基于等级保护的信息安全风险评估方法

研究目的:根据我国信息安全风险评估工作的进展情况,结合信息安全风险评估项目,对安全评估实施过程和评估方法进行研究,解决信息安全评估实施中的关键技术问题。研究方法:结合国外信息安全等级保护准则和国内信息安全等级保护标准体系,采用定性与定量相结合的研究方法。研究结果:通过对国内外可信安全产品的等级评估准则的研究,从整体上形成了多级信息系统安全保护体系。针对信息安全风险评估项目的实施过程,提出了一种基于等级保护思想的信息安全评估方法。研究结论:完整的、正确的理解每一个安全保护等级的安全要求,并合理地确定目标系统的安全保护等级,是将安全等级保护合理地运用于信息安全风险评的重要前提。基于等级保护思想的信息安全风险评估是一种有效的信息安全风险评估方法,有利于信息系统的安全体系架构的建设。

Information Security Risk Assessment Method Based on Classified Protection

Research purposes: According to the development situation of information security risk assessment in china and the information security risk assessment project,this paper researches on the security evaluation implementation process and the appraisal method and solves in the information security appraisal implementation(essential) technical question.Research methods:Unifies overseas information security rank protection criterion and the domestic information security rank protection standard system,this paper uses qualitative analysis of the research technique which unifies with(quantitative) analysis.Research results:Through credible securities product rank appraisal criterion research to the domestic and foreign,it has formed the multistage information system safekeeping of security system from the whole.In view of the information security risk assessment project implementation process,this paper proposed a kind of information security appraisal method based on the rank protection thought.Research conclusions:Complete,correct understanding each safekeeping of security rank safe request,and reasonably sets a target the system safekeeping of security rank,is reasonably utilizes the security rank protection the important premise which comments to the information security risk.The information security risk assessment based on the rank(protection) thought is one effective information security risk assessment method.It is advantageous to the implementation of the information system security construction.