信息安全风险评估的定量与定性分析方法

The Methods of Quantitative Analysis and Qualitative Analysis of Information Security Risk Assessment

在信息安全领域,对信息系统进行风险评估十分重要,其最终目的就是要指导决策者在“投资成本”和“安全级别”这两者之间找到平衡,从而为等级优化的资产风险制定保护策略和缓和计划。本文基于BS7799的结构特点阐述了定性与定量的分析方法在风险评估过程中的应用。

In the realm of the information security, It is very important to carry the risk assessment to the information system. Its ultimate goal is to guide clecission maker finding a balance between ＂investment cost＂ and ＂safe class＂, in order to establish the protection strategy and alleviating plan for the risk of high quality assets. This these based on the characteristics of BS7799＇ s structure elucidates the applications of the methods of quantitative analysis and qualitative analysis in the field of risk assessment.