| 基于压电式理论的网络安全事件应急响应体系:美国的实践启示 |
| |
| 引用本文: | 刘晨晖,王能民.基于压电式理论的网络安全事件应急响应体系:美国的实践启示[J].情报杂志,2021(3):112-117,31. |
| |
| 作者姓名: | 刘晨晖 王能民 |
| |
| 作者单位: | 西安交通大学管理学院;过程控制与效率工程教育部重点实验室;陕西省制造服务业过程挖掘工程研究中心 |
| |
| 基金项目: | 国家自然科学基金重点项目“企业绿色增长模式与价值链重构研究”(编号:71732006)研究成果之一。 |
| |
| 摘 要: | 目的/意义]通过构建压电式网络安全事件应急响应体系,为我国企业的应急响应管理提供理论基础和实践参考。方法/过程]对美国司法部发布的《网络安全事件受害者响应与报告的最佳实践》进行文本分析,从事前、事中和事后三个阶段解读了美国的应急响应实践经验,并结合压电式理论中变化事件、态势感知与关键性对齐的视角,构建了适用中国企业的应急响应体系。结果/结论]基于美国联邦调查员、检察官以及美国企业在处理网络安全事件的经验总结,提出了一套清单式的响应方案,其中蕴含的全过程管理与关键性对齐的响应策略为我国企业提供了借鉴与参考。
|
| 关 键 词: | 压电式理论 网络安全 应急响应 关键性对齐 美国 |
A Cyber Security Incident Response System Based on Piezoelectric Theory--The Practice in the United States and Its Implications |
| |
| Liu Chenhui,Wang Nengmin.A Cyber Security Incident Response System Based on Piezoelectric Theory--The Practice in the United States and Its Implications[J].Journal of Information,2021(3):112-117,31. |
| |
| Authors: | Liu Chenhui Wang Nengmin |
| |
| Institution: | (School of Management, Xi'an Jiaotong University, Xi'an 710049;The Key Lab of the Ministry of Education for Process Control & Efficiency Engineering,Xi'an 710049;ERC for Process Mining of Manufacturing Services in Shaanxi Province, Xi'an 710049) |
| |
| Abstract: | Purpose/Significance]By constructing the cyber security incident response system based on piezoelectric theory,this paper provides the theoretical foundation and practical suggestions for Chinese enterprises'incident response management.Method/Process]Based on the text analysis of Best Practices for Victim Response and Reporting of Cyber Incidents issued by the US Department of Justice,this paper interprets the practical experience of incident response in the United States from the perspective of three stages(pre-event,in-event and post-event),and constructs cyber security incident response system from the perspective of changing events,situational awareness and critical alignment in piezoelectric theory,which is applicable to Chinese enterprises.Result/Conclusion]Based on the practical experience of the US federal investigators,prosecutors,and US enterprises in dealing with cyber security incidents,this study puts forward a checklist of the incident response plan,in which the whole-process management and the response strategy of critical alignment provide valuable references for Chinese enterprises. |
| |
| Keywords: | piezoelectric theory cyber security incident response critical alignment the United States |
| 本文献已被 维普 等数据库收录! |
|
