网络安全标准在轨道交通信息系统全生命周期的应用实践
Application Practice of Network Security Standards in the Full Life Cycle of Rail Transit Information Systems
王玮 1李成良 1徐健1
作者信息
摘要
案例将《信息安全技术 网络安全等级保护基本要求》和《信息安全技术 信息系统安全运维管理指南》两项国家标准与信息系统的全生命周期管理相结合,并开发了新的标准应用模式:对相关标准开展条理化解析;建立与标准条款对应的管理基线;将管理基线逐条纳入全生命周期管理矩阵.这一模式不仅为轨道交通行业提供了安全管理的参考框架,更具有广泛的适用性.通过借鉴和应用上述防护措施与安全管理体系,其他行业/组织可以快速提升自身的网络安全防护水平,为信息系统的安全稳定运行提供有力保障.
Abstract
This case combines the two national standards of"Information security technology-Basic requirements for network security level protection"and"Information security technology-Guidelines for information system security operation and maintenance management"with the full lifecycle management of information systems,and develops a new standard application mode:conducting organized analysis of relevant standards.Establish a management baseline corresponding to standard clauses.Incorporate management baselines into the full lifecycle management matrix one by one.This model not only provides a reference framework for safety management for the rail transit industry,but also has wide applicability.By drawing on and applying the above protective measures and security management system,other industries/organizations can quickly improve their network security protection level,and provide strong guarantees for the safe and stable operation of information systems.
关键词
网络安全等级保护/轨道交通/安全运维管理/条理化解析/管理基线/管理矩阵Key words
network security level protection/rail transit/security operation and maintenance management/organized analysis/management baseline/management matrix引用本文复制引用
出版年
2024
NETL
NSTL
万方数据