<menu id="guoca"></menu>
<nav id="guoca"></nav><xmp id="guoca">
  • <xmp id="guoca">
  • <nav id="guoca"><code id="guoca"></code></nav>
  • <nav id="guoca"><code id="guoca"></code></nav>
    GB/T 20274.1—2006信息安全技術 信息系統安全保障評估框架 第1部分:簡介和一般模型
    展開或關閉
    前 言
    前言
    引言
    0.1 信息系統安全保障的含義 0.2 信息系統安全保障評估框架的編制目的和意義 0.3 信息系統安全保障評估框架的使用 0.4 建立自己的信息系統安全保障框架
    1 范圍
    范圍
    2 規范性引用文件
    規范性引用文件
    3 術語、定義和縮略語
    3.1 術語和定義 3.2 縮略語
    4 概述
    4.1 引言 4.2 信息系統安全保障評估框架的目標讀者 4.3 評估上下文 4.4 信息系統安全保障評估框架的文檔組織
    5 一般模型
    5.1 概述 5.2 安全上下文 5.3 信息系統安全保障評估 5.4 安全概念 5.5 信息系統安全保障描述材料
    6 信息系統安全保障評估和評估結果
    6.1 介紹 6.2 ISPP(信息系統保護輪廓)和ISST(信息系統安全目標)的要求 6.3 TOE內的要求 6.4 評估結果的聲明 6.5 TOE評估結果的應用
    附 錄 A (規范性附錄) 信息系統保護輪廓
    A.1 概述 A.2 信息系統保護輪廓內容
    附 錄 B (規范性附錄) 信息系統安全目標規范
    B.1 概述 B.2 信息系統安全目標內容
    附 錄 C (資料性附錄) 信息系統描述
    C.1 概述 C.2 信息系統描述規范 C.3 信息系統描述說明
    附 錄 D (資料性附錄) 信息系統安全保障級說明
    D.1 概述 D.2 信息系統使命分類 D.3 信息系統威脅分級 D.4 信息系統安全保障級(ISAL)矩陣 D.5 信息系統安全保障級(ISAL)分級要求
    參考文獻
    參考文獻

    參考文獻

    GB/T 20274.1—2006信息安全技術 信息系統安全保障評估框架 第1部分:簡介和一般模型 /

    [1] GB/T 19000-2000 質量管理體系 基礎和術語
    [2] GB/T 19001-2000 質量管理體系 要求
    [3] GB/T 19004-2000 質量管理體系 業績改進指南
    [4] ISO/IEC TR 15443-1: 2005, A framework for IT Security assurance - Part 1: Overview and framework
    [5] ISO/IEC TR 15443-2: 2005, A framework for IT Security assurance - Part 2: Assurance methods
    [6] ISO/IEC WD 15443-3, A framework for IT security assurance - Part 3: Analysis of assurance methods
    [7] ISO/IEC PDTR 19791: 2004, Information technology - Security techniques - Security assessment of operational systems
    [8] Information Assurance Technical Framework, Release 3.1, National Security Agency Information Assurance Solutions Technical, September 2002
    [9] ISO/IEC 17799:2005 Information technology — Security techniques — Code of practice for information security management
    [10] ISO/IEC 13335-1: 2004 Information technology — Security techniques — Management of information and communications technology security (MICTS) - Part 1: Concepts and models for information and communications technology security management
    [11] ISO/IEC 4th WD 13335-2: 2004, Management of information and communications technology security (MICTS) - Part 2: Techniques for information and communications technology security risk management
    [12] ISO/IEC 1st CD 18028-1: 2004, Information technology - Security techniques - IT network security - Part 1: Network security management
    [13] ISO/IEC FCD 18028-2: 2004, Information technology - Security techniques - IT network security - Part 2: Network security architecture
    [14] ISO/IEC FCD 18028-3: 2004, Information technology - Security techniques - IT network security - Part 3: Securing communications between networks using security gateways
    [15] ISO/IEC 18028-4:2005, Information technology - Security techniques - IT network security - Part 4: Remote access
    [16] ISO/IEC 1st CD 18028-5: 2004, Information technology - Security techniques - IT network security - Part 5: Securing communications across networks using Virtual Private Networks
    [17] NIST Special Publication 800-18, Guide for Developing Security Plans for Information Technology Systems, November 2001
    [18] NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems, January 2002
    [19] NIST Special Publication 800-34 Continuity Planning Guide for Information Technology System, June 2002
    [20] NIST Special Publication 800-50, Building an Information Security Awareness and Training Program, October 2003
    [21] NIST Special Publication 800-64, Security Considerations in the Information System Development Life Cycle, October 2003
    [22] NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems, Feberuary 2005
    [23] OECD Guidelines for Security of Information Systems and Networks: ‘Toward a Culture of Security’, 2002
    [24] NSTISSI No. 4009 National Information Systems Security (INFOSEC) Glossary
    [25] Carnegie Mellon University/Software Engineering Institute, CMU/SEI-2002-TR-011, CMMISM for Systems Engineering, Software Engineering, Integrated Product and Process Development, and Supplier Sourcing(CMMI-SE/SW/IPPD/SS, V1.1) Continuous Representation, CMMI Product Team, March 2002
    [26] Carnegie Mellon University/Software Engineering Institute, CMU/SEI-2002-TR-012, CMMISM for Systems Engineering, Software Engineering, Integrated Product and Process Development, and Supplier Sourcing(CMMI-SE/SW/IPPD/SS, V1.1) Staged Representation, CMMI Product Team, March 2002
    [27] System Security Engineering Capability Maturity Model (SSE-CMM?) Model Descritpion Document, Version 3.0, June 15, 2003
    [28] System Security Engineering Capability Maturity Model (SSE-CMM?) Appraisal Method, Version 2.0, April 16, 1999
    [29] CoBIT?, 3rd Edition, Management Guidelines, COBIT Steering Committee and the IT Governance Institute?,July 2000
    [30] CoBIT?, 3rd Edition, Audit Guidelines, COBIT Steering Committee and the IT Governance Institute?,July 2000
    [31] CoBIT?, 3rd Edition, Control Objectives, COBIT Steering Committee and the IT Governance Institute?,July 2000
    [32] Department of Defense Technical Reference Model, Version 2.0, 9 April 2001
    [33] Department of Defense Technical Architecture Framework for Information Management, Volume 1: Overview, Version 3.0, 30 April 1996
    [34] DoD Architecture Framework, Version 1.0, DoD Architecture Framework Working Group, August 2003

    本文章首發在 網安wangan.com 網站上。

    上一篇 下一篇
    安全俠
    Reserved 1.2k 聲望
    暫無個人描述~
    討論數量: 0
    只看當前版本


    暫無話題~
    ? 2021 WANGAN.COM 幫助網安從業者成長;關注產業發展,做網絡安全忠誠衛士!
    亚洲 欧美 自拍 唯美 另类