英语翻译1(计算机类)拒绝在线翻译Keywords Information Security, modeling, measurement, policy and mechanisms, validation, verification.1. INTRODUCTION It is widely recognized that metrics are important to information security becau
来源:学生作业帮助网 编辑:六六作业网 时间:2024/11/24 07:35:07
英语翻译1(计算机类)拒绝在线翻译Keywords Information Security, modeling, measurement, policy and mechanisms, validation, verification.1. INTRODUCTION It is widely recognized that metrics are important to information security becau
英语翻译1(计算机类)拒绝在线翻译
Keywords
Information Security, modeling, measurement, policy and
mechanisms, validation, verification.
1. INTRODUCTION
It is widely recognized that metrics are important to information security because we cannot measure the success of security policy, mechanism, or implementations without security metrics. Metrics can be an effective tool for information security professionals to measure the security strength and levels of theirsystems, products, processes, and readiness to address securityissues they are facing. Metrics can also help identify system vulnerabilities, providing guidance in prioritizing corrective actions, and raising the level of security awareness within the organization. With the knowledge of security metrics, an information security professional can answer typical questions like “Are we secure?” and “How secure are we?” in a formal and persuadable manner. For federal agencies, a number of existing laws, rules, and regulations cite security metrics as a requirement. These laws include the Clinger-Cohen Act, Government Performance and Results Act (GPRA), Government Paperwork Elimination Act (GPEA), and Federal Information Security Management Act (FISMA). Moreover, metrics can be used to justify and direct future security investment. Security metrics can also improve accountability to stakeholders and improve customer confidence.
However, the term “security metrics” is often ambiguous and confusing in many contexts of discussion in information security. Some guiding standards and good experiments of security metrics exist, such as FIPS 140-1/2 [NIST 01], ITSEC [CEC 91], TCSEC [DOD 85], Common Criteria (CC) [CC1 99][CC2 99][CC3 99] and NIST Special Publication 800-55 [NIST 03], but they are either too broad without precise definitions, or too narrow to be generalized to cover a great variety of security situations. We elaborate some issues or misconception about security metrics in the following a few paragraphs. First, security metrics are often qualitative rather than quantitative. For the past 20 years, the international computer security community has been developing criteria and methodologies for the security evaluation of IT products and systems. While TCSEC [DOD 85] provides seven levels of trust measurement called ratings, which are represented by six evaluation classes C1, C2, B1, B2, B3, and A1, plus an additional class D, ITSEC [CEC 91] provides six levels of trust, called evaluation levels, E1, E2, E3, E4, E5, and E6. The Common Criteria (CC) [CC1 99][CC2 99][CC3 99] delivers a measure of the evaluation result called a level of trust that indicates how trustworthy the product or system is with respect to the security functional requirements defined for it. This evaluation provides an independent assessment by experts and a measure of assurance, which can be used to compare products.
6月25日15点之前被采纳的答案追加50分悬赏!
英语翻译1(计算机类)拒绝在线翻译Keywords Information Security, modeling, measurement, policy and mechanisms, validation, verification.1. INTRODUCTION It is widely recognized that metrics are important to information security becau
请遵守承诺追加赏分.翻译可放心.
Keywords
Information Security, modeling, measurement, policy and
mechanisms, validation, verification.
