A few days ago, at the first information security risk management summit forum, honorary director of the China Information Security product evaluation center and director of the security industry branch of the China Information Industry Chamber of Commerce, Wu Shizhong delivered an important speech at the conference, it also points out the latest four key points of information security risk management.
Wu Shizhong said that risk management is the mainstream paradigm of information security assurance and one of the hot topics in global information security work. At the same time, he summed up four new key points of information security risk management: first, fully understanding the new technology threats faced by high technology; second, high attention to the attackers who dare to die; third, take the rapid rise of the stateless force seriously; fourth, the network effect greatly reduces the risk warning time.
At the same time, he analyzed the practical difficulties to be overcome in the industry. Major difficulties include: in terms of policy, Document No. 5 has not risen to national laws and regulations, and supervision is not yet in place. In terms of standards, there are still systemic and operable problems; product Line problems and industrial chain problems in the industry. At the technical level, there are problems in theories and models and evaluation methodologies, and there is a lack of practical tool support.