摘要
当前由信息技术与网络技术构成的信息系统已不单是完成信息的简单处理与传输,它已成为连接与融合众多的业务系统核心。以信息系统为核心,并由此构成的包含各类业务系统的系统,可协同完成一定的组织目标和业务流程,称之为复杂信息系统。主要研究并合理地划分复杂信息系统中的不同层面的风险管理层次。研究采用国际上流行的Zachman框架,结合《GB/T 20274-2008信息安全技术信息系统安全保障评估框架》,构建复杂信息系统安全架构。该架构可用于复杂信息系统分层划分及其评估。
The information system composed of information technology and Internet technology is no longer just simply processing and transmitting information, it has also become the core that connects and integrates many business systems. Using information system as the core, the system, which comprises all kinds of business systems and can collaboratively fulfil certain objectives of the organisation and business process, is called the complex information system. This paper mainly studies and reasonably classifies risk management level of complex information system at different levels. The research uses the framework of Zachman which is popular in the world, and combines "GB/T 20274-2008 safety assessment framework of information security technology of information system security" to build a security architecture complex information system. The architecture can be used for the division and evaluation of hierarchical of complex information system.
出处
《计算机应用与软件》
CSCD
2015年第9期92-96,共5页
Computer Applications and Software
基金
国家信息安全测评中心项目(CNITSECKY-2012-006/2)
