摘要
文章详细介绍了一个以办公自动化系统为原型,涵盖等级保护二级、三级区域的模拟环境和等级测评实践活动。模拟环境中设计有办公自动化应用场景和安全防护场景,其中安全防护措施按照2019年颁布的《网络安全等级保护基本要求》进行设计部署,安全策略可以根据实践活动的需要进行配置。通过对模拟环境进行等级测评实操活动,可以了解等级测评现场技术测评的主要工作过程和安全分析方法,比较安全防护措施的效果,验证安全防护策略配置的重要性,同时通过模拟环境可以进一步研究并优化相关安全设计方案,验证安全设备部署、安全策略配置的有效性。
This paper introduces in detail a simulation environment and a practical activity of classified protection evaluation in the area of security level 2 and level 3 with OA system as the prototype.In the simulation environment,there are office automation application scenarios and various security protection scenarios.The security protection measures adopted are designed and deployed according to the"Baseline for Classified Protection of Cybersecurity"issued in 2019.Security policies can be configured according to the needs of practical activities.Through simulation environment for classified evaluation practice activity,the main work process and security analysis method of the technical assessment of the classified evaluation site can be understood,the effect of security protection measures can be compared,and the importance of security protection policy configuration can be verified.At the same time,through the simulation environment,the related security design scheme can be further studied and optimized,and the effectiveness of security equipment deployment and security policy configuration can be verified.
作者
郑国刚
尹湘培
王魁
何坤鹏
ZHENG Guogang;YIN Xiangpei;WANG Kui;HE Kunpeng(MPS Information Security Classifi ed Protection Evaluation Center,Beijing 100142,China)
出处
《信息网络安全》
CSCD
北大核心
2020年第11期15-21,共7页
Netinfo Security
关键词
等级保护测评
信息系统模拟环境
安全测评技术
等级测评实践
classified protection evaluation
information system simulation environment
security evaluation technology
classified evaluation practice
