GOST R 54583-2011 Information technology Security techniques Aframework for IT security assurance Part 3 Analysis of assurance methods《信息技术 安全技术 IT安全保障框架 第3部分 保障方法的分析》.pdf

1、 3 ISO/IEC TR 15443-3:2007Information technology Security techniques A framework for IT security assurance Part 3: Analysis of assurance methods(IDT) 545832011/ISO/IEC/TR15443-3:2007 27 2002 . 184- , 1.02004 . 1 - ( ), ( ) - , 42 -362 3 1 2011 . 691-4 ISO/IEC TR 15443-3:2007 - . . . 3. (ISO/IEC TR 1

2、5443-3:2007 (Information technology Securitytechniques A framework for IT security assurance Part 3: Analysis of assurance methods)5 - , - . () . - , , 2013 , - - II 5458320111 11.1 11.2 11.3 .11.4 .12 13 .34 .34.1 .34.2 64.3 104.4 115 , 115.1 125.2 135.3 .145.4 .156 196.1 () .206.2 () .206.3 () 23

3、) 27 B () 29 C () 41 D () .43 () 45 49 545832011III / 15443 - - ( ) , . / 15443 , , , ./ 15443 :- ;- , ;- , ;- ;- , ;- ;- , ./ 15443 :- 1. ; - . 2 3/ 15443. 1 , , - , , 9000,SSE-CMM (/ 21827), / 15408-3 -;- 2. ; - 1. - . ;- 3. ; . (), ()() , . - - . , . / 15443 , - ; , / 15443, - . / 15443 , (CASCO

4、) - (, 2 /), / 15443 - .IV 545832011 3 Information technology. Security techniques.A framework for IT security assurance. Part 3. Analysis of assurance methods 201212011 1.1 - .1.2 / .1.3 , , , .1.4 , , - . , , - , , / 15443-2 .2 / 15443-1 / 15443-2, .2.1 (assets): , .2.2 (assessment): , - ; -.ISO/I

5、EC 14598-1.1 5458320112.3 (assessment method): - .2.4 (assurance authority): , (, , , , ), - , . .2.5 (assurance administrator): , () , .2.6 (assurance goal): , .2.7 (assurance concern): , - . , .2.8 (deliverable): , , -, ( , ) -.1 / 15408-1, () - ().2 9000 , 9000 / .3 9000 - / 15443.2.9 (environmen

6、t): , ( , ), (-, , ). , .2.10 (information security managementsystem; ISMS); : , - , , , , , - ./ 27001:20052.11 (method): - .2.12 (metric): , -.2.13 (process capability): - .2.14 (product): , , .1 / 15443 9000 / 15443 - .2 .2.15 (residual risk): , .2.16 (risk assessment): . 3.3.1, 73: 2002 /2 54583

7、20111 .2 , .2.17 (risk treatment): .2.18 (security): , , - , , , , .2.19 (security objective): - / -./ 15408-1:2005, 2.422.20 (security policy): , , - .2.21 (stage): , . / 15288.3 / 15443-1,/ 15443-2, :COBIT , ISACA;ISACA ;ISSEA ; (IA) ; (DA) ; (OA) ; (ST) .4 - . , . , / 15443-1, / 15443-2, . , . , - -.