Information Security Risks in Civil Aviation Network: Classification, Identification and Preventive Strategies

Abstract

Information security of civil aviation network is an important issue in national cyberspace security governance. Based on the ISO27001 information security management system, the main contribution of this paper is build a classification and identification framework to identify key sources and specific factors of information security risks in civil aviation network through generalization and summary approaches. The detected risk sources mainly include management subject, management process, technology, laws and regulations, and infrastructure. In accordance with the attributes of different risk sources, systematic preventive strategies are proposed in this paper to serve as references for preventing and resolving information security risks in civil aviation network.