兰德公司对网络空间安全防御的建议
|
摘要
网络空间安全当前受到世界各国政府、学术界、企业等的广泛关注.美国国土安全部(DHS)于2011年发布了报告《安全网络的未来蓝图》,定义了能够加强国家网络安全的包括25个关键策略在内的75个策略.兰德公司对该报告提出的策略及这些策略的作用等进行了调研,分析了DHS蓝图的不足,提出用于评估网络安全防御行为的方法,形成报告《网络空间安全规划与预算架构》,该报告采用旭日图的形式表示了网络安全主要目标、支撑该目标的4个策略,以及支撑策略的各级具体策略和活动.对兰德公司的研究结果进行简要介绍.
Cybersecurity is currently receiving widespread attention from governments,academia,and enterprises around the world.The US Department of Homeland Security issued the Blueprint for a Secure Cyber Future in 2011, which defines 75 strategies that can strengthen national cybersecurity,25 of which are key strategies.The Rand Corporation conducted research on the strategies proposed by the report and the effect of these strategies,analyzed the shortcomings of the DHS blueprint, proposed a method for assessing network security defense behaviors and produced a report A Framework for Programming and Budgeting for Cybersecurity.The report uses the sunburst to represent the main goals of cybecrecurity, the four strategies that support the goals, and the specific strategies and activities.This paper will give a brief introduction to the research results of RAND.
Cybersecurity is currently receiving widespread attention from governments,academia,and enterprises around the world.The US Department of Homeland Security issued the Blueprint for a Secure Cyber Future in 2011, which defines 75 strategies that can strengthen national cybersecurity,25 of which are key strategies.The Rand Corporation conducted research on the strategies proposed by the report and the effect of these strategies,analyzed the shortcomings of the DHS blueprint, proposed a method for assessing network security defense behaviors and produced a report A Framework for Programming and Budgeting for Cybersecurity.The report uses the sunburst to represent the main goals of cybecrecurity, the four strategies that support the goals, and the specific strategies and activities.This paper will give a brief introduction to the research results of RAND.
引文
[1]DHS.Blueprint for a secure cyber future[EB/OL].(2017-03-18)[2019-06-15].https://www.dhs.gov/blueprintsecure-cyber-future
[2]RAND About the RAND Corporation[EB/OL].(2017-10-10)[2019-06-15].https://www.rand.org/about.html
[3]闫俊,郭正玉.美国兰德公司70年发展启示[J].航空兵器,2017(6):13-17
[4]宣景昭,谢泽润.兰德公司智库研究体制实证探究及其启示[J].智库理论与实践,2018,3(5):60-68
[5]DHS.Office of the chief financial officer[EB/OL].(2018-10-10.)[2019-06-15].https://www.dhs.gov/office-chieffinancial-officer
[6]RAND.A framework for programming and budgeting for cybersecurity[EB/OL].(2017-10-10)[2019-06-15].https://www.rand.org/pubs/tools/TL186.html
[7]NIST,Security and privacy controls for federal information systems and organizations[EB/OL].(2016-07-23)[2019-06-15].https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final
[2]RAND About the RAND Corporation[EB/OL].(2017-10-10)[2019-06-15].https://www.rand.org/about.html
[3]闫俊,郭正玉.美国兰德公司70年发展启示[J].航空兵器,2017(6):13-17
[4]宣景昭,谢泽润.兰德公司智库研究体制实证探究及其启示[J].智库理论与实践,2018,3(5):60-68
[5]DHS.Office of the chief financial officer[EB/OL].(2018-10-10.)[2019-06-15].https://www.dhs.gov/office-chieffinancial-officer
[6]RAND.A framework for programming and budgeting for cybersecurity[EB/OL].(2017-10-10)[2019-06-15].https://www.rand.org/pubs/tools/TL186.html
[7]NIST,Security and privacy controls for federal information systems and organizations[EB/OL].(2016-07-23)[2019-06-15].https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final