摘要
为定量评价党政机关、金融、交通、通信、能源等关键信息基础设施单位的网络安全能力水平,在《网络安全法》《关键信息基础设施安全保护条例》等法律法规和国家标准框架下,从技术应用与制度建设执行两个层面,构建了涵盖网络安全“技术体系、基础保障、主动防御与应急、运营规范、培训教育、技术创新”6个方面的综合评价指标体系。该指标体系有助于关键信息基础设施单位网络安全能力自查与优化提升,提供科学量化的评估与分析工具。
In order to quantitatively evaluate the cyber security capability level of critical information infrastructure units such as party and government organs,finance,transportation,communication,and energy industries,within the framework of Cybersecurity Law,Regulations on Security Protection of Critical Information Infrastructure and other laws and regulations and national standards,this paper builds a comprehensive evaluation index system covering six aspects of cyber security,including technical system,basic guarantee,active defense and emergency response,operation specification,training and education,and technological innovation based on the technical applications and policies construction and implementation.The index system can provide scientific and quantitative evaluation and analysis tools for the self-examination,evaluation,optimization and improvement of the cyber security capabilities of critical information infrastructure units.
作者
李云峰
张红历
夏怡凡
李宛蓉
唐嘉
王凯伦
LI Yunfeng;ZHANG Hongli;XIA Yifan;LI Wanrong;TANG Jia;WANG Kailun(Sichuan Shuan Wangxin Technology Co.,Ltd.,Yibin Sichuan 644005,China;School of Management Science and Engineering,Southwestern University of Finance and Economics,Chengdu Sichuan 611130,China;School of Statistics,Southwestern University of Finance and Economics,Chengdu Sichuan 611130,China)
出处
《信息安全与通信保密》
2023年第5期68-80,共13页
Information Security and Communications Privacy
关键词
关键信息基础设施单位
网络安全能力
综合评价
指标体系
critical information infrastructure unit
cyber security capability
comprehensive evaluation
index system
