摘要
研究了信息安全风险评估工具的分类方法与发展趋势,在参考国内外评估方法和评估工具的基础上,对风险评估工具进行了设计与实现。该工具是专家评估系统,根据自定义的安全策略和安全基线动态生成调查问卷表,运用定量和定性相结合的方法进行风险评估,为提高风险评估效率、确保评估结果的科学性提供了有力支持。
This paper studies on the sort method and developing trend of the information security risk assessment tool,then designs and implements a risk assessment tool based on referring to the domestic and foreign assessment methods and tools.This tool is an expert assessment system.It makes dynamic questionnaire based on the policy and baseline,and it also introduces into the quantitative and qualitative method,which improves the efficiency of risk assessment and ensures the results are more scientific.
出处
《计算机工程与应用》
CSCD
北大核心
2007年第9期95-98,135,共5页
Computer Engineering and Applications
基金
国家自然科学基金(the National Natural Science Foundation of China under Grant No.60373040
No.60573048)
中国科学院研究生院科研启动经费项目。
关键词
信息安全
风险评估
评估工具
information security
risk assessment
assessment tool