| 信息系统安全风险评估方法的研究 |
| |
| 引用本文: | 刘守澜,卿昱.信息系统安全风险评估方法的研究[J].西南民族学院学报(自然科学版),2010,36(2):295-298. |
| |
| 作者姓名: | 刘守澜 卿昱 |
| |
| 作者单位: | 中国电子科技集团第三十研究所,成都810信箱53分箱,610041 |
| |
| 摘 要: | 本文根据信息系统风险评估的基本要素, 通过对信息系统的现状分析, 提出了一种基于脆弱性和威胁分析相结合的定量风险评估方法. 该方法建立了相应的风险计算模型, 通过脆弱性分析, 威胁识别, 后果属性及其权重计算等多个步骤对信息系统的安全风险进行定量分析计算得到信息系统安全评估风险值, 提高了信息系统风险评估的客观性和可度量性.
|
| 关 键 词: | 风险评估 威胁识别 脆弱性分析 后果属性 |
Research on security risk assessment method based on vulnerability and threat analysis |
| |
| LIU Shou-lan,QING Yu.Research on security risk assessment method based on vulnerability and threat analysis[J].Journal of Southwest Nationalities College(Natural Science Edition),2010,36(2):295-298. |
| |
| Authors: | LIU Shou-lan QING Yu |
| |
| Institution: | LIU Shou-lan,QING Yu(The 30th Institute of China Electronics Technology Corporation,Chengdu 610041,P.R.C.) |
| |
| Abstract: | Based on the analysis of information systems and the basic elements of risk assessment,a quantitative security risk assessment method which is a combination of vulnerability and threat analysis is proposed.The risk computation model is constructed.Through a number of steps,such as the vulnerability analysis,threat identification,the consequences of property and weights calculation,a security risk assessment value is obtained.It enhances the objectivity and measurability of the risk assessment process. |
| |
| Keywords: | risk assessment threat identify vulnerability analysis consequence attribute |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
