摘要
在信息安全领域,对信息系统进行风险评估十分重要,其最终目的就是要指导决策者在“投资成本”和“安全级别”这两者之间找到平衡,从而为等级优化的资产风险制定保护策略和缓和计划。本文基于BS7799的结构特点阐述了定性与定量的分析方法在风险评估过程中的应用。
In the realm of the information security, It is very important to carry the risk assessment to the information system. Its ultimate goal is to guide clecission maker finding a balance between "investment cost" and "safe class", in order to establish the protection strategy and alleviating plan for the risk of high quality assets. This these based on the characteristics of BS7799' s structure elucidates the applications of the methods of quantitative analysis and qualitative analysis in the field of risk assessment.
出处
《电脑知识与技术》
2006年第4期53-55,共3页
Computer Knowledge and Technology
关键词
信息系统
风险评估
定量分析
定性分析
Information System
Risk Assessment
Quantitative Analysis
Qualitative Analysis