共查询到20条相似文献,搜索用时 15 毫秒
1.
信息安全相关标准的分析与研究 总被引:1,自引:0,他引:1
本文讨论了目前国际上流行的 CC、ISO17799/BS7799 和 SSE-CMM 标准的特点,并从背景、适用范围、框架结构、评估等级、侧重点和实践方式几个方面对它们进行了综合比较。 相似文献
2.
《Information Security Journal: A Global Perspective》2013,22(6):21-28
Abstract The information security industry has finally developed and published standards. This article examines each of the ten areas identified in the standards document, ISO 17799, and identifies key points the security professional should address in his or her security program. While there are other standards (BS 7799, ISO/TR 15369), this article concentrates on the recommendations of the International Standard ISO/IEC 17799:2000, “Information Security Management, Code of Practice for Information Security Management.” The International Organization for Standardization (ISO)1 and the International Electrotechnical Commission (IEC) form a specialized system on worldwide standardization. National bodies that are members of ISO and IEC participate in the development of international standards through technical committees. The United States, through the American National Standards Institute (ANSI), is the secretariat. Twenty-four other nations (Brazil, France, United Kingdom, China, Democratic People's Republic of Korea, Czech Republic, Germany, Denmark, Belgium, Portugal, Japan, Republic of Korea, the Netherlands, Ireland, Norway, South Africa, Australia, Canada, Finland, Sweden, Slovenia, Switzerland, New Zealand, and Italy) have participant status and 40 other nations are observers. 相似文献
3.
4.
本文提出了一种基于国家等级保护标准GB17895的安全管理度量方法.阐述了度量要素的提取及度量结果的量化等问题的解决方案,并依据ISO/IEC17799标准设计了安全管理度量的核查表。 相似文献
5.
Chris Pounder 《Computer Fraud & Security》2002,2002(5):6
The Alliance for Electronic Business (AEB) has published 30 pages of ‘Web Security Guidelines’ which provide clear, commercial and practical guidance to small to medium-sized enterprises (SMEs) on how to secure their Internet activities and which explores the range of security techniques to employ. Written in a ‘plain-English style’, the guidelines complement the Code of Practice on Information Security Management (BS7799) which is incorporated into the international standard (ISO/IEC 17999). 相似文献
6.
Managing information security as opposed to the IT security is an area that is now eventually coming of age. For many years the focus has been mainly on IT security and with the implementation of such security left to the IT department and technical experts. Early in the 90s things started to change with the first draft of an information security management standard BS 7799 focusing in on security related to people, processes, information as well as IT. Since then there has been many developments taking us to where we are today with these early security management standards being transformed in international standards published by ISO/IEC. These standards are being used by hundreds of thousands of organisations using these standards worldwide. Based on the authors previously copyrighted writings, this article explores what these standards have got to offer organisations, what benefits are to be gained and how such standards have helped with compliance. In particular it focuses in on the insider threat as an example of one of the growing problems that organisations need to deal with and how these international standards are useful in helping to solve the insider threat problem. 相似文献
7.
8.
Edward Humphreys 《Datenschutz und Datensicherheit - DuD》2011,35(1):7-11
This article presents ISO’s most successful information security standard ISO/IEC 27001 together with the other standards
in the family of information security standards — the socalled ISO/IEC 2700x family of information security management system
(ISMS) standards and guidelines. We shall take a brief look at the history and progress of these standards, where they originated
from and how became the common language of organizations around the world for engaging in business securely. We shall take
a tour through the different types of standard at are included in the ISMS family and how the relate and fit together and
we will finally conclude with a short presentation of ISMS third party certification. The material used in this article has
been derived directly from the many articles and books by Prof. Humphreys on the ISO/IEC 2700x ISMS family and they are implemented
and applied in practice in business, commerce and government sectors. 相似文献
9.
