A study on e-Taiwan information system security classification and implementation

Abstract

Information systems of Cyberspace offer attractive targets. They should be resistant to such as Active Attack, Passive Attack, Insider Attack, Close-in Attack, and Distribution Attack from the full range of threat-agents-from hackers to nation states-and they must limit damage and recover rapidly when attacks do occur. According to Common Criteria (CC), Information Security Management System (ISMS) and the international standards of Information System Security (ISO/IEC 15408, ISO/IEC 17799, and ISO/IEC TR 19791) as well as the other international standards and guidelines such as the framework of Defense-in-Depth promoted by the U.S., in this paper we propose a new framework of information system security classification for e-Taiwan to reach the vision '' information and communication network resources can be fully used in an obstacle free and secure environment by year 2008.'' (C) 2007 Elsevier B.V. All rights reserved.