期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

面向业务:信息安全保障业务发展新趋势 被引量:1

面向业务:信息安全保障业务发展新趋势
下载PDF
导出
摘要 如今信息安全在信息社会扮演极为重要的角色,直接关系到政府运作、企业经营和人们的日常生活,信息安全服务也已成为信息安全保障体系的重要内容。然而国内信息安全服务行业却存在很多问题,管理者的信息安全意识不足,安全服务以事件应急响应为主,忽视为客户提供主动、系统的面向业务的服务。针对这一现状,本文提出了基于业务的信息安全服务体系(Business-based Information Security Service System,BISSS),利用企业架构(Enterprise Architecture,EA)对机构及其信息系统进行分析,以信息系统的业务属性为出发点和依据,为客户提供覆盖整个信息系统生命周期的安全服务。 Nowadays, Information Security (IS) is playing an essential role in the information society, directly affecting the operation of governments, enterprises and people's daily lives. Information Security Service (ISS) has became an important part of IS system. However, there exist some common problems in ISS, such as managers are lack of awareness of information security; ISS always provides Event Emergency Response and neglects to provide proactive, systematic business-oriented security services to customers. To address this issue, we proposed a Business-based Information Security Service System (BISSS), which uses Enterprise Architecture (EA) to analyze the organization and its information system. In the BISSS, business property of Information systems as a starting point and basis for ISS, it is possible to use the BISSS to provide Business-based ISS which covers the entire Information System Development Lifecycle (SDLC) for customers.
作者 翟建军 彭海龙 李隆璇
机构地区 北京数字证书认证中心
出处 《信息安全与技术》 2010年第7期13-18,共6页
关键词 信息安全保障 信息安全服务体系 企业架构 信息系统开发生命周期 Information Security Service Information Security Service System Enterprise Architecture Information System Development Lifecycle
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献1

二级参考文献17

  • 1Information technology—Securitytechniques—Evaluation criteria for IT security—Introductionand general model. ISO/IEC 15408-1:2005 . 2005 被引量:1
  • 2Information technology—Securitytechniques—Evaluation criteria for IT security—Securityfunctional requirements. ISO/IEC 15408-2:2005 . 2005 被引量:1
  • 3Information technology—Securitytechniques—Evaluation criteria for IT security—Securityassurance requirements. ISO/IEC 15408-3:2005 . 2005 被引量:1
  • 4Security Considerations inthe System Development Life Cycle. NIST Special Publications 800-64 . 2004 被引量:1
  • 5Minoli D.Enterprise Architecture A to Z:Frameworks,Business Process Modeling,SOA,and InfrastructureTechnology. . 2008 被引量:1
  • 6Guide for DevelopingSecurity Plans for Information Technology Systems. NIST Special Publications 800-18 . 2006 被引量:1
  • 7Risk Management Guidefor Information Technology Systems. NIST Special Publications 800-30 . 2004 被引量:1
  • 8Standards for Security Categorization ofFederal Information and Information Systems. NIST FIPS-199 . 2003 被引量:1
  • 9Innerhofer-Oberperfler F,Breu R.Using an enterprisearchitecture for ITrisk management. Proceedings of theISSA2006 Conference . 2006 被引量:1
  • 10Breu R,Innerhofer-Oberperfler F.Model-based securityanalysis of health care networks. eHealth2008—MedicalInformatics Meets eHealth . 2008 被引量:1

同被引文献7

引证文献1

二级引证文献3

信息安全与技术
2010年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部