期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于信息安全管理体系的技术脆弱性管理探讨 被引量:1

Discussion on technical vulnerability management based on information security management system
下载PDF
导出
摘要 脆弱性是可能被一个或多个威胁利用的资产或控制的弱点。脆弱性识别是组织实施风险评估活动中最重要的一个环节,可从管理和技术两个方面进行识别。探讨了技术方面脆弱性的管理和软件安装限制两方面的最佳实践。提供一个关于技术方面脆弱性的实际审核案例,描述了主要的审核发现、沟通过程、受审核组织主要的改进方法等。 Vulnerability is a weakness of an asset or control that can be exploited by one or more threats.Vulnerability identification is the most important activity of the organization′s risk assessment,and it can be identified from both manager and technical aspects.This paper explores the best practices for management of technical vulnerabilities and restrictions on software installation,provides a practical audit case of technical vulnerability,describes the main audit findings and communication process and the main improvement methods of the audited organization,etc.
作者 魏为民 张运琴 翟亚红 Wei Weimin;Zhang Yunqin;Zhai Yahong(School of Computer Science and Technology,Shanghai University of Electric Power,Shanghai 200090,China;China Cybersecurity Review Technology and Certification Center,Beijing 100020,China)
机构地区 上海电力大学计算机科学与技术学院 中国网络安全审查技术与认证中心
出处 《信息技术与网络安全》 2020年第12期19-24,共6页 Information Technology and Network Security
关键词 信息安全管理体系 脆弱性 威胁 脆弱性管理 风险评估 information security management system vulnerability threat vulnerability management risk assessment
分类号 TP399 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献2

二级参考文献36

  • 1Bishop M. , Bailey D.. A critical analysis of vulnerability taxonomies. Department of Computer Science, University of California at Davis: Technical Report CSE-96-11, 1996
  • 2Longley D. , Shain M. , Caelli W.. Information Security: Dictionary of Concepts, Standards and Terms. New York: Macmillan, 1992
  • 3Beizer B.. Software Testing Techniques. 2nd edition. International Thomson Computer Press, 1990
  • 4Farmer D. , Spafford E. H.. The COPS security checker system. Purdue University, West Lafayette: Technical Report,Coast TR 94-01, CSD-TR-993, 1990
  • 5Baldwin R. W.. Kuang: Rule-based security checking. Programming Systems Research Group, Lab for Computer Science, MIT, Massachusetts: Technical Report, 1994
  • 6Zerkle D. , Levitt K. , NetKuang: A multi-host configuration vulnerability checker. In: Proceedings of the 6th USENIX Security Symposium, San Jose, CA, 1996
  • 7Porras P. A. , Kemmerer R. A.. Penetration state transition analysis: A rule-based intrusion detection approach. In: Proceedings of the Eighth Annual Computer Security Applications Conference, 1992, 220~229
  • 8Ilgun K.. USTAT: A real-time intrusion detection system for UNIX. In: Proceedings of IEEE Symposium on Research in Security and Privacy, Oakland, CA, 1993, 16
  • 9Jensen K.. Colored petri nets: Basic concepts, analysis methods and practical use. vol. 1. 2nd edition. Berlin, Germany:Springer-Verlag, 1997
  • 10Kumar S.. Classification and detection of computer Intrusions [Ph. D. dissertation]. Department of Computer Science, Purdue University,West Lafayette, 1995

共引文献84

同被引文献3

引证文献1

信息技术与网络安全
2020年 第12期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部