摘要
国家网络安全等级保护标准结构和内容的变化,尤其是与等级测评环节有关的标准的变化,带来了等级测评产生结论的变化,而如何通过定量计算方法合理准确地反映等级保护对象的安全保护状况和具有的安全保护能力,一直是安全等级测评探索的方向。文章研究分析了等级测评结论的产生原理,提出了基于测评指标和测评对象的定量分析方法,通过实例证明测评指标和测评对象的权重赋值直接影响定量分析的最终结果。为了获得更加准确和具有说服力的测评结论,需要在定量计算方法中探索测评指标和测评对象的合理权重赋值方法。
The change of the structure and content of the national classified protection of cybersecurity standard,especially the standard change related to the assessment of classified protection of cybersecurity,brought about the change of the conclusion of the assessment of classified protection of cybersecurity,and how to accurately reflect the security protection status and the security protection ability of the level protection object by quantitative calculation method.It has always been the direction of exploration in the assessment of classified protection of cybersecurity,This paper studies and analyzes the principle of the production of the evaluation conclusionsinclassified protection assessment,and puts forward the quantitative analysis methodbasedon the assessment requirements and the assessment objects respectively,and shows through the example that the weight assignment of the assessment requirements and theassessment objects directly affects the final result of quantitative analysis.In order to obtain more accurate and persuasive evaluation conclusions,it is necessary to explore the reasonable weighting method of the assessment requirements and the assessment objects in the quantitative calculation method.
作者
马力
MA Li(Information Classified Security Protection Evaluation Center of the Ministry of Public Security,Beijing 100142,China)
出处
《信息网络安全》
CSCD
北大核心
2020年第3期1-8,共8页
Netinfo Security
关键词
等级保护对象
安全等级测评
测评指标
测评对象
classified protection object
classified protection assessment
assessment requirements
assessment objects
