摘要
将一种信息安全(INFOSEC)模型扩展成为一个信息保障(IA)模型,用于指导信息安全研究、工程和教育。新模型包括四维度量:安全目标,信息流状态,安全保障,时间。将信息安全的保护范畴扩大到信息资产,并对可用性、完整性和机密性重新进行了定义,增加了新内涵;采用深度防御概念,在注重技术的同时,突出了人的因素,并强调了安全管理在系统生命期重要作用。时间维的引入,使该模型真正成为动态模型。
In this article an information assurance model extended from information security model is proposed. The new model comprises four dimensions: security goal, information stream states, security assurance, and time. The objects to be protected are extended to both information and assets, and the meaning of confidentiality, integrity and availability is augmented by redefining. It is emphasized that both the people and IT security management are critical. It is a really dynamic model which can be used for information security research, engineering and education.
出处
《四川大学学报(工程科学版)》
EI
CAS
CSCD
2004年第4期103-106,共4页
Journal of Sichuan University (Engineering Science Edition)
关键词
信息安全
信息资产
信息保障
信息安全模型
安全管理
information security(INFOSEC)
information assets
information assurance(IA)
information security model
security management
