Beijing 100044)
出处
《信息安全研究》
2020年第8期738-743,共6页
Journal of Information Security Research
基金
中国铁路总公司科技研究开发计划课题(K2018S002)。
关键词
网络安全
安全测评
测评体系
铁路
三位一体
cybersecurity
security testing and evaluation
testing and evaluation system
railway
trinity
