IATF_中文版

UNCLASSIFIED Appendix C IATF Release 3.1 September 2002 09/00 UNCLASSIFIED Page 1 of 785 C-1 第一章前言...................................................................................................... 27 1．1目的 ............................................................................................................................... ..27 1．2预期读者 .........................................................................................................................27 1．3背景情况 .........................................................................................................................28 1.3.1确定的信息基础设施 .........................................................................................28 1.3.2信息和信息基础设施分类 ................................................................................29 1.3.3边界和信息基础设施 .........................................................................................31 1.3.4信息保障框架范围 .............................................................................................32 1.3.5计算机威胁的实质 .............................................................................................38 1．4纵深防御 .........................................................................................................................41 1．4．1纵深防御与 IATF...........................................................................................42 1．5《信息保障技术框架》的结构 ......................................................................................43 第二章纵深防御 ................................................................................................... 45 2.1介绍和关系图表 ................................................................................................................45 1.1用户环境的实例 ....................................................................................................45 2.1.1．1联邦计算环境 .......................................................................................45 2.1.1.2国防部（ DoD）计算环境 ......................................................................47 2.2 对手、动机和攻击的分类 ...............................................................................................48 2．3人、技术、运行 .............................................................................................................51 2．3．1人.....................................................................................................................52 2．3．2技术 ................................................................................................................53 2．3．3运行 ................................................................................................................54 2．4纵深防御目标概揽 .........................................................................................................55 2．5附加资源 .........................................................................................................................60 第三章信息系统安全工程 ................................................................................... 61 3.1简介 ............................................................................................................................... .....61 3.2原理 ............................................................................................................................... .....64 3.3过程 ............................................................................................................................... .....65 3．3．1发掘信息保护需求 ......................................................................................65 3．3．2确定系统安全要求 ......................................................................................68 UNCLASSIFIED Appendix C IATF Release 3.1 September 2002 09/00 UNCLASSIFIED Page 2 of 785 C-2 3．3．3设计系统安全体系结构 ..............................................................................70 3．3．4开发详细安全设计 ..................................................................................