摘要
如何证明和确保云服务的安全性是当前电子政务建设中的重要问题。本文试图总结欧美政府采购云服务的安全管理经验,为我国构建政府采购电子政务云服务的安全管理框架提供参考。本文主要使用了文献研究法。通过对已有文献及公开资料的分析,先是分别对美国和欧盟的政务云服务安全管理框架进行研究剖析,然后在针对性和系统性的整合对比研究的基础上,得出对我国政务云安全管理工作的启示。分析发现,欧美的安全管理框架在流程与内容上略有区别,但各有优劣。本文综合考虑美国的评估认证机制和欧盟ENISA的流程控制思想,在我国现有相关信息安全管理政策及标准的基础上,提出了4点启示:统一规划,政府引导;需求导向,全程控制;动态开放,互联互通;健全制度,保障安全。
How to prove and ensure the security of governmental clouds is an important issue in the current e-government construction.This paper attempted to analyse the security frameworks for governmental clouds in Europe and the United States to provide help for the construction of e-government cloud services in China.This article mainly used the literature research method.Through the analysis of literature and publicly available data,this paper first analyzed the security frameworks for governmental clouds of the United States and the European Union,and then on the basis of targeted and systematic integration and comparison research,it concluded implications for China s governmental clouds safety management.The analysis found that the safety management frameworks in Europe and the United States were slightly different in terms of process and content,but also had advantages and disadvantages.This paper comprehensively considered the SAF of FedRAMP and SFGC of ENISA.Based on the existing related information security management policies and standards in China,this paper proposed four implications:unified planning,government guidance;demand-oriented,full control;dynamic open,interconnected;improve the system and ensure safety.
作者
刘彬芳
刘越男
钟端洋
Liu Binfang;Liu Yuenan;Zhong Duanyang(Information Resource Management School,Renmin University of China,Beijing 100872,China;Phyten Technology Co.,Ltd.,Beijing 100872,China)
出处
《现代情报》
CSSCI
2018年第10期32-37,共6页
Journal of Modern Information
基金
国家社会科学基金重大项目"大数据环境下政务信息资源归档和管理研究"(项目编号:17ZDA293)
关键词
美国
欧盟
电子政务
云服务
安全管理框架
政务云
the United Sates
European Union
e-government
cloud service
security management framework
governmental cloud