Study on Evaluation Indicator System of Critical Information  Infrastructure Protection Level

Journal of Information Security Research ›› 2019, Vol. 5 ›› Issue (6): 507-513.

Previous Articles Next Articles

Study on Evaluation Indicator System of Critical Information Infrastructure Protection Level

Received:2019-06-03 Online:2019-06-15 Published:2019-06-03

关键信息基础设施保护水平评价指标体系研究

包莉娜,刘蓓,闫桂勋,文博,袁志千

国家信息中心信息与网络安全部

通讯作者: 包莉娜
作者简介: 包莉娜，女，1987年生，博士，工程师，主要研究领域为电子政务、网络信息安全。Tel：13102057561 Email：baolina@sic.gov.cn 刘蓓：女，1975年生，博士，高级工程师，主要研究领域为电子政务、网络信息安全 E-mail：liubei@sic.gov.cn 闫桂勋：男，1991年生,硕士,工程师,主要研究领域为电子政务、网络信息安全 E-mail: yangx@cegn.gov.cn 文博，男，1991年生，本科，工程师，主要研究领域为网络信息安全， E-mail: wenbo@sic.gov.cn

Abstract

Abstract: The safe and stable operation of critical information infrastructure (CII) is crucial to the national security, economic prosperity and peoples wellbeing. In order to effectively measure the protection level of Chinas CII and provide objective measurement standards or work guidelines for the protection departments and operators of CII, it is necessary to design a set of evaluation indicator system for the level of critical information infrastructure protection (CIIP). In accordance with relevant policies, laws and regulations in China, we summarize 12 major requirements of CII, and propose a fourlevel evaluation indicator system for CIIP based on the effectiveness of safety measures and the ability to control risks. Pilot results in the key fields show that this evaluation indicator system is operable and applicable, which can reflect the current situation of CIIP in China and provide references for the CIIP.

Key words: cyber security, critical information infrastructure (CII), critical information infrastructure protection (CIIP), protection requirement, evaluation indicator

摘要： 关键信息基础设施的安全稳定运行关系着国家安全、经济繁荣以及人民福祉，其重要性不言而喻.为了有效衡量我国关键信息基础设施的保护水平，为关键信息基础设施保护工作部门和运营者提供客观衡量标准，有必要设计一套适合我国的关键信息基础设施保护水平评价指标体系.依据我国相关政策和法律法规，总结了关键信息基础设施保护的12类重点要求，并从衡量安全保护措施的有效性和控制风险的能力出发，提出了关键信息基础设施保护水平的四级评价指标体系.在重要行业领域进行的试点结果表明，该指标体系和评价方法具有可操作性和适用性，能够反映我国关键信息基础设施保护的现实状况，并为关键信息基础设施保护工作提供参考.

关键词: 网络安全, 关键信息基础设施, 关键信息基础设施保护, 保护要求, 评价指标

包莉娜刘蓓闫桂勋文博袁志千. 关键信息基础设施保护水平评价指标体系研究[J]. 信息安全研究, 2019, 5(6): 507-513.

