摘要
代管县供电企业信息化水平参差不齐,安全管理和技术防护情况复杂,目前普遍使用的安全测评方法偏重脆弱性漏洞问题核查,对业务系统数据流及业务逻辑关系的测评不全面(或不深入)。文章提出多维度信息安全测评方法,旨在从合规性测评、风险控制、关联关系(应用系统数据流、业务逻辑及安全策略关联关系)3个维度科学分析信息系统各个层面的安全问题。实践表明,该方法能够全面、系统、深入、准确地发现信息系统存在的各类安全隐患。
The information management level is different in the county power supply enterprises, the situation of security management and technical protection is complex; current security assessment methods focused on the verification of vulnerability issues. Assessments about business system data flow and business logic relationship are weak. Multi-dimension information security assessment method is proposed in this paper, to analyze the security issues from three dimensions including compliance assessment, risk control and correlation(application system data flow, business logic and security policy correlation). Practice shows that the method can be comprehensive, systematic, in-depth and accurate to find all kinds of security risks of information system.
出处
《电力信息与通信技术》
2016年第7期72-75,共4页
Electric Power Information and Communication Technology
关键词
信息安全
多维度
测评方法
代管县供电企业
information security
multi-dimension
assessment method
county power supply enterprise