关键词:信息安全,建模,测量,政策和机制,审定,验证
1. INTRODUCTION
1 引言
It is widely recognized that metrics are important to information security because we cannot measure the success of security policy, mechanism, or implementations without security metrics. Metrics can be an effective tool for information security professionals to measure the security strength and levels of their systems, products, processes, and readiness to address security issues they are facing.人们广泛认识到度量对信息安全来说是重要的,因为我们没有安全性的度量就不能衡量安全政策、机制或贯彻实施的成功与否.度量对于信息安全专业人员来说可以是一种有效的工具,因为他们要衡量自己的系统、产品、工艺的安全强度和水平和致力于解决他们面临的安全问题的准备.Metrics can also help identify system vulnerabilities, providing guidance in prioritizing corrective actions, and raising the level of security awareness within the organization. With the knowledge of security metrics, an information security professional can answer typical questions like “Are we secure?” and “How secure are we?” in a formal and persuadable manner. 度量也有助于识别系统的易损性,为优先考虑正确的措施提供指导,并提高单位内部的安全意识水平.借助对安全性度量的了解,一名信息安全专业人员可以以正式而有说服力的方式回答像“我们安全吗?”以及“我们有多安全?”这类典型的问题For federal agencies, a number of existing laws, rules, and regulations cite security metrics as a requirement. These laws include the Clinger-Cohen Act, Government Performance and Results Act (GPRA), Government Paperwork Elimination Act (GPEA), and Federal Information Security Management Act (FISMA). Moreover, metrics can be used to justify and direct future security investment. Security metrics can also improve accountability to stakeholders and improve customer confidence. 对于联邦机构来说,许多现有的法律,规则和法规有援引安全性度量作为一项要求.这些法律包括Clinger-Cohen法案、政府绩效法案(GPRA)、政府文书消除法案(GPEA),和联邦信息安全管理法案(FISMA).而且度量还可以被用来判断未来投资的合理性,并对此加以指导.安全性度量还可改善利益相关者的问责性和提高客户的信心.
However, the term “security metrics” is often ambiguous and confusing in many contexts of discussion in information security. Some guiding standards and good experiments of security metrics exist, such as FIPS 140-1/2 [NIST 01], ITSEC [CEC 91], TCSEC [DOD 85], Common Criteria (CC) [CC1 99][CC2 99][CC3 99] and NIST Special Publication 800-55 [NIST 03], but they are either too broad without precise definitions, or too narrow to be generalized to cover a great variety of security situations. We elaborate some issues or misconception about security metrics in the following a few paragraphs. First, security metrics are often qualitative rather than quantitative.
可是,“安全性度量”这一术语在很多信息安全讨论的上下文中往往是含糊的,以及混淆的.存在这某些有关安全性度量的指导标准和好的试验,诸如FIPS 140-1/2 [NIST 01], ITSEC [CEC 91], TCSEC [DOD 85], 通用标准(CC)[CC1 99][CC2 99][CC3 99],以及NIST(美国全国标准学会)特殊出版物800-55 [NIST 03], 但是它们不是太广泛而缺乏精确的定义,就是太狭窄而不能广义的覆盖种类繁多的安全情况.我们在以下几段文章中详细说明了关于安全性度量的某些问题或误解.第1,安全性度量往往是定性的而不是定量的.
For the past 20 years, the international computer security community has been developing criteria and methodologies for the security evaluation of IT products and systems. While TCSEC [DOD 85] provides seven levels of trust measurement called ratings, which are represented by six evaluation classes C1, C2, B1, B2, B3, and A1, plus an additional class D, ITSEC [CEC 91] provides six levels of trust, called evaluation levels, E1, E2, E3, E4, E5, and E6. The Common Criteria (CC) [CC1 99][CC2 99][CC3 99]
delivers a measure of the evaluation result called a level of trust that indicates how trustworthy the product or system is with respect to the security functional requirements defined for it. This evaluation provides an independent assessment by experts and a measure of assurance, which can be used to compare products.
在过去20年中,国际的计算机安全共同体一直在制定用于IT产品和系统安全性评价的准则和方法.而TCSEC [DOD 85]提供了7个层次的信任度量,称之为额定,它们由6个评价等级C1, C2, B1, B2, B3, 和 A1,加一个额外的等级D来代表,ITSEC [CEC 91]提供了6个层次的信任度,称之为评价水准,即E1, E2, E3, E4, E5, 和 E6.通用标准(CC)[CC1 99][CC2 99][CC3 99]提供了一个评价结果的量度,称之为信任度水准,它表明相对于对一产品或系统规定的安全性功能要求来说,该产品或系统可信赖的长度.这一评价由专家们提供了一个独立的评估,以及保险的尺度,它们可用来对产品进行比较.
放着我来……