摘要
案例将《信息安全技术网络安全等级保护基本要求》和《信息安全技术信息系统安全运维管理指南》两项国家标准与信息系统的全生命周期管理相结合,并开发了新的标准应用模式:对相关标准开展条理化解析;建立与标准条款对应的管理基线;将管理基线逐条纳入全生命周期管理矩阵。这一模式不仅为轨道交通行业提供了安全管理的参考框架,更具有广泛的适用性。通过借鉴和应用上述防护措施与安全管理体系,其他行业/组织可以快速提升自身的网络安全防护水平,为信息系统的安全稳定运行提供有力保障。
This case combines the two national standards of"Information security technology-Basic requirements for network security level protection"and"Information security technology-Guidelines for information system security operation and maintenance management"with the full lifecycle management of information systems,and develops a new standard application mode:conducting organized analysis of relevant standards.Establish a management baseline corresponding to standard clauses.Incorporate management baselines into the full lifecycle management matrix one by one.This model not only provides a reference framework for safety management for the rail transit industry,but also has wide applicability.By drawing on and applying the above protective measures and security management system,other industries/organizations can quickly improve their network security protection level,and provide strong guarantees for the safe and stable operation of information systems.
出处
《信息技术与标准化》
2024年第S01期83-86,共4页
Information Technology & Standardization
关键词
网络安全等级保护
轨道交通
安全运维管理
条理化解析
管理基线
管理矩阵
network security level protection
rail transit
security operation and maintenance management
organized analysis
management baseline
management matrix