Wayne Madsen 《Information Security Journal: A Global Perspective》2013,22(4):11-15
Abstract The concepts of vulnerability assessment and penetration testing as methods of risk analysis have been a staple of the practice of information security. The seminal paper by Farmer and Venema [FV92] introduced the concept of performing penetration tests as a method of vulnerability assessment. Since the early 1990s, the practices of vulnerability assessment and risk analysis have alternately converged and diverged as new methods waxed and waned. Most recently, standards such as BS 7799 and ISO 17799 have focused on the synergy between technical testing and risk analysis. 相似文献
10.
《Information Systems Management》2007,24(4):333-342
Although mobile computing brings many advantages, it introduces new threats to the privacy and security of health information. It is therefore imperative that mobile device uses are carefully considered. This paper provides guidance from a security best practice perspective (ISO17799) and from a legislative perspective (HIPAA). It is argued that healthcare organizations will be doing well when considering mobile computing according to ISO17799, but additional controls needed to comply with HIPAA requirements are identified. 相似文献
11.
ABSTRACT Although mobile computing brings many advantages, it introduces new threats to the privacy and security of health information. It is therefore imperative that mobile device uses are carefully considered. This paper provides guidance from a security best practice perspective (ISO17799) and from a legislative perspective (HIPAA). It is argued that healthcare organizations will be doing well when considering mobile computing according to ISO17799, but additional controls needed to comply with HIPAA requirements are identified. 相似文献
12.
张忠生 《网络安全技术与应用》2013,(2):34-36,70
随着云计算在各领域的应用,云计算的安全问题不容忽视,本文依据现有安全管理标准(ITIL、ISO/IEC 27001和ISO/IEC 27002),对云计算的安全管理和监测进行了深入的探析。 相似文献
13.
14.
15.
赵卫东 《计算机工程与科学》2004,26(12):108-109
本文利用系统工程的思想,通过把信息系统安全与系统工程环境相结合,确定了信息系统生命周期中各阶段的主要安全工程活动。利用SSE-CMM的风险管理概念,提出了信息系统安全工程风险管理的模型。这对信息系统安全工程的实施具有一定的指导意义。 相似文献
16.
分析了在企业信息化进程中,如何有效地对IT项目进行管理.以项目管理学会PMI的项目管理理论和BS7799信息安全管理国际标准为基础,提出了一个以风险评估为导向,适合从外部获取技术的信息系统项目管理方法的总体框架.旨在通过对信息技术项目的各个阶段进行科学合理的管理,来提高项目的成功率,加快企业信息化进程. 相似文献
17.
《Information Security Journal: A Global Perspective》2013,22(6):299-309
ABSTRACT Cloud computing is a new IT delivery paradigm that offers computing resources as on-demand services over the Internet. Like all forms of outsourcing, cloud computing raises serious concerns about the security of the data assets that are outsourced to providers of cloud services. To address these security concerns, we show how today's generation of information security management systems (ISMSs), as specified in the ISO/IEC 27001:2005, must be extended to address the transfer of security controls into cloud environments. The resulting virtual ISMS is a standards-compliant management approach for developing a sound control environment while supporting the various modalities of cloud computing. This article addresses chief security and/or information officers of cloud client and cloud provider organizations. Cloud clients will benefit from our exposition of how to manage risk when corporate assets are outsourced to cloud providers. Providers of cloud services will learn what processes and controls they can offer in order to provide superior security that differentiates their offerings in the market. 相似文献
18.
信息安全在电子政务建设中的策略探索 总被引:1,自引:0,他引:1
通过对国内部分电子政务信息安全建设的分析,描述了当前信息安全体系架构的特点,进而结合ISO/IEC 27001、COBIT、ITIL及自动化风险管控体系等,提出了在电子政务信息安全建设过程中的实施策略。 相似文献
19.
基于SSE-CMM的信息系统安全工程模型 总被引:2,自引:0,他引:2
基于SSE-CMM框架模型,提出了信息系统安全工程的V型生存期模型。在此基础上对信息系统安全系统构建的步骤作了较详细的描述,并用一开发实例进行了简要说明。 相似文献
20.
文章对企业信息安全需求进行了分析,通过对信息安全管理标准BS7799描述,分析了其风险管理各要素间的关系,并定义了一种风险评估的基本流程,在此基础上构建了一种适于企业的风险分析法。 相似文献