|
|
|
| Information Security Risk Assessment Method Based on Classified Protection |
| ZHOU Yuan-de, DONG Feng-xiang, HU Bo |
| The Second Survey & Design Institute of China Railway, Chengdu, Sichuan 610031, China |
|
|
|
Abstract Research purposes: According to the development situation of information security risk assessment in china and the information security risk assessment project, this paper researches on the security evaluation implementation process and the appraisal method and solves in the information security appraisal implementation essential technical question.
Research methods: Unifies overseas information security rank protection criterion and the domestic information security rank protection standard system, this paper uses qualitative analysis of the research technique which unifies with quantitative analysis.
Research results: Through credible securities product rank appraisal criterion research to the domestic and foreign, it has formed the multistage information system safekeeping of security system from the whole. In view of the information security risk assessment project implementation process, this paper proposed a kind of information security appraisal method based on the rank protection thought.
Research conclusions: Complete, correct understanding each safekeeping of security rank safe request and reasonably sets a target the system safekeeping of security rank, is reasonably utilizes the security rank protection the important premise which comments to the information security risk. The information security risk assessment based on the rank protection thought is one effective information security risk assessment method. It is advantageous to the implementation of the information system security construction.
|
|
Received: 10 July 2006
|
|
|
|
|
|
| [1] |
GB17859-1999,计算机信息系统安全保护等级划分准则[S].
|
| [3] |
孙强,等.信息安全管理全球最佳实务与实施指南[M].北京:清华大学出版社,2004.
|
| [2] |
张建军,等.信息安全风险评估探索与实践[M].北京:中国标准出版社,2005.
|
|
|
|
2006, Vol. 23 
