信息安全研究 ›› 2018, Vol. 4 ›› Issue (10): 922-927.
• 风险评估专题 • 上一篇 下一篇
葛晓囡1,2,林玉堂1,2,黄振博1,2,王焱1,2
收稿日期:
出版日期:
发布日期:
通讯作者:
作者简介:
Received:
Online:
Published:
摘要: 介绍一种基于OCTAVE的信息安全风险评估方法,包含创建基于资产的威胁轮廓、确定基础设施漏洞、制订安全战略和环节计划3个阶段,阐明该方法的8个具体过程.通过与NIST方法对比,凸显该方法自主进行、可操作性强的优势.最后,结合电子政务外网系统特点,详细描述OCTAVE方法在电子政务外网系统的风险评估中的应用.创建基于资产的威胁轮廓,针对基础设施漏洞制定安全策略和环节计划.包括组建合理的安全管理机构、严格执行管理制度和背景调查规定及建立严格的系统防护措施.
关键词: 可操作性关键威胁评估和脆弱性评估, 信息安全, 风险评估, 政务外网, 等级保护
Abstract: This paper introduces an information security risk assessment method based on OCTAVE, which consists of three phases and eight specific processes. Firstly, it created an asset-based threat outline, secondly it identified infrastructure vulnerabilities, at last, it produces a security strategy and project plan. Compared with the NIST method, this method highlights the advantages of the method autonomously and operability. Finally, the application of OCTAVE method in the risk assessment of e-government extranet system is described in detail. It creats asset-based threat profiles and developed security policies and link plans for infrastructure vulnerabilities. This includes the establishment of a reasonable safety management organization, strict implementation of management systems and background investigation requirements, and establishment of strict system protection measures.
Key words: OCTAVE, information security, risk assessment, e-government extranet system, classified protection
葛晓囡 林玉堂 黄振博 王焱. OCTAVE风险评估方法在电子政务外网的应用[J]. 信息安全研究, 2018, 4(10): 922-927.
0 / / 推荐
导出引用管理器 EndNote|Ris|BibTeX
链接本文: http://www.sicris.cn/CN/
http://www.sicris.cn/CN/Y2018/V4/I10/922