信息安全研究 ›› 2020, Vol. 6 ›› Issue (3): 266-271.
• 技术应用 • 上一篇 下一篇
荣晓燕1,刘海峰1,刘国伟2,刘凯俊1
收稿日期:
出版日期:
发布日期:
通讯作者:
作者简介:
Received:
Online:
Published:
摘要: 云计算是一种广泛应用的计算模式,通过互联网实现广泛接入、易扩展、快速弹性、可度量等特征.随着云计算的迅猛发展及应用,大量信息系统运行在云上,海量数据存储或运行在云端,云计算安全凸显重要.为保障云上信息系统安全,防范云端数据的丢失、泄露及非法访问等安全事件发生,基于风控和合规2个角度,采用矩阵管理思路,借鉴PDCA的管理流程,提出云计算责任矩阵、资产矩阵、风险矩阵、合规矩阵、控制矩阵、检查矩阵这6个矩阵概念进行实践综合,对云计算网络安全进行管理控制.
关键词: 云计算, 基线, 合规, 风险控制, 网络安全
Abstract: Cloud computing is a widely used computing model, which is characterized by wide access, easy expansion, rapid elasticity and scalability through the Internet. With the rapid development and application of cloud computing, a large number of information systems run on the cloud, a large number of data storage or run on the cloud, cloud computing security highlights the importance. In order to ensure the security of information system on the cloud, prevent the loss and leakage of cloud data, illegal access and other security incidents, based on risk control and compliance, using matrix management ideas, following the PDCA management process, the paper put forward the cloud computing responsibility matrix, assert matrix, risk matrix, compliance matrix, control matrix, and check matrix to improve the comprehensive management of cloud computing cyber security control.
Key words: cloud computing, baseline, compliance, risk control, cyber security
荣晓燕 刘海峰 刘国伟 刘凯俊. 基于风控和合规的云计算网络安全矩阵控制研究[J]. 信息安全研究, 2020, 6(3): 266-271.
0 / / 推荐
导出引用管理器 EndNote|Ris|BibTeX
链接本文: http://www.sicris.cn/CN/
http://www.sicris.cn/CN/Y2020/V6/I3/266