[1]钱钢,达庆利.基于SSE-CMM模型的信息系统安全工程管理[J].东南大学学报(自然科学版),2002,32(1):32-36.[doi:10.3969/j.issn.1001-0505.2002.01.008]
 Qian Gang,Da Qingli.Management of info-security engineering based on SSE-CMM model[J].Journal of Southeast University (Natural Science Edition),2002,32(1):32-36.[doi:10.3969/j.issn.1001-0505.2002.01.008]
点击复制

基于SSE-CMM模型的信息系统安全工程管理()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
32
期数:
2002年第1期
页码:
32-36
栏目:
计算机科学与工程
出版日期:
2002-01-20

文章信息/Info

Title:
Management of info-security engineering based on SSE-CMM model
作者:
钱钢 达庆利
东南大学经济管理学院,南京 210096
Author(s):
Qian Gang Da Qingli
College of Economic and Management, Southeast University, Nanjing 210096, China
关键词:
信息系统 SSE-CMM模型 安全工程管理
Keywords:
information system SSE-CMM model security engineering management
分类号:
TP309
DOI:
10.3969/j.issn.1001-0505.2002.01.008
摘要:
通过对目前信息系统建设中安全工程现状的分析,总结出信息系统存在的几大安全问题,从而有针对性地引入SSE-CMM模型,通过对模型的介绍阐述了如何在模型指导下进行信息系统安全工程管理.最后给出在模型的基础上制定安全基线的方法.实践证明采用这种过程控制的方法来指导信息系统安全工作,有针对性地解决了信息系统安全的动态性和广泛性.
Abstract:
By analyzing the current situation of security engineering in present information system construction,this paper sums up several main security problems of the information system and introduces the SSE-CMM model aiming at these problems. It also makes an exposition of how the information system security engineering management works by introducing the SSE-CMM model and presents a method of making security base line on the base of the model. Actual situation shows that the application of this proceeding control method guides the information system security and solves the information system securitys dynamic extensive character.

参考文献/References:

[1] Gilmont T,Legat J D,Quisquater J J.An architecture of security management unit [J].Proceedings of SPIE:Security and Watermarking of Multimedia Contents, 1999,36:472-483.
[2] The International Organization for Standardization.ISO/IEC 15408:1999(E)Common Criteria for Information Technology Security Evaluation[S].Geneva,Switzerland,1999.
[3] Donn B P.反计算机犯罪[M].北京:电子工业出版社,1999.30-89.
  Donn B P.Fighting computer crime[M].Beijing:Electronic Industries Publishing Company,1999.30-89.(in Chinese)
[4] Gilmont T,Legat J D,Quisquater J J.An architecture of security management unit for safe hosting of multiple agents[A].In: International Workshop on Intelligent Communications and Multimedia Terminals(COST254)[C].Ljubljana,1998.79-82.
[5] Bertino E,Buccafurri F,Ferrari E,et al.A logical framework for reasoning on data access control policies[A].In:Proc 12th IEEE Computer Security Foundations Workshop[C].Mordano,Italy,1999.175-189.
[6] Lupu E,Sloman M.Conflicts in policy-based distributed systems management[J]. IEEE Trans on Software Engineering, 1999,25(6):852-869.
[7] Systems security engineering capability maturity model(SSE-CMM)version 2.0.The National Information Systems Security Conference.Baltimore,Maryland,1999.http://www.sse-cmm.org.2001-02-03.
[8] 李新运,常 勇,李 望.重大工程项目灾害风险评估方法研究[J].自然灾害学报,1998,7(4):24-28.
  Li Xinyun,Chang Yong,Li Wang.Research on disaster risk assessment for critical engineering[J].Journal of Natural Disasters,1998,7(4):24-28.(in Chinese)
[9] Karjoth G,Lange D B,Oshima M.A security model for aglets[J]. IEEE Internet Computing,1997,1(4):68-77.
[10] 宋如顺,钱 钢.基于SSE-CMM的信息安全管理与控制[J].计算机工程与应用,2000(12):37-40.
  Song Rushun,Qian Gang.Management and control of info-sec based on SSE-CMM [J].Journal of Computer Engineering and Application,2000(12):37-40.(in Chinese)
[11] 钱 钢,达庆利.基于系统安全工程能力成熟模型的信息系统风险评估[J].管理工程学报,2001,15(4):58-60.
   Qian Gang,Da Qingli.The information system risk evaluation based on system security engineering capability maturity model[J].Journal of Industrial Engineering and Engineering Management,2001,15(4):58-60.(in Chinese)

备注/Memo

备注/Memo:
基金项目: 国家863信息安全应急计划资助项目(863-301-7-8).
作者简介: 钱钢(1965—), 男, 副教授; 达庆利, 男, 教授, 博士生导师.
更新日期/Last Update: 2002-01-20