摘要
汽车产业链上的各级厂商通常需要与世界各地的客户或下级供应商频繁交换与产品设计、技术研究项目或商业计划有关的商业敏感和机密信息,因而沿产业链传递的信息安全对于各级厂商非常重要。本文通过考察现有的汽车产品开发模式和方法,分析了汽车产业链内生产厂商信息安全的特征和保障内容,总结了在汽车产业链上保障信息安全的特殊需求。依据可信信息安全评估交换(TISAX)机制及其所依赖的信息安全评估准则(ISA),本文描述了一种加强汽车产业链全链条信息安全的实现途径,说明了如何利用TISAX模式为汽车产业链上的各级厂商提供一种通用的信息安全要求的传递机制。
All of manufactures in the automotive industry chain interact with clients and subcontractors worldwide,often needing to exchange commercially sensitive and confidential information related to product designs,technology research projects or business plans.Therefore,information security is of great importance for manufactures at all levels of the automotive industry chain.This article analyzes the characteristics and protection content of information security for manufacturers in the automotive industry chain.By investigating existing models and methods of automotive product development,it summarizes the special needs for ensuring information security within the automotive industry chain.Based on the Trusted Information Security Assessment Exchange(TISAX)mechanism and the Information Security Assessment(ISA)criteria it relies on,this article describes an implementation approach to strengthen the full chain information security of the automotive industry,and explains how to provide a universal transfer mechanism of information security through TISAX model for all levels of manufacturers in the automotive industry chain.
作者
刘海
韦斌生
Liu Hai;Wei Binsheng(DEKRA Testing and Certification(Shanghai)Ltd.,Shanghai,200436;Hangzhou DEKRA Certification Co.,Ltd.,Hangzhou Zhejiang,310052)
出处
《工业信息安全》
2024年第2期71-80,共10页
Industry Information Security
关键词
可信信息安全
评估交换
汽车产业链
管理体系
Trusted Information Security
Assessment Exchange
Automobile Industry Chain
Management System
