信息安全研究 ›› 2018, Vol. 4 ›› Issue (10): 889-897.
• 风险评估专题 • 上一篇 下一篇
孙明亮,位华,王琰
收稿日期:
出版日期:
发布日期:
通讯作者:
作者简介:
Received:
Online:
Published:
摘要: 信息安全风险评估服务是我国信息安全保障工作的重要环节之一,信息安全风险评估技术手段一直为行业内所推崇。目前,因多方面因素影响,信息安全风险评估服务能力的水平在地区、行业间等呈现参差不齐的现象。结合SSE-CMM理论及信息安全风险评估服务的最优实践,提出风险评估服务能力成熟度模型概念,即RAS-CMM。RAS-CMM围绕资源配置、技术过程、项目管理等能力因素对风险评估服务能力等级提出理论评价框架。
关键词: 信息安全, 风险评估, 服务, 过程域, 基本实施, 公共特征, 通用实施, 能力成熟度模型
Abstract: Information security risk assessment service is one of the important links of information security assurance in China. The technology of information security risk assessment has been praised highly by the industry. At present, due to the influence of various factors, the level of information security risk assessment service capacity varies among regions and industries. Based on the SSE-CMM theory and the optimal practices of information security risk assessment services, this paper proposes the concept of risk assessment service capability maturity model, namely RAS-CMM. RAS-CMM proposes a theoretical evaluation framework for risk assessment service capability level based on resource allocation, technical process and project management.
Key words: information security, risk assessment, service, process areas, base practices, common function, generic practices, capability maturity
孙明亮 位华 王琰. 风险评估服务能力成熟度模型研究[J]. 信息安全研究, 2018, 4(10): 889-897.
0 / / 推荐
导出引用管理器 EndNote|Ris|BibTeX
链接本文: http://www.sicris.cn/CN/
http://www.sicris.cn/CN/Y2018/V4/I10/889