期刊文献+

欧美电子政务云服务安全管理框架及其启示 被引量:8

EU and US's Security Frameworks for Governmental Clouds and Their Implications
下载PDF
导出
摘要 如何证明和确保云服务的安全性是当前电子政务建设中的重要问题。本文试图总结欧美政府采购云服务的安全管理经验,为我国构建政府采购电子政务云服务的安全管理框架提供参考。本文主要使用了文献研究法。通过对已有文献及公开资料的分析,先是分别对美国和欧盟的政务云服务安全管理框架进行研究剖析,然后在针对性和系统性的整合对比研究的基础上,得出对我国政务云安全管理工作的启示。分析发现,欧美的安全管理框架在流程与内容上略有区别,但各有优劣。本文综合考虑美国的评估认证机制和欧盟ENISA的流程控制思想,在我国现有相关信息安全管理政策及标准的基础上,提出了4点启示:统一规划,政府引导;需求导向,全程控制;动态开放,互联互通;健全制度,保障安全。 How to prove and ensure the security of governmental clouds is an important issue in the current e-government construction.This paper attempted to analyse the security frameworks for governmental clouds in Europe and the United States to provide help for the construction of e-government cloud services in China.This article mainly used the literature research method.Through the analysis of literature and publicly available data,this paper first analyzed the security frameworks for governmental clouds of the United States and the European Union,and then on the basis of targeted and systematic integration and comparison research,it concluded implications for China s governmental clouds safety management.The analysis found that the safety management frameworks in Europe and the United States were slightly different in terms of process and content,but also had advantages and disadvantages.This paper comprehensively considered the SAF of FedRAMP and SFGC of ENISA.Based on the existing related information security management policies and standards in China,this paper proposed four implications:unified planning,government guidance;demand-oriented,full control;dynamic open,interconnected;improve the system and ensure safety.
作者 刘彬芳 刘越男 钟端洋 Liu Binfang;Liu Yuenan;Zhong Duanyang(Information Resource Management School,Renmin University of China,Beijing 100872,China;Phyten Technology Co.,Ltd.,Beijing 100872,China)
出处 《现代情报》 CSSCI 2018年第10期32-37,共6页 Journal of Modern Information
基金 国家社会科学基金重大项目"大数据环境下政务信息资源归档和管理研究"(项目编号:17ZDA293)
关键词 美国 欧盟 电子政务 云服务 安全管理框架 政务云 the United Sates European Union e-government cloud service security management framework governmental cloud
  • 相关文献

参考文献8

二级参考文献42

  • 1柳琰,范伟,黄伟庆.国外政府电子政务云应用探析[J].保密科学技术,2012(4):16-19. 被引量:11
  • 2MITRE.The Cloud Computing Series[EB/OL].[2010-05-18] http://www, mitre, org/work/info_tech/cloud_comput ing t echnica I_paper s/index, htm l.
  • 3CIO Council. State of Public Sector Cloud Computing[S/ OL]. (2010-03-20)[ 2011-05-18]. http://www, info. apps. gov/sites/default/f iles/StateOfCIoudComput ingRepor t- FINALv3_508. pdf.
  • 4NIST.The NIST Definition of Cloud Computing (Draft)= Recommendations of the National Institute of Standards and Technology[S/OL]. 2010[2011 -O5-18]. http://csrc, hist.gov/publ icat ions/draft s/800-145/Draft-SP-800-145_cloud- definition.pdf.
  • 5NIST. Information Security:Guide for Applying the Risk Management Framework to Federal Information Systems[S/ OL]. 201012011-05-18]. http://csrc.nist.gov/publica- t i ons/nist pubs/800-37-rev 1/sp800-37-r ev 1 -final. pdf.
  • 6NIST.Guidetines on Security and Privacy in Public Cloud Computing[S/OL]. 201112011-05-18]. http=//csrc, hist. gov/publ icat ions/draft s/800-144/Draft-SP-800-144 cloud- computing, pdf.
  • 7NIST. Welcome to the NIST Cloud Computing Collaboration Site[EB/OL]. [2011-05-18]. http=//collaborate, nist. gov/ t wik i-cloud-comput ing/bin/view/CloudComput ing/ WebHome.
  • 8GSA. Cloud Resources[EB/OL]. [2011-05-18]. http=//www. info. apps. gov/content/cloud-r esour ces.
  • 9Mell P, Grance T. Draft NIST Working Definition of Cloud Computing[S/OL]. [2011-05-18]. http://www, info. apps. gov/sites/default/files/NIST_Cloud_Definit ion. doc.
  • 10Department of Homeland Security. Cloud Computing from the Security Perspective= A Primer for Federal IT Managers[S/ OL]. [2011-05-18]. http=//www, info. apps. gov/sites/ defau It/files/C Ioud_Comput ing_Secur ity_Perspect ive. doc.

共引文献58

同被引文献105

引证文献8

二级引证文献34

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部