节点文献
基于能力成熟度模型的信息系统安全保障评估
Information System Security Assurance Evaluation Based on Capability Maturity Model
【作者】 韩小华;
【导师】 林家骏;
【作者基本信息】 华东理工大学 , 计算机应用技术, 2012, 硕士
【摘要】 在高度信息化的今天,网络与信息安全问题越来越突出,信息系统安全保障的意义变得越来越重要。中国信息安全测评中心提出《信息系统安全保障评估框架》(GB/T20274),用以解决对信息系统安全保障的评估。由于其在可执行性上的问题,因此本文主要研究的是基于该标准的信息系统安全保障评估,解决其存在的可执行性问题,并在基础上设计和实现了信息系统安全保障能力成熟度评估的平台。首先,在《信息系统安全保障评估框架》标准的指导下,结合《信息技术安全性评估准则》及相关内容,提出信息系统安全技术架构类、管理保障的能力成熟类及工程保障的能力成熟度类。接着,在此基础上,设计出基于《信息系统安全保障评估框架》的安全用例:评估用例和测试用例,用来评估信息系统安全保障的能力成熟度。最后,针对信息系统安全保障能力成熟度评估,详细分析了保障评估的核心思想和基本原则,建立基于能力成熟度的信息系统安全保障的评估平台。本文所进行的研究旨在提高在信息系统安全保障评估过程中的可操作性,并建立评估平台,提高评估的规范性和效率。
【Abstract】 With the highly developing of information system, information security problems become more serious and information system security evaluation become more important than before. In order to solve information system security assurance evaluation, China Information Technology Security Evaluation Center provided an Information System Security Assurance Evaluation Framework. But these standards have some problem on enforceability, on this paper research evaluation method based on those standards, in order to solve the problems. At last, designs and implements the platform about information system security assurance evaluation based on capability maturity model.First, this paper under the guidance of Information System Security Assurance Evaluation Framework combined with Evaluation criteria for IT security and other related contents, provided information system safety architecture class, capability maturity class about management assurance and engineering assurance.Second, based on research, built the safety cases, about Information System Security Assurance Evaluation Framework, like assurance cases and testing cases, in order to evaluate capability maturity about information system security assurance.Finally, address information system security capability maturity assessment, this paper particularly analyzes the ideas and basic principles, building the platform about information system security assurance evaluation based on capability maturity.This paper aimed to improve the information system security assessment process operability, and the establishment of evaluation platform to improve the assessment of the normative and efficiency.
【Key words】 Information Security; Security Assurance; Capability Maturity; Safety Cases;
- 【网络出版投稿人】 华东理工大学 【网络出版年期】2012年 06期
- 【分类号】TP309
- 【下载频次】159