摘要
为提高铁路场景下网络安全等级保护(简称:等级保护)测评工作高风险判定的科学性,使整改工作有据可循,文章分析国家法律法规、等级保护2.0标准体系和铁路网络安全相关管理办法,结合铁路特定场景下等级保护测评中发现的典型安全问题开展研究,提出更适用于铁路行业的高风险判定依据和高风险预警机制。在铁路实际场景中的应用表明,该机制有利于督促铁路高风险问题的整改,支撑铁路网络安全等级保护工作可持续发展新战略。
In order to improve the scientificity of high-risk assessment of classified protection of cybersecurity in railway scenarios,and provide evidence for rectification work,this paper analyzed national laws and regulations,classified protection 2.0 of cybersecurity standard system,and railway network security related management methods,and conducted research on typical security issues found in classified protection of cybersecurity assessment in specific railway scenarios,proposed more suitable high-risk judgment criteria and high-risk early warning mechanisms for the railway industry.The application in practical railway scenarios shows that this mechanism is conducive to urging the rectification of high-risk railway issues and supporting the sustainable development of new strategies for railway classified protection of cybersecurity.
作者
贺晓聪
朱广劼
周泽岩
HE Xiaocong;ZHU Guangjie;ZHOU Zeyan(Institute of Computing Technologies,China Academy of Railway Sciences Corporation Limited,Beijing 100081,China)
出处
《铁路计算机应用》
2023年第11期34-38,共5页
Railway Computer Application
基金
中国国家铁路集团有限公司科技开发计划(P2022S007)。
关键词
网络安全
等级保护
风险判定
风险预警
常态化管理
network security
classified protection
risk assessment
risk early warning
normalized management
作者简介
贺晓聪,工程师;朱广劼,正高级工程师。
