In view that there isn't evaluation method for desktop terminals and operation terminals with weak security protection and poor controlability to reflect the characteristics of power industry 's information security terminals ,an informa‐tion security terminals security evaluation model is prooposed according to requirements of information security in power in ‐dustry and threats faced by desktop terminals and operation terminals to discuss the security evaluation system and evaluation criteria .The model can meet the requirements and objectives of destop terminals security evaluation ,including detailed pro‐ject assessment and quantitative evaluation system .Then based on the model ,the automatic security evaluation for power industry's information security terminals is realized .%针对目前电力行业对于安全防护较弱、可控性较低的桌面终端、操作终端没有能够反映电力行业信息安全终端特征的评估方法,论文根据电力行业信息系统安全要求,以及桌面终端、操作终端所面临的安全威胁,提出一种融入CVSS 的信息安全终端安全评估模型,对安全评估体系和评分标准进行了研究和探讨。该模型能够满足电力行业桌面终端安全评估的需求和目标,包括详细的评估项目以及可量化的评价体系;最后在该评估模型的基础上实现了对电力行业信息安全终端进行自动化安全评估的工具。
展开▼
