摘要
借鉴国内外信息系统网络安全风险评估方面的经验和教训,结合铁路行业网络安全和信息化治理体系要求,从安全管理保障、安全技术保障和安全运维保障3个层面,建立铁路信息系统网络安全风险评估体系,开展定性与定量相结合的检查评估方法研究。该研究可为从事铁路网络安全管理人员、维护人员开展网络安全风险评估、安全自查工作提供理论依据和技术参考,对铁路信息系统网络安全管理工作具有重要意义。
Based on the experience and lessons of network security risk assessment of information system at home and abroad,combined with the requirements of network security and informatization governance system of railway industry,this paper established the network security risk assessment system of railway information system from three aspects of safety management guarantee,safety technology guarantee and safety operation and maintenance guarantee,and carried out the research on inspection and assessment method combining qualitative and quantitative methods.The research can provide theoretical basis and technical reference for railway network security management personnel and maintenance personnel to carry out network security risk assessment and security self-examination,which is of great significance to railway information system network security management work.
作者
魏长水
姚洪磊
WEI Changshui;YAO Honglei(Department of Science,Technology and Information Technology,China Railway,Beijing 100844,China;Institute of Computing Technologies,China Academy of Railways Sciences Corporation Limited,Beijing 100081,China)
出处
《铁路计算机应用》
2020年第8期33-37,共5页
Railway Computer Application
基金
中国国家铁路集团有限公司科技研究开发计划课题(J2019S001)。
关键词
铁路信息系统
网络安全
风险评估
指标体系
railway information systems
network security
risk assessment
index system
