新时代下网络安全服务能力体系建设思路

详细信息    查看全文 | 推荐本文 |

英文篇名：Research on Establishment of Network Security Service Ability System for A New Era 作者：曲洁 ; 范春玲 ; 陈广勇 ; 赵劲涛 英文作者：QU Jie;FAN Chunling;CHEN Guangyong;ZHAO Jintao;The Third Research Institute of the Ministry of Public Security;Network Security Bureau of the Ministry of Public Security; 关键词：等级保护 ; 网络安全服务 ; 能力体系建设 英文关键词：classified protection;;network security service;;ability system construction 中文刊名：XXAQ 英文刊名：Netinfo Security 机构：公安部第三研究所;公安部网络安全保卫局; 出版日期：2019-01-10 出版单位：信息网络安全 年：2019 期：No.217 语种：中文; 页：XXAQ201901011 页数：5 CN：01 ISSN：31-1859/TN 分类号：89-93

摘要

基于网络安全服务在网络安全发展过程中的支撑作用以及等级保护2.0时代的发展特点,文章着眼于网络安全服务的主要目标、服务对象、服务周期、服务内容等,探讨通过建立完整的网络安全服务技术体系、标准体系和管理体系,明确服务供应商和服务需求方的责任,并通过建立全服务过程的监督评价体系,促进网络安全服务水平不断提高,从而为网络安全的发展注入活力。
        Based on the supporting role of network security services in the development of network security and the characteristics of classified protection 2.0, focusing on the main objectives, service objects, service cycles and service contents of network security services, this paper discusses how to clarify the responsibilities of service providers and service demanders by establishing complete technical system, standard system and management system of network security services. This paper also discusses how to promote the continuous improvement of the level of network security service by establishing the supervision and evaluation system of the whole service process, thus injecting vitality into the development of network security.

引文

[1]Network Security Law of the People’s Republic of China[EB/OL].http://www.npc.gov.cn/npc/,2016-11-7.中华人民共和国网络安全法[EB/OL].http://www.npc.gov.cn/npc/,2016-11-7.
    [2]GA/T 1390.2-2017.Information Security Technology-Baseline for Classified Protection of Cybersecurity-Part 2:Specialsecurity Requirements for Cloud Computing[S].Beijing:Standards Press of China,2017.GA/T 1390.2-2017.信息安全技术网络安全等级保护基本要求第二部分:云计算扩展要求[S].北京:中国标准出版社,2017.
    [3]CHEN Yuehua,YANG Dongsheng,MU Biao.The Thoughts of Information Security Service Outsourcing Management[J].Netinfo Security,2012,12(12):86-87.陈跃华,杨东升,穆彪.信息安全服务外包管理思考[J].信息网络安全,2012,12(12):86-87.
    [4]SUN Mingliang,WEI Hua,WANG Yan.Escort Network Power Strategy to Promote the Development of Network Security Service Industry[EB/OL].http://news.gmw.cn/2018-04/19/content_28362460.htm,2018-4-19.孙明亮,位华,王琰.护航网络强国战略促进网络安全服务业发展[EB/OL].http://news.gmw.cn/2018-04/19/content_28362460.htm,2018-4-19.
    [5]ISO/IEC 27002-2013.Information technology-Security techniques-Code of practice for information security controls[EB/OL].http://www.doc88.com/p-2949103186366.html,2018-10-30.
    [6]GB/T 30271-2013.Information Security TechnologyAssessment Criteria for Information Security Service Capability[S].Beijing:Standards Press of China,2013.GB/T 30271-2013.信息安全技术信息安全服务能力评估准则[S].北京:中国标准出版社,2013.
    [7]JI Hui.Controlling Information System Risk by Information Security Service[J].Netinfo Security,2010,10(5):17-18.季辉.通过信息安全服务实现信息系统风险可控[J].信息网络安全,2010,10(5):17-18.