论文标题:CC标准及相关风险评估系统关键技术研究
Study on CC Criteria and Key Technologies Correlative to Risk Assessment System
论文作者 洪宏
论文导师 胡予濮,论文学位 硕士,论文专业 密码学
论文单位 西安电子科技大学,点击次数 407,论文页数 67页File Size4817k
2004-01-01论文网 http://www.lw23.com/lunwen_72944302/ 信息安全;风险评估;评估标准;CC
Information Security;Risk Assessment;Evaluation Criteria;CC
随着网络技术的迅速发展,信息借助于网络快速的传播,信息的安全性也因此受到来自多方面的威胁。风险评估作为信息安全这项工程的基础和前提,随信息安全一并逐渐成为人们所关注的焦点和研究的课题。本文以基于CC标准的风险评估系统的设计和开发课题为背景,首先对信息安全及风险评估的相关概念及现状做了介绍,其次详细的阐述了风险评估概念及两个重要组成——标准体系以及评估的过程和方法,然后总结了评估系统在设计时所涉及到的课题前期理论研究成果包括CC评估标准以及CC评估过程和方法等内容,特别是对CC标准的核心思想、CC标准的具体应用、CC评估过程三个阶段的工作以及CC标准的伴随文档CEM作为评估方法依据在执行评估阶段的具体应用等方面做了深入研究和详细论述,并指出这些理论依据当前存在的不足,本文最后以前面的理论研究成果为依据,阐述了CC评估系统的组成部分以及总体的设计方案,并对已完成的实现部分做了介绍。
With the fast development of network technology, information spread quickly in the network, Information security is faced by threatens from many outside aspects. Risk assessment acts as the basis and premise in information security. Together with information security, risk assessment becomes the focus and one of the task studies in this security area. This thesis based on the task study deals with design and realization of CC criteria security risk assessment system first presents the concepts and statuses of information security and risk assessment. It then expounds risk assessment"s two main parts, criteria and process & methods. And it discusses deeply in the theory research results of the task prophase include CC criteria and CC evaluation process & methods, especially in CC"s main idea, the applications of CC, work of the three phases in CC evaluation process and the applications of the CEM documents together with CC in evaluation phase used in this security risk assessment system. The paper also points out the shortcomings of the theory bases. At last it uses the above theory research results in introducing the parts & the whole design and the realization parts of the security risk assessment system.
|
