信息安全等级保护

信息安全等级保护量化模型研究及评估系统实现

Research of Information Security Class Protect Quantification Model and Implementation of Evaluation System

信息安全等级保护标准体系研究

Research on Information Security Classified Protection Standard System

论信息安全等级保护与电子商务安全

Information Security , Grading Protection and E-Business Security

根据我国信息安全等级保护制度的要求，安全等级在第三级及以上的信息系统必须实现强制访问控制。

According to information system classified protection of China , information systems which have higher security levels than three must support mandatory access control .

然而，信息安全等级保护在国内才刚进行试点，缺乏具有可操作性的量化模型算法和支撑软件。

However , information Security Class Protect in China is only in its primary stage of development with no valid models or tools readily available in this area .

信息安全等级保护制度是国家信息安全保障工作的重要内容，也是一项事关国家安全、社会稳定的政治任务。

Classification protection system for Information security is an important aspect of national information security , and is also a political task for national security and social stability .

信息安全等级保护作为国家信息安全基本制度，对保障政府部门和企事业的基础信息系统安全有着非常重要的作用。

As an essential part of basic Information Security system , Information Security Class Protect plays a very important role in protecting the security of fundamental information systems in government and company .

研究方法：结合国外信息安全等级保护准则和国内信息安全等级保护标准体系，采用定性与定量相结合的研究方法。

Research methods : Unifies overseas information security rank protection criterion and the domestic information security rank protection standard system , this paper uses qualitative analysis of the research technique which unifies with ( quantitative ) analysis .

近几年来，国家在信息系统安全等级保护以及密码学等方面投入了大量人力物力进行研究。

In recent year , governments have invested much on information system security classified protection and cryptography field .

信息系统安全等级保护制度是由我国提出的、具有很强技术性的风险控制行为，对信息系统分等级、按需进行适度有效防护。

Classification protection system , a strong technical risk control , for information system security is proposed by China , according to the need to classified information system to moderate effective protection .

实际应用环境的模拟结果表明，我们设计的工具扫描方案以及自动化渗透攻击能够在信息系统安全等级保护测评中有广泛的推广应用前景。

The simulation results of real application environment shows that , the tools scanning scheme and automatic penetration attacks we designed have bright promotion prospect in the information system security classified protection evaluation .

主动预防是通过信息系统安全等级保护来落实各项安全措施，通过研究信息系统安全等级保护的定级和测评来优化资源配置和全面提升系统防护能力。

Initiative protection carries out security measures through information system rank protection , optimizes the allocation of resources and improves protection capability by researching the grading and testing of information system rank protection .

等级测评是信息系统安全等级保护工作的一个基本组成部分，测评结果的评价关系到评判信息系统能否满足相应安全保护等级的要求。

Rank testing is a fundamental part of information system rank protection and the evaluating of testing results is related to judge whether the information system meet the requirements of relevant rank protection .

本文研究了信息系统安全等级保护测评中的工具扫描以及自动化渗透测试的实际应用。

This paper studied the practical application of tools scanning and automatic penetration test in information system security classified protection , and designed the schemes of security evaluation tools which we used in practical information system security classified protection evaluation .

因此，我们的研究方案非常适用于无线网络环境中。其次，信息系统安全等级保护已受到国家高度重视，专家学者们也在不断对其进行研究，尤其是在渗透测试攻击方面。

Thus , the scheme we are studying is very suitable for using in the wireless network . Secondly , governments have paid much attention on information system security classified protection , and experts and scholars also studied it steeply , especially in the respect of penetration attack .

信息安全管理在等级保护实施过程中的要点分析

Information Security Management Implementation Process of Multi-level Protection

鉴于此，我国提出了对信息系统进行安全等级保护的要求，并将等级保护作为国家信息系统安全保障工作的基本制度。

Thus , the level of security protection of information systems is given in our country . And , it also becomes the basic system of national information security .

各检验工具的检验结果提供给检验管理平台后首先被解析成统一的数据格式，然后对这些数据进行综合分析而得出信息系统安全功能等级保护符合性结果。

The check results produced by the different tools will be processed to a uniform format after they provided to the management platform . The conformance result for the information system classified protection will be given through the comprehensive analysis .

惠州移动信息安全等级划分及安全保护的研究和实践

Huizhou Mobile Information Security Classification and Security Research and Practice

为了保障信息系统的安全与稳定，我国提出了信息安全等级保护概念并且将其作为了保障国家信息化建设安全的一项基本策略。

In order to protect the security and stability of information systems , our country proposes the concept of information security classified protection and makes it as a basic strategy of construction of national information .

信息系统等级保护测评工作是信息系统等级保护工作五个规定动作之一，是开展信息安全等级保护工作的一个重要环节。

Information systems of classified protection evaluation work is the protection of information systems class , one of the five required dives , is the protection of information security level of an important part .