基于密码学理论的私密信息安全风险评估方法

为了解决传统方法没有考虑针对私密信息的防控措施，得到评估结果不准确的问题，通过密码学理论研究了私密信息安全风险评估方法。在将资产-威胁-脆弱性作为核心对风险值进行计算的基础上，引入安全防控措施功能进行分析。按照相关原则，建立阶梯层次式私密信息安全风险评估指标体系，通过熵系数对各评估指标的权重进行计算。在不考虑防控措施的情况下计算风险值，通过密码学理论对私密信息安全性进行保护后风险值进行计算，将二者结合在一起，获取考虑密码学理论下防控措施后，私密信息风险值，实现私密信息安全风险评估。结果表明：所提方法可有效实现私密信息安全风险评估；所提方法风险评估结果准确合理。可见所提方法评估性能准确。

Research on Privacy Information Security Risk Assessment Method Based on Cryptography Theory

In order to solve the problem that traditional methods do not consider the inaccuracy of the evaluation results of the prevention and control measures against private information, the risk assessment method of private information security is studied by cryptography theory. On the basis of calculating the risk value with the asset-threat-vulnerability as the core, the function of security prevention and control measures is introduced to analyze. According to the relevant principles, the hierarchical risk assessment index system of private information security was established, and the weight of each evaluation index was calculated by entropy coefficient. The risk value was calculated without considering the preventive measures, and the risk value was calculated after the privacy information security was protected by cryptography theory. Combining the two, the risk value of privacy information was obtained after considering the preventive measures under cryptography theory to realize the risk assessment of privacy information security. The results show that the proposed method can effectively realize the risk assessment of private information security, and the risk assessment results of the proposed method are accurate and reasonable. It can be seen that the proposed method is accurate in evaluating performance.