Research on a New Scoring Algorithm of Testing and Evaluation for Classified Cybersecurity Protection

doi:10.3969/j.issn.1671-1122.2020.02.001

Abstract

Abstract:

The report template (2015 edition) gives the scoring algorithm of testing and evaluation for classified cybersecurity protection, however, there are some problems in this algorithm, such as the heavy workload of calculation and the result of calculation does not affect the evaluation conclusion. In this paper, aiming at the problem of scoring algorithm in 2015 edition report template, a new scoring algorithm of classified cybersecurity protection evaluation is proposed. The algorithm reduces the score range of coincidence degree of evaluation items, simplifies the calculation method of weighted score of evaluation items, greatly reduces the computational workload, and realizes the quantitative determination of evaluation conclusion. The experimental results show that the new scoring algorithm achieves a reasonable result in quantitative evaluation of information system, and effectively improves the accuracy and scientificity of evaluation conclusion.

Key words: classified cybersecurity protection, testing and evaluation for classified cybersecurity protection, scoring algorithm

CLC Number:

TP309

LI Shuilin, ZHU Guobang, FAN Chunling, CHEN Guangyong. Research on a New Scoring Algorithm of Testing and Evaluation for Classified Cybersecurity Protection[J]. Netinfo Security, 2020, 20(2): 1-6.

Figures/Tables 4

References 11

[1]	Cybersecurity Law of the People’s Republic of China[EB/OL]. , 2016-11-7.
	中华人民共和国网络安全法[EB/OL]. , 2016-11-7.
[2]	GUO Qiquan.Training Course on Cybersecurity Law and Classified Protection of Cybersecurity(2018 Edition)[M]. Beijing: Publishing House of Electronics Industry, 2018
	郭启全. 网络安全法与网络安全等级保护制度培训教程(2018版)[M].北京:电子工业出版社,2018.
[3]	ZHANG Yuxiang, TAO Yuan.Construction of Critical Information Infrastructure Protection System Based on Classified Protection and Trusted Computing[J]. Journal of Information Security Research, 2017, 3(4): 375-381.
	张宇翔,陶源.基于等级保护与可信计算构建我国关键信息基础设施保障体系[J]. 信息安全研究,2017,3(4):375-381.
[4]	ZHANG Peng, XIE Xiaoyao.Determination of Safety Conclusion in Evaluating Information System Based on Cloud Model[J]. Journal of Wuhan Universit(Natural Science Edition), 2014, 60(5): 429-433.
	张鹏,谢晓尧.基于云模型的信息系统测评安全结论判定[J]. 武汉大学学报(理学版),2014,60(5):429-433.
[5]	WANG Tian, XU Hui, WEI Lihao, et al.Risk Quantified Evaluation Method and Platform Design for Graded Protection[J]. Computer Engineering and Design, 2012, 33(5): 1761-1766.
	王甜,徐晖,魏理豪,等.量化风险的等级保护测评方法及平台设计[J]. 计算机工程与设计,2012,33(5):1761-1766.
[6]	TANG Yongli, XU Guoai, NIU Xinxin, et al.Information Security Management Measurement Model Based on AHP[J]. Journal of Liaoning Technical University (Natural Science Edition), 2008, 27(4): 575-578.
	汤永利,徐国爱,钮心忻,等.基于AHP的信息安全管理测量模型[J]. 辽宁工程技术大学学报(自然科学版),2008,27(4):575-578.
[7]	DENG Yong, SHI Huawang.A Grey Model for Evaluation of Information Systems Security[J]. Journal of Computers, 2012, 7(1): 284-291.
[8]	YAN Qiang, CHEN Zhong, DUAN Yunsuo, et al.Information System Security Metrics and Evaluation Model[J]. ACTA Electronica Sinica, 2003, 31(9): 1351-1355.
	闫强,陈钟,段云所,等.信息系统安全度量与评估模型[J]. 电子学报,2003,31(9):1351-1355.
[9]	XU Yang, XIE Xiaoyao.Quantification Model of Testing and Evaluation for Classified Protection of Information System Security[M]. Wuhan: Wuhan University Press, 2017.
	徐洋,谢晓尧.信息安全等级保护测评量化模型[M].武汉:武汉大学出版社,2017.
[10]	GB/T 28448-2019B/T 28448-2019. Information Security Technology—Evaluation Requirement for Classified Protection of Cybersecurity[S]. Beijing: Standards Press of China, 2019.
	GB/T 28448-2019B/T 28448-2019.信息安全技术网络安全等级保护测评要求[S].北京:中国标准出版社,2019.
[11]	GB/T 22239-2019B/T 22239-2019. Information Security Technology—Baseline for Classified Protection of Cybersecurity[S]. Beijing: Standards Press of China, 2019.
	GB/T 22239-2019B/T 22239-2019.信息安全技术网络安全等级保护基本要求[S].北京:中国标准出版社,2019.

测评结论	判别依据
优	被测信息系统综合得分90分以上（含90分）
良	被测信息系统综合得分80分以上（含80分）
中	被测信息系统综合得分70分以上（含70分）
差	被测信息系统综合得分低于70分

类别	总测评项	安全通信网络		安全计算环境		综合得分
类别	总测评项	不符合	部分符合	不符合	部分符合	综合得分
场景1	211	0	0	4	6	97.91
场景2	211	0	0	10	10	95.70
场景3	211	0	0	16	14	93.58
场景4	517	0	0	190	140	92.60
场景5	211	2	2	16	14	89.89