| 杨宏宇,秦赓.面向风险评估的关键系统识别[J].,2020,60(3):306-316 |
| 面向风险评估的关键系统识别 |
| Key system identification for risk assessment |
| |
| DOI:10.7511/dllgxb202003012 |
| 中文关键词: 业务流程 风险评估 业务系统 TOPSIS 系统识别 |
| 英文关键词: business process risk assessment business system TOPSIS system identification |
| 基金项目:国家自然科学基金资助项目(U1833107). |
|
| 摘要点击次数: 351 |
| 全文下载次数: 387 |
| 中文摘要: |
| 为有效识别关键业务系统并评估业务系统对全业务流程造成的安全风险和影响,提出一种全业务流程关键业务系统识别模型.首先,建立业务流程关联树与业务流程关联网络,得到评价属性矩阵与系统关联度矩阵.其次,由评价属性矩阵与系统关联度矩阵构造关联评价属性矩阵,改进优劣解距离法(technique for order preference by similarity to an ideal solution,TOPSIS)中加权方法和相对接近度计算方法,基于TOPSIS改进方法计算业务系统的重要性系数,进而识别全业务流程中关键业务系统.最后,评估业务系统发生信息安全事件时对全业务流程连续性的影响.实验结果表明,该方法能够准确地识别出全业务流程中的关键业务系统,有助于高效评估业务系统对全业务流程造成的影响. |
| 英文摘要: |
| In order to effectively identify the key business system and assess the security risk and impact of business systems on the entire business process security, a key business system identification model for the entire business process is proposed. Firstly, the business process association tree and the business process association network are established, and the evaluation attribute matrix and the system association degree matrix are obtained. Secondly, the association evaluation attribute matrix is built by the evaluation attribute matrix and the system association degree matrix. And the weighting and relative proximity calculation methods of the technique for order preference by similarity to an ideal solution (TOPSIS) are improved. Then, the important coefficient of business system is calculated based on the improved TOPSIS method and the key business system is identified. Finally, the effect on the continuity of the entire business process is evaluated when information security incidents occur in the business system. Experimental results show that the method can identify the key business system accurately, and it can help to evaluate the impact of the business system on the entire business process effectively. |
|
查看全文
查看/发表评论 下载PDF阅读器 |
| 关闭 |