| 信息安全风险评估中若干操作问题的研究 |
| |
| 引用本文: | 张立涛,应力,钱省三. 信息安全风险评估中若干操作问题的研究[J]. 山东理工大学学报:自然科学版, 2006, 20(1): 79-83 |
| |
| 作者姓名: | 张立涛 应力 钱省三 |
| |
| 作者单位: | 山东理工大学,管理学院,山东,淄博,255049;上海市信息安全测评认证中心,上海,200052;上海理工大学,管理学院,上海,200093 |
| |
| 基金项目: | 山东理工大学科研基金资助项目(M200410),上海市教委重点学科资助项目 |
| |
| 摘 要: | 信息安全风险评估是一项复杂的、实践性强的系统工程,本文在分析信息安全风险评估相关标准、方法和技术体系以及总结实践经验的基础上,对信息安全风险评估过程的出发点、威胁和脆弱性的识别依据、影响威胁可能性的判断因素以及风险评估中的影响分析等四个操作层面的问题进行了分析和研究,并同时提出了许多可操作性的结论和建议.
|
| 关 键 词: | 信息安全 风险评估 威胁 脆弱性 影响 |
| 文章编号: | 1672-6197(2006)01-0079-05 |
| 收稿时间: | 2005-10-27 |
| 修稿时间: | 2005-10-27 |
Study of some operating problems on information security risk evaluation |
| |
| ZHANG Li-tao,YING Li,QIAN Xing-san. Study of some operating problems on information security risk evaluation[J]. Journal of Shandong University of Technology:Science and Technology, 2006, 20(1): 79-83 |
| |
| Authors: | ZHANG Li-tao YING Li QIAN Xing-san |
| |
| Affiliation: | 1. School of Management, Shandong University of Technology, Zibo 255049, China; 2. Shanghai Information Technology Security Certification Center, Shanghai 200052, China; 3. School of Management, Shanghai University for Science and Technology, Shanghai 200093, China |
| |
| Abstract: | Information security risk evaluation(ISSE) is a complex system project and hard to be put in practice.Based on the analysis of some standards,methods and techniques about the ISSE and a series of good practice,the authors studies four operational problems: the start point of the ISSE,the identification reference of the threat and vulnerability,the effect factors of threat possibility estimation and the impact analysis of the ISSE,and at the same time,some operable conclusions and advices are proposed. |
| |
| Keywords: | information security risk evaluation threat vulnerability impact |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
