| 网络安全法体系中关键信息基础设施边界识别 |
| |
| 引用本文: | 吴才毓.网络安全法体系中关键信息基础设施边界识别[J].政法学刊,2021(1):102-109. |
| |
| 作者姓名: | 吴才毓 |
| |
| 作者单位: | 中国人民公安大学法学院 |
| |
| 基金项目: | 2020年中央高校基本科研业务经费项目“网络安全法语境中关键信息基础设施识别研究”(2020JKF-321);2020年中国人民公安大学学习贯彻十九届四中全会精神专项研究课题“网络空间安全背景下数据权属问题研究”(2020SZQH04)。 |
| |
| 摘 要: | 为贯彻公安部《贯彻落实网络安全等级保护制度和关键信息基础设施安全保护制度的指导意见》,关键信息基础设施保护应当从基于对象的保护、基于后果的保护转变为基于过程的保护,区别关键信息基础设施的识别与认定两个阶段。在识别中,考虑互为依赖的类型、运行状态、耦合程度、基础结构特征、故障类型、反应模式等识别因素,在工程上基于过程评价,评价过程中应当根据资产的重要性进行赋值,以威胁发生概率、威胁属性对威胁进行赋值,根据各类型相互依赖关系在工程学上计算脆弱性,以风险管理的角度计算、评估风险概率以及风险所可能导致的损失。关键信息基础设施保护本质上是需要公私部门合作解决、国际合作治理的公共安全与应急管理问题。各国在关键信息基础设施的概念界定上应当采用法规与工程计算相结合的灵活认定模式,以包容可替代性、可恢复性的弹性安全为理念,制定关键信息基础设施安全保护标准规范。
|
| 关 键 词: | 关键信息基础设施 脆弱性 可替代 互为依赖 弹性安全 |
Boundary Identification of Key Information Infrastructure in Network Security Law System |
| |
| Wu Cai-yu.Boundary Identification of Key Information Infrastructure in Network Security Law System[J].Journal of Political Science and Law,2021(1):102-109. |
| |
| Authors: | Wu Cai-yu |
| |
| Affiliation: | (School of Law,People’s Public Security University of China,Beijing 100038,China) |
| |
| Abstract: | In order to implement the Guidance of the Ministry of Public Security on the Implementation of the Network Security Level Protection System and the Key Information Infrastructure Security Protection System,the protection of key information infrastructure should be changed from object-based protection and consequence-based protection to process-based protection,distinguishing between the two stages of identification and determination of key information infrastructure.The type of mutual dependence,operation state,coupling degree,infrastructure characteristics,fault type,response mode and other recognition factors shall be considered.Based on process evaluation in engineering,the evaluation process shall be based on the importance of assets,and the threat shall be assigned with probability and attribute of threat occurrence,calculates vulnerability in engineering according to the interdependence of various types from the perspective of risk management,and evaluates risk probability and possible losses caused by risk.In essence,the protection of key information infrastructure is a public security and emergency management issue that requires publicprivate cooperation and international cooperative governance.Countries should adopt the flexible identification mode of combination of laws and engineering calculation in defining the concept of critical information infrastructure,and formulate the security protection standards and specifications of critical information infrastructure based on the concept of flexible security that includes substitutability and recoverability. |
| |
| Keywords: | Key Information Infrastructure Vulnerability Substitutability Interdependence Elastic Security |
| 本文献已被 维普 等数据库收录! |
|
