CAJ | 학술논문

【目的】探讨如何为各类信息系统安全性保障测试提供综合性支撑服务。【方法】综合应用网络主机检测、数据库检测、Web应用漏洞检测等关键技术，通过协同集成方法，设计一个集约化信息安全测评平台。【结果】该平台集网络攻防演练和演示、管理安全测试、数据安全测试、外部安全测试及网站系统内容测试、产品与系统测评、信息安全应急响应为一体，可以在信息系统功能、性能、安全等方面为政府各部门及社会各界提供测试和评估服务。【结论】实际应用表明，该平台能够满足信息系统安全测评的关键需求，能够提供一体化信息安全测评功能。
【목적】탐토여하위각류신식계통안전성보장측시제공종합성지탱복무。【방법】종합응용망락주궤검측、수거고검측、Web응용루동검측등관건기술，통과협동집성방법，설계일개집약화신식안전측평평태。【결과】해평태집망락공방연련화연시、관리안전측시、수거안전측시、외부안전측시급망참계통내용측시、산품여계통측평、신식안전응급향응위일체，가이재신식계통공능、성능、안전등방면위정부각부문급사회각계제공측시화평고복무。【결론】실제응용표명，해평태능구만족신식계통안전측평적관건수구，능구제공일체화신식안전측평공능。
Objective]To provide comprehensive support services for safety testing of informa-tion systems.[Methods]An integrated information safety evaluation platform has been de-signed by integrating multiple key detection technologies covering network host,database and Web application loophole etc.[Results]This platform integrates network attack and de-fense,demonstration,management safety testing,data safety testing,external safety testing and web content system testing,product and system testing,and information safety emergen-cy response.It also can provide testing and evaluation services to the departments of govern-ment and community for the function,performance,safety,and other aspects of their infor-mation systems.[Conclusion]The actual application of the platform meets the key demand of information system safety evaluation and provides the integrative evaluation of information safety.