摘要
介绍了信息安全事件分类分级从国家标准预研到国家标准编制,直至国际标准提案和参与的整个研究过程,阐述了国际标准提案的内容。信息安全事件分类部分首先给出了分类要素,然后给出了基本类别和各基本类别下的详细类别及其解释。信息安全事件分级部分首先给出了分级要素,包括信息系统的重要程度、系统损失和社会影响,以及每个分级要素的等级划分;然后根据分级要素,定义了信息安全事件的四个级别。
This paper introduces the whole process of developing the categorization and classification of information security incidents from national standard to international standard proposal, and also the contents of the proposal. The first part of the proposal is information security incident categorization, which presents categorization factors, basic categories and detailed categories. The second part is information security incident classification, which presents classification factors (i.e information system importance, system loss and social impact) and their classifying, and then defines four classes of information security incidents according to these classification factors
出处
《信息技术与标准化》
2009年第3期23-26,共4页
Information Technology & Standardization
关键词
信息安全事件
国家标准
国际标准提案
information security incident, national standard, international standard proposal
