DB32/T 3421-2018 基础地理信息系统安全风险评估规范
简介
DB32/T 3421-2018
基础地理信息系统安全风险评估规范
Risk assessment specification for fundamental geographic information systems
2018-07-10实施
2018-06-25发布 目 次 前言 ................................................................................ 1 引言 ...............................................................................1 1 范围 ............................................................................... 1 2 规范性引用文件 ..................................................................... 1 3 术语、定义和缩略语 ................................................................. 1 4 风险评估的原则 ..................................................................... 2 5 风险评估的流程与评估周期 ........................................................... 2 5.1 风险评估流程 ................................................................... 2 5.2 风险评估周期 ................................................................... 3 6 风险评估形式与方法 ................................................................. 4 6.1 风险评估形式 ................................................................... 4 6.2 风险评估方法 ................................................................... 5 7 风险评估准备 ....................................................................... 5 7.1 基本要求 ....................................................................... 5 7.2 确定评估目标 ................................................................... 5 7.3 确定评估范围 ................................................................... 6 7.4 组建评估团队 ................................................................... 6 7.5 组织系统调研 ................................................................... 6 7.6 确定评估依据 ................................................................... 6 7.7 制定评估方案 ................................................................... 6 7.8 召开启动会议 ................................................................... 7 8 风险评估实施 ....................................................................... 7 8.1 资产识别 ....................................................................... 7 8.2 威胁识别 ....................................................................... 8 8.3 脆弱性识别 .................................................................... 10 9 风险分析 .......................................................................... 16 9.1 风险计算 ...................................................................... 16 9.2 风险结果判定 .................................................................. 16 10 风险评估报告 ..................................................................... 17 附录 A (资料性附录) 现场访谈问题记录表............................................. 19 附录 B (资料性附录) 风险要素关系与评估团队组成..................................... 21 附录 C (规范性附录) 风险评估要求................................................... 24 附录 D (规范性附录) 脆弱性核查表................................................... 28 参考文献 ............................................................................ 32 本标准按照GB/T 1.1-2009给出的规则起草。 本标准由江苏省测绘地理信息局提出并归口。
DB32/T 3421-2018
基础地理信息系统安全风险评估规范
Risk assessment specification for fundamental geographic information systems
2018-07-10实施
2018-06-25发布 目 次 前言 ................................................................................ 1 引言 ...............................................................................1 1 范围 ............................................................................... 1 2 规范性引用文件 ..................................................................... 1 3 术语、定义和缩略语 ................................................................. 1 4 风险评估的原则 ..................................................................... 2 5 风险评估的流程与评估周期 ........................................................... 2 5.1 风险评估流程 ................................................................... 2 5.2 风险评估周期 ................................................................... 3 6 风险评估形式与方法 ................................................................. 4 6.1 风险评估形式 ................................................................... 4 6.2 风险评估方法 ................................................................... 5 7 风险评估准备 ....................................................................... 5 7.1 基本要求 ....................................................................... 5 7.2 确定评估目标 ................................................................... 5 7.3 确定评估范围 ................................................................... 6 7.4 组建评估团队 ................................................................... 6 7.5 组织系统调研 ................................................................... 6 7.6 确定评估依据 ................................................................... 6 7.7 制定评估方案 ................................................................... 6 7.8 召开启动会议 ................................................................... 7 8 风险评估实施 ....................................................................... 7 8.1 资产识别 ....................................................................... 7 8.2 威胁识别 ....................................................................... 8 8.3 脆弱性识别 .................................................................... 10 9 风险分析 .......................................................................... 16 9.1 风险计算 ...................................................................... 16 9.2 风险结果判定 .................................................................. 16 10 风险评估报告 ..................................................................... 17 附录 A (资料性附录) 现场访谈问题记录表............................................. 19 附录 B (资料性附录) 风险要素关系与评估团队组成..................................... 21 附录 C (规范性附录) 风险评估要求................................................... 24 附录 D (规范性附录) 脆弱性核查表................................................... 28 参考文献 ............................................................................ 32 本标准按照GB/T 1.1-2009给出的规则起草。 本标准由江苏省测绘地理信息局提出并归口。
推荐下载
精品资源合集一键下载