摘要
围绕云环境下安全模式与传统安全模式的差异,结合信息安全保障要求,对三种不同的云服务模式(包括IaaS,PaaS和SaaS)进行了安全需求分析,同时对美国云计算联邦风险评估管理计划(FedRAMP)中的安全控制措施和国内相关信息安全标准中的安全要求进行了对比分析,提出了云计算信息安全测评的基本框架,探讨了云计算信息安全测评需要特别关注的内容。
Information security for the three cloud service modes, including IaaS, PaaS and SaaS, is analyzed in terms of the differences on security mode between cloud environment and traditional computing environment. Information security requirement differences between the Federal Risk and Authorization Management Program (FedRAMP) of USA and related information security standards of China are also compared and analyzed. A basic framework of cloud security assessment is presented in this paper. The issues which should be emphasized in security assessment are explored.
出处
《计算机时代》
2013年第10期22-25,共4页
Computer Era
关键词
云计算
云服务模式
信息安全
信息安全测评
cloud computing
cloud service model
information security
testing and evaluation of information security
