摘要
论文首先概述了美国联邦信息安全风险管理框架的实现及其相关标准,接着对NIST风险管理框架的八个步骤进行了详细描述;最后在对中国的等级保护三步式和美国FISMA的三阶段进行简单分析比较的基础上,根据中国信息化建设及管理的现状,对中国下一步等级保护工作提出了看法。
This paper first introduced the realization of the Federal Information Security Risk Management Framework and related standards, then described the eight steps of the National Institute of Standards and Technology(NIST) risk management framework in detail. At the end, viewpoints about Chinese information classified security protection were given according to current status of the information-base construction and management, which were based on the brief analytical comparison of Chinese "three steps" information classified security protection and "three stages" pattern of the Federal Information Security Management Act(FISMA).
出处
《信息安全与通信保密》
2009年第2期40-44,共5页
Information Security and Communications Privacy
