•  
  •  
 

Bulletin of Chinese Academy of Sciences (Chinese Version)

Keywords

security situation, talent certification, network security insurance, cyber range, public testing

Document Type

Build and Strengthen China`s Information Tech-system

Abstract

Cyberspace security has been an important part in ensuring economic development and supporting the progress of modern science and technology. As more and more applications are relying on information technology (IT), it becomes very important to improve the security situation of cyberspace. How to take effective measures to practically improve the cyberspace security situation has become the core problem disscussed in this paper. This paper addresses it from the perspectives of "talent, finance and infrastructure". First, on the premise of insufficient supply of cyberspace security talents, this paper proposes to establish the ability certification of talents transferred from other IT fields, in order to provide cyberspace security talents in many subdivided fields. Second, this paper proposes to solve the financial cost control problem under the determined cyberspace security situation through network security insurance, so as to improve the risk control level of enterprises, reduce the cost of social response to cyberspace security, establish the benchmark of response ability, and provide capability endorsement for security products. Third, this paper proposes to improve the anti-attack capability of IT products through the cyber range infrastructure with the "external attack internal" mode, which builds a shadow system to withstand continuous public testing, so as to strengthen the anti-attack capability of the corresponding system. Through the above three ways, the cyberspace security situation can be greatly improved.

First page

53

Last Page

59

Language

Chinese

Publisher

Bulletin of Chinese Academy of Sciences

References

1 王惠莅, 王秉政, 杨杰. 网络安全人才标准化研究. 信息安全研究, 2021, 7(6):520-526. Wang H L, Wang B Z, Yang J. Research on standardization of cybersecurity workforce. Journal of Information Security Research, 2021, 7(6):520-526. (in Chinese) 2 王新雷, 王玥. 网络安全保险的策略分析——以网络安全保险的生命流程为研究架构. 情报杂志, 2017, 36(11):34-40. Wang X L, Wang Y. Strategic analysis of cyber security risk insurance:Based on the research structure of cyber insurance life process. Journal of Intelligence, 2017, 36(11):34-40. (in Chinese) 3 李晓勇, 左晓栋. 信息安全的等级保护体系. 信息网络安全, 2004, (1):18-20. Li X Y, Zuo X D. The hierarchical protection system of information security. Netinfo Security, 2004, (1):18-20. (in Chinese) 4 顾建强, 梅姝娥, 仲伟俊. 基于网络安全保险的信息系统安全投资激励机制. 系统工程理论与实践, 2015, 35(4):1057-1062. Gu J Q, Mei S E, Zhong W J. Cyber insurance as an incentive for information system security. Systems Engineering-Theory & Practice, 2015, (4):1057-1062. (in Chinese) 5 贾焰, 方滨兴. 网络安全态势感知. 北京:电子工业出版社, 2020. Jia Y, Fang B X. Network Security Situation Awareness. Beijing:Publishing House of Electronics Industry, 2020. (in Chinese) 6 Batty M. Digital Twins. (2018-09-10)[2021-11-14]. https://doi.org/10.1177/2399808318796416. 7 方滨兴, 贾焰, 李爱平, 等. 网络空间靶场技术研究. 信息安全学报, 2016, 1(3):1-9. Fang B X, Jia Y, Li A P, et al. Cyber Ranges:State-of-the-art and research challenges. Journal of Cyber Security, 2016, 1(3):1-9. (in Chinese) 8 Dubey S. An Introduction to Cybersecurity, Capture the Flag Contests, and Basic Security Concepts. (2020-04-17)[2021-11-14]. https://www.siddcodes.com/introduction-tocybersecurity/. 9 刘小虎, 张玉臣, 张恒巍, 等. 美国国防部网络安全众测的做法、成果及启示. 国防科技, 2019, 40(3):38-40. Liu X H, Zhang Y C, Zhang H W, et al. The Practice, achievements and enlightenment of bug bounty programs of the US Department of Defense. National Defense Technology, 2019, 40(3):38-40. (in Chinese)

Download
Request a Copy

Share

COinS