| 面向铁路信息网络的资产安全属性量化评估方法 |
| |
| 引用本文: | 田海波,王一芃,李向阳.面向铁路信息网络的资产安全属性量化评估方法[J].铁路计算机应用,2021,30(11):54-59. |
| |
| 作者姓名: | 田海波 王一芃 李向阳 |
| |
| 作者单位: | 中国铁路信息科技集团有限公司 网信安全处,北京 100038 |
| |
| 基金项目: | 中国铁路信息科技集团有限公司科技研究开发计划重点课题(KGZG-CKY-2021004) |
| |
| 摘 要: | 目前,我国既有信息安全管理体系虽明确提出了资产评估要求,但缺乏具体的评估方法。而大多数已提出的评估方法与实际业务场景安全要求脱节,导致针对具体业务场景的资产评估实施存在诸多局限。文章通过分析铁路信息系统的业务特点及信息资产对系统安全状况的影响,利用层次分析法,提出了适用于铁路信息网络的资产安全属性评估方法。实验证明,所提出的方法可以有效地刻画信息资产对系统整体安全的影响程度,准确地描述资产在不同业务场景中的价值差异。通过此方法与漏洞评分系统相结合,可以更准确地评估漏洞在不同应用环境中的威胁程度。
|
| 关 键 词: | 铁路信息网络 信息安全 信息资产管理 信息资产安全 通用漏洞评分体系 |
| 收稿时间: | 2021-08-31 |
Quantitative evaluation method of asset security attributes for railway information network |
| |
| Affiliation: | Department of Network Security, China Railway Information Technology Group Co. Ltd., Beijing 100038, China |
| |
| Abstract: | At present, although China's existing information security management system clearly puts forward asset evaluation requirements, it lacks specific evaluation methods. However, most of the proposed evaluation methods are divorced from the security requirements of the actual business scenario, lead to many limitations in the implementation of asset evaluation for specific business scenarios. By analyzing the business characteristics of railway information system and the impact of information assets on system security, this paper proposed an asset security attribute evaluation method suitable for railway information network by using analytic hierarchy process. Experiments show that the proposed method can effectively describe the impact of information assets on the overall security of the system, and accurately describe the value differences of assets in different business scenarios. By combining this method with vulnerability scoring system, it can be more accurately evaluated the threat degree of vulnerabilities in different application environments. |
| |
| Keywords: | |
|
| 点击此处可从《铁路计算机应用》浏览原始摘要信息 |
|
点击此处可从《铁路计算机应用》下载全文 |
|
