摘要
信息系统的安全是至关重要的。文中针对目前应用系统安全威胁现状,提出一种基于安全工程的应用系统安全解决方案。该方案利用安全工程的思想,通过把安全工程生命周期与信息系统生命周期相结合,确定了信息系统生命周期中各阶段的主要安全工程活动,弥补了传统安全防护方案在信息系统安全防护方面的不足。这对信息系统安全工程的实施具有一定的指导意义。
Information system security is of utmost importance. To solve the problem of information system security protection, a comprehensive solution based on the life-cycle of security engineering is proposed. By applying the theory of security engineering, this solution could identify the primary security engineerir,g activities in the life cycle of information systems, remedy the deficiencies of traditional security solutions in information security protection. This solution is of certain guidance in implementing security engineering of information systems.
出处
《信息安全与通信保密》
2012年第7期113-116,共4页
Information Security and Communications Privacy
关键词
安全工程
生命周期
安全基线
安全模型
风险评估
security engineering
life cycle
security baseline
security model
risk assessment
