| 基于度量学的认证认可方法研究 |
| |
| 引用本文: | 陈超,方勇.基于度量学的认证认可方法研究[J].信息技术,2004,28(9):57-60. |
| |
| 作者姓名: | 陈超 方勇 |
| |
| 作者单位: | 四川大学信息安全研究所,成都,610064 |
| |
| 摘 要: | IT系统在生命期中运行、应用和连接时一般要经历持续的改变。而很多变化只有在三年一度的C&A过程中才能捕获到;这将增加系统风险的暴露。通过结构化、循序渐进的方法,提高安全度量标准,优化风险评估过程,改进认证认可方法。
|
| 关 键 词: | 认证和认可 度量学 系统安全工程-能力成熟度模型 知识管理 信息保障 |
| 文章编号: | 1009-2552(2004)09-0057-04 |
| 修稿时间: | 2004年1月2日 |
A approach research to certification and accreditation metrics-based |
| |
| CHEN Chao,FANG Yong.A approach research to certification and accreditation metrics-based[J].Information Technology,2004,28(9):57-60. |
| |
| Authors: | CHEN Chao FANG Yong |
| |
| Abstract: | IT systems typically undergo extensive changes in operating system, applications, and connectivity during a lifecycle. Many of these changes are not captured until the triennial C&A is accomplished; this may lead to increased system risk exposure. Improvements to the C&A process could be achieved through a structured, evolutionary approach and then improves security metrics standard, optimizes the risk assessment process and improves the methods of certification and accreditation. |
| |
| Keywords: | certification and accreditation metrics systems security engineering-capability maturity model (SSE-CMM) knowledge management information assurance |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
