摘要
基于风险管理的思想明晰组织的网络安全态势和提升组织网络安全保护能力基本是业界共识。介绍了美国NIST网络安全框架2.0版本的核心结构、组织轮廓和层级等主要内容,并分析其与网络安全框架1.1版本的主要差异,为我国网络运营者加强风险管理提供参考。
It is a basic consensus in the industry to clarify the cyber security situation of organizations and improve their cyber security protection capabilities based on risk management.This paper introduces the main content of the NIST CyberSecurity Framework 2.0 version include kernel,profile and layers etc,and analyzes its main differences between version 1.1 and version 2.0,providing reference for Chinese network operators to strengthen risk management.
出处
《信息技术与标准化》
2024年第7期59-62,72,共5页
Information Technology & Standardization
关键词
网络安全框架
风险管理
组织轮廓
cybersecurity framework
risk management
organization profiles