摘要
在信息系统的安全问题上,只能追求适度的安全风险。安全风险要适度,就必须正确选择系统的保护等级,而确定安全保护等级的基本方法是进行风险评估。文章首先介绍国内外信息系统安全等级保护的相关标准,着重论述了我国的GB17859-1999等级保护标准体系。在此基础上,提出了基于该标准体系进行信息系统等级保护风险评估的模型及方法。
People can only pursue temperate security risks for information system's security.The only way to realize this purpose is choosing correct protection class for the system,and risk assessment is the basic way to determine security protection class.This article first expatiates on overseas and this country's standards that are related to information system classified security protection,especially discourses upon this country's GB17859-1999 classified protection standard system.Based upon the standards of above,this paper presents the module and method of processing classified protection risk assessment of information system based on GB17859-1999 system.
出处
《计算机工程与应用》
CSCD
北大核心
2005年第12期134-137,共4页
Computer Engineering and Applications
基金
国家863高技术研究发展计划重点基础研究项目(编号:2002AA142151)
北京市科技计划项目(编号:H020120090530)
