期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

信息系统安全风险评估模型研究 被引量:14

RESEARCH ON INFORMATION SYSTEM SECURITY RISK EVALUATION MODEL
下载PDF
导出
摘要 在介绍有关国际标准中的信息安全风险概念模型基础上,提出一种信息系统安全风险定量评估模型,并给出实现该评估模型的基于公式查表确定性和灰色测度不确定性的算法模型,最后分析对比各种算法模型的优缺点。 Based on the conception model of information system security risk of the international standards, a quantifiable measuring model for information system security risk is proposed. To realize the risk measuring model, the algorithmic models are presented based on the certainty of form and formula and the uncertainty of gray system. The advantage and the weakness of those algorithmic models are analyzed and contrasted separately.
作者 陈鍊 胡作进 蔡淑珍
机构地区 南京审计学院计算机科学与技术系
出处 《计算机应用与软件》 CSCD 北大核心 2007年第6期73-77,共5页 Computer Applications and Software
基金 江苏省高校自然科学项目(02KJD120001)
关键词 信息系统 安全风险 概念模型 评估模型 算法模型 Information system Security risk Conception model Measuring model Algorithmic model
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1Information technology-Guidelines for the management of IT Security-Part 3:Techniques for the management of IT Secutity[S].ISO/IEC TR 13335-3:1998(E),1998.
  • 2System Security Engineering Capability Maturity Model.Model Description Document,Version 2.0,April 1,1999.
  • 3The Information Assurance Technical Framework (IATF),Release 3.1,NSA,September 2002.
  • 4Security Management Infrastructure(SMI)Task 1 Team,Threat and Vulnerability Model for Information Security,1997.
  • 5The International Organization for Standardization.Common Criteria for Information Technology Security Evaluation-Part 3:Security Assurance Requirements[S].ISO/IEC 15408-3:1999(E),1999.
  • 6宋如顺.基于SSE—CMM的信息系统安全风险评估[J].计算机应用研究,2000,17(11):12-14. 被引量:20
  • 7赵冬梅,张玉清,马建峰.网络安全的综合风险评估[J].计算机科学,2004,31(7):66-69. 被引量:23
  • 8Saaty T L.The Analysis Hierarchy Process[M].New York,McGraw Hill,1980,Reprinted by RWS Publication,Pittsburgh,1996.
  • 9朱岩,杨永田,张玉清,冯登国.基于层次结构的信息安全评估模型研究[J].计算机工程与应用,2004,40(6):40-43. 被引量:30
  • 10The International Organization for Standardization.Information Technology-Code of Practice for Information Security Management[S],ISO/IEC 17799:2000(E),2000.

二级参考文献12

  • 1秦效启,杨修竹.重大工程灾害风险评估研究[J].自然灾害学报,1997,6(2):7-10. 被引量:14
  • 2[1]Rommelfanger HJ.Multicriteria Decision Making Using Fuzzy Logic [C].In:Proceedings of the Conference on the North American Fuzzy Information Processing Society, 1998: 360~364
  • 3[2]Hanseong S,Poonghyun S.A Software Safety Evaluation Method Based on Fuzzy Colored Petri Nets[C].In:Proceedings of International Conference on Fuzzy Systems, 1999; (2): 830~834
  • 4[3]Antonakopoulos T, Agavanakis K.CASE Tools Evaluation: An Automatic Process Based on Fuzzy Sets Theory[C].In:Proceedings of Sixth IEEE International Workshop on Rapid System Prototyping, 1995:140~146
  • 5[4]Cannavacciuolo A,Capaldo G.A Fuzzy Model of the Evaluation Process[C].In:Proceedings of the Fifth IEEE International Conference on Fuzzy Systems, 1996; (2) :828~834
  • 6[5]Copigneaux F,Martin S.Software Security Evaluation Based on a Topdown McCall-like Approach[C].In:Proceedings of the Fourth Conference on Aerospace Computer Security Applications, 1988:414~418
  • 7[6]Garrabrants WM,Ellis AW.CERTS :A Comparative Evaluation Methodfor Risk Management Methodologies and Tools[C].In:Proceedings of the Sixth Annual Computer Security Applications Conference,1990:251~257
  • 8Baltimore. CMS Information Security Risk Assessment Methodology. Sep. 2002
  • 9Mustafa M A, FAI-Bahar J. Project risk assessment using the analytic hierarchy process[J]. IEEE Transactions on Engineering Management, 1991,38(1) :46-52
  • 10That JHM,Carr V. A proposal for construction project risk assessment using fuzzy logic[J]. Construction Management and Economics,2000,18: 491 -500

共引文献69

同被引文献81

引证文献14

二级引证文献67

计算机应用与软件
2007年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部