等级保护测评模拟环境设计与实践

doi:10.3969/j.issn.1671-1122.2020.11.003

信息网络安全 ›› 2020, Vol. 20 ›› Issue (11): 15-21.doi: 10.3969/j.issn.1671-1122.2020.11.003

等级保护测评模拟环境设计与实践

郑国刚(), 尹湘培, 王魁, 何坤鹏

公安部信息安全等级保护评估中心,北京 100142

收稿日期:2020-08-15 出版日期:2020-11-10 发布日期:2020-12-31
通讯作者: 郑国刚 E-mail:guogangzheng@qq.com
作者简介:郑国刚（1962—）,男,湖北,副研究员,硕士,主要研究方向为网络安全|尹湘培（1982—）,男,湖南,硕士,主要研究方向为网络安全|王魁（1989—）,男,河北,本科,主要研究方向为网络安全|何坤鹏（1990—）,男,陕西,硕士,主要研究方向为网络安全

Design and Practice of Simulation Environment for Cyber Security Classified Protection Evaluation

ZHENG Guogang(), YIN Xiangpei, WANG Kui, HE Kunpeng

MPS Information Security Classified Protection Evaluation Center, Beijing 100142, China

Received:2020-08-15 Online:2020-11-10 Published:2020-12-31
Contact: ZHENG Guogang E-mail:guogangzheng@qq.com

摘要/Abstract

摘要：

文章详细介绍了一个以办公自动化系统为原型,涵盖等级保护二级、三级区域的模拟环境和等级测评实践活动。模拟环境中设计有办公自动化应用场景和安全防护场景,其中安全防护措施按照2019年颁布的《网络安全等级保护基本要求》进行设计部署,安全策略可以根据实践活动的需要进行配置。通过对模拟环境进行等级测评实操活动,可以了解等级测评现场技术测评的主要工作过程和安全分析方法,比较安全防护措施的效果,验证安全防护策略配置的重要性,同时通过模拟环境可以进一步研究并优化相关安全设计方案,验证安全设备部署、安全策略配置的有效性。

关键词: 等级保护测评, 信息系统模拟环境, 安全测评技术, 等级测评实践

Abstract:

This paper introduces in detail a simulation environment and a practical activity of classified protection evaluation in the area of security level 2 and level 3 with OA system as the prototype.In the simulation environment, there are office automation application scenarios and various security protection scenarios. The security protection measures adopted are designed and deployed according to the "Baseline for Classified Protection of Cybersecurity" issued in 2019. Security policies can be configured according to the needs of practical activities.Through simulation environment for classified evaluation practice activity, the main work process and security analysis method of the technical assessment of the classified evaluation site can be understood, the effect of security protection measures can be compared, and the importance of security protection policy configuration can be verified. At the same time, through the simulation environment, the related security design scheme can be further studied and optimized, and the effectiveness of security equipment deployment and security policy configuration can be verified.

Key words: classified protection evaluation, information system simulation environment, security evaluation technology, classified evaluation practice

中图分类号:

TP309

郑国刚, 尹湘培, 王魁, 何坤鹏. 等级保护测评模拟环境设计与实践[J]. 信息网络安全, 2020, 20(11): 15-21.

ZHENG Guogang, YIN Xiangpei, WANG Kui, HE Kunpeng. Design and Practice of Simulation Environment for Cyber Security Classified Protection Evaluation[J]. Netinfo Security, 2020, 20(11): 15-21.

图/表 3

参考文献 8

[1]	GB/T 25070-2019. Information Security Technology—Technical Requirements of Security Design for Classified Protection of Cybersecurity[S]. Beijing: Standards Press of China, 2019.
	GB/T 25070-2019.信息安全技术网络安全等级保护安全设计技术要求[S]. 北京: 中国标准出版社, 2019.
[2]	QU Jie, FAN Chunling, CHEN Guangyong, et al. Research on Establishment of Network Security Service Ability System for A New Era[J]. Netinfo Security, 2019,19(1):83-87.
[3]	NPC. Cybersecurity Law of the People’s Republic of China[EB/OL]. http://www.npc.gov.cn/npc/, 2016-11-7.
	全国人大. 中华人民共和国网络安全法[EB/OL]. http://www.npc.gov.cn/npc/, 2016-11-7.
[4]	JI Hui. Controlling Information System Risk by Information Security Service[J]. Netinfo Security, 2010,10(5):17-18.
[5]	GUO Qiquan. Training Course on Cybersecurity Law and Classified Protection of Cybersecurity[M]. Beijing: Publishing House of Electronics Industry, 2018.
	郭启全. 网络安全法与网络安全等级保护制度培训教程[M]. 北京: 电子工业出版社, 2018.
[6]	GB/T 22239-2008. Information Security Technology-Baseline for Classified Protection of Information System Security[S]. Beijing: Standards Press of China, 2008.
	GB/T 22239-2008.信息安全技术信息系统安全等级保护基本要求[S]. 北京: 中国标准出版社, 2008.
[7]	National Information Security Standardization Technical Committee. Information Security Technology—Baseline for Classified Protection of Cybersecurity(Draft)[EB/OL]. https://www.tc260.org.cn/, 2018-10-31.
	全国信息安全标准化技术委员会. 信息安全技术网络安全等级保护基本要求(征求意见稿)[EB/OL]. https://www.tc260.org.cn/, 2018-10-31.
[8]	National Information Security Standardization Technical Committee. Information Security Technology—Evaluation Requirement for Classified Protection of Cybersecurity(Draft)[EB/OL]. https://www.tc260.org.cn/, 2018-10-31.
	全国信息安全标准化技术委员会. 信息安全技术网络安全等级保护测评要求(征求意见稿)[EB/OL]. https://www.tc260.org.cn/, 2018-10-31.

等级保护测评模拟环境设计与实践

Design and Practice of Simulation Environment for Cyber Security Classified Protection Evaluation

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 3

参考文献 8

相关文章 6

编辑推荐

Metrics

本文评价

[1]	马力. 网络安全等级保护测评中测评结论的度量方法优化[J]. 信息网络安全, 2020, 20(5): 1-10.
[2]	赵继军;陈伟. 一种基于云安全模型的信息系统安全等级保护测评方法[J]. , 2013, 13(Z): 0-0.
[3]	夏拥军;杜文琦. 浅谈MAP2DR2安全模型在等级保护下的应用[J]. , 2013, 13(10): 0-0.
[4]	刘越男. 虚拟化技术在等保测评中的应用研究[J]. , 2012, 12(Z): 0-0.
[5]	李科. 服务器操作系统的测评方法[J]. , 2012, 12(Z): 0-0.
[6]	方舟;黄俊强;王希忠. 基于粗糙集神经网络的信息安全等保测评方法[J]. , 2012, 12(Z): 0-0.