References

[1] 陆宝华. 建立科学的网络安全人才评价体系[J]. 北京：信息安全研究，2018,4（12）：1068-1070 [2] 马民虎．网络安全法适用指南[M].北京：中国民主法制出版社，2018 [3] 王闪闪．ISO27000与等级保护系列标准对比研究[D]．西安：陕西师范大学，2010 [4] 谢棕晓，王静漪. ISO/IEC 270001 与ISO/IEC 27002标准的演变[J].中国标准导报，2015.07:48-52 [5] 全国信息安全标准化技术委员会．信息技术安全技术信息安全管理体系要求[S]. 北京：中国标准出版社，2006 [6] 全国信息安全标准化技术委员会．信息技术安全技术信息安全控制实用规则[S]. 北京：中国标准出版社，2006 [7] U.S. Department of Commerce．Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organizations[S]. America: NIST, April 2013 [8] U.S. Department of Commerce．Special Publication 800-53A SP 800-53A Guidelines for Assessment of Security Control in Federal Information Systems[S]. America: NIST, 2010 [9] Jason D. Christopher. Cybersecurity Capability Maturity Model(C2M2) Version 1.1[R]. America: DOE and DHS, February 2014 [10] Jason D. Christopher. Cybersecurity Capability Maturity Model (C2M2) Facilitator GuideVersion 1.1a[R]. America: DOE and DHS, February 2017 [11] 全国信息安全标准化技术委员会．信息安全技术关键信息基础设施网络安全保护基本要求（标准征求意见稿）[S]．北京: 中国标准出版社，2018. https://www.tc260.org.cn/front/bzzqyjDetail.html?id=20180613180740102919&norm_id=20180523160438&recode_id=29222 [12] 全国信息安全标准化技术委员会．信息安全技术网络安全等级保护基本要求（标准征求意见稿）[S]．北京: 中国标准出版社，2017. https://www.tc260.org.cn/front/bzzqyjList.html?postType=&start=110&length=10 [13] 全国信息安全标准化技术委员会．信息安全技术关键信息基础设施安全控制措施（标准征求意见稿）[S]．北京: 中国标准出版社，2018. https://www.tc260.org.cn/front/bzzqyjDetail.html?id=20180613180739993240&norm_id=20180523160435&recode_id=29216

[1]	. A Study on the Academic Influence of the Cyber Security Research in Mainland China [J]. Journal of Information Security Research, 2020, 6(9): 0-0.
[2]	. Research on the Requirements and Standard System of 5G Cyber Security [J]. Journal of Information Security Research, 2020, 6(8): 673-679.
[3]	. Survey of Security Situation Prediction Technology Based on Artificial Intelligence [J]. Journal of Information Security Research, 2020, 6(6): 0-0.
[4]	. Research on dynamic network asset monitoring based on traffic perception [J]. Journal of Information Security Research, 2020, 6(6): 0-0.
[5]	. Application of Situation Awareness in E-government Information Security [J]. Journal of Information Security Research, 2020, 6(6): 0-0.
[6]	. Research on Cloud Computing Cyber Security Matrix Control Based on Risk Control and Compliance [J]. Journal of Information Security Research, 2020, 6(3): 266-271.
[7]	. Research of Cyber Situation Awareness System in the Implementation of Classified Protection 2.0 [J]. Journal of Information Security Research, 2019, 5(9): 828-833.
[8]	. Research on Cybersecurity Certification System of Critical Information Infrastructure [J]. Journal of Information Security Research, 2019, 5(9): 847-850.
[9]	. Safety Status and Solution of Coal Mine Industrial Control System [J]. Journal of Information Security Research, 2019, 5(8): 656-662.
[10]	. Research on Security Situation Awareness Platform of Industrial Control Network for Railway Heavy-Haul Truck Overhaul [J]. Journal of Information Security Research, 2019, 5(8): 673-678.
[11]	. Beijing Gas Group Industrial Internet Security Operation Platform Construction and Practice [J]. Journal of Information Security Research, 2019, 5(8): 734-739.
[12]	. Enlightenment from the Serious Cybersecurity Risks of “Trident” Nuclear Submarine [J]. Journal of Information Security Research, 2019, 5(7): 586-591.
[13]	. Construction and Practice of Emergency Plans for Cyber Security Events in E-Government Institutes [J]. Journal of Information Security Research, 2019, 5(5): 377-382.
[14]	. Research on Cyber-Attack Defense System Based on Big Data and Threat Intelligence [J]. Journal of Information Security Research, 2019, 5(5): 383-387.
[15]	. Research on Webshell Detection Method Based on Logistic Regression Algorithm [J]. Journal of Information Security Research, 2019, 5(4): 298-302.

Study on Evaluation Indicator System of Critical Information Infrastructure Protection Level

关键信息基础设施保护水平评价指标体系研究

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics