文档介绍:观势、论则、取实——网络信息安全的趋势、原则和实践
潘柱廷
启明星辰首席战略官
中国计算机学会理事
2010年11月2日
内容简介
观势
国内外网络信息安全趋势介绍
观察我们的现状和目标
论则
提炼和把握信息安全中不变的原则
建立原则之间的关系和框架
取实
把思路变成最佳实践
关注结果及其度量
得到高层重视的两件事
奥巴马政府的报告
IBM提出智慧地球
奥巴马报告要点观察
明确Cyberspace网际空间
陆、海、空、太空、网际等五大空间并列
突出讲问题、威胁
强调政治、军事、经济、外交等手段共同协调
划定关键基础设施
电信、金融、电力、联邦政务
总统直辖的负责人和办公室
近期和中期行动计划
近期行动计划
1. Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities; establish a strong NSC directorate, under the direction of the cybersecurity policy official dual-hatted to the NSC and the NEC, to coordinate interagency development of cybersecurity-related strategy and policy.
2. Prepare for the President’s approval an updated national strategy to secure the information munications infrastructure. This strategy should include continued evaluation CI activities and, where appropriate, build on its esses.
3. Designate cybersecurity as one of the President’s key management priorities and establish performance metrics.
4. Designate a privacy and civil liberties official to the NSC cybersecurity directorate.
5. Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priority cybersecurity-related issues identified during the policy-development process and formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurity-related activities across the Federal government.
近期行动计划
6. Initiate a national public awareness and education campaign to promote cybersecurity.
7. Develop . Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.
8. Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and prov