摘要
为有效识别航天业务网信息系统安全需求,指导信息系统安全建设,提出一种面向能力的安全需求分析方法。该方法以信息系统承担职能为起点分析获取能力目标集,给出安全需求推理机模型识别安全资源需求,使用重叠度指标确定安全资源优先级,生成信息系统安全需求列表。在航天业务网某区域中心进行实际应用与有效性评估,结果表明,相较于传统基于威胁的安全需求分析方法,该方法能够有效提高安全资源需求的科学性,实现信息系统安全投资高效费比。
To identify the security requirements of aerospace services network information systems effectively,and guide the information system security construction,a capability-oriented security requirement analysis method is presented.Focused on the function of the information system,the target set of system capability was obtained.The reasoning machine model was given to identify the security resources requirements,the priority of security resources was confirmed by the overlap ratio,and the security requirement list of the information system was generated.The practical application and validity evaluation in a regional center of the aerospace services network show that compared with traditional threat-based security requirement analysis method,this method can improve the scientificity of security resource requirements,and realize a high return on investment(ROI)of information system security investment.
作者
郭志亮
杨勃航
杨宝军
董文文
黄博华
GUO Zhi-liang;YANG Bo-hang;YANG Bao-jun;DONG Wen-wen;HUANG Bo-hua(Unit 61780 of the PLA,Sanya 572000,China)
出处
《测控技术》
2021年第3期74-78,140,共6页
Measurement & Control Technology
关键词
信息系统
安全需求
面向能力
航天业务网
information system
security requirement
capability-oriented
aerospace services network
