论文信息 - A study on e-Taiwan information system security classification and implementation

A study on e-Taiwan information system security classification and implementation

Information systems of Cyberspace offer attractive targets. They should be resistant to such as Active Attack, Passive Attack, Insider Attack, Close-in Attack, and Distribution Attack from the full range of threat-agents - from hackers to nation states - and they must limit damage and recover rapidly when attacks do occur. According to Common Criteria (CC), Information Security Management System (ISMS) and the international standards of Information System Security (ISO/IEC 15408, ISO/IEC 17799, and ISO/IEC TR 19791) as well as the other international standards and guidelines such as the framework of Defense-in-Depth promoted by the U.S., in this paper we propose a new framework of information system security classification for e-Taiwan to reach the vision ''information and communication network resources can be fully used in an obstacle free and secure environment by year 2008.''

[1] Kwo-Jean Farn,et al. A study on information security management system evaluation - assets, threat and vulnerability , 2004, Comput. Stand. Interfaces.

[2] Thomas Peltier,et al. Information Technology: Code of Practice for Information Security Management , 2001 .

[3] 日本規格協会. 情報技術 : 情報セキュリティ管理実施基準 : 国際規格 : ISO/IEC 17799 = Information technology : code of practice for infromation security management : international standard : ISO/IEC 17799 , 2000 .

[4] Marianne M. Swanson,et al. Standards for Security Categorization of Federal Information and Information Systems , 2004 .