摘要
风险评估是建设信息安全管理体系(ISMS)的重要环节。本文从ISO17799标准和等级保护的要求出发,设计了一种适合于ISMS体系建设的风险评估方法。该评估方法采取故障树和基线评估相结合的方式,对组织的安全管理状况进行了全面、科学的评价。该方法被应用在国信办ISMS试点项目中,并取得了很好的效果,从而验证了该方法的科学性和可行性。
Risk assessment is a very important step in the course of constructing ISMS. According to the requireraents of ISO17799 and classified protection, this paper designs a risk assessment method to adopt for constructing ISMS. 3"his paper adopts method combined with fault tree analysis and baseline assessment to scientifically evaluate security condition. The method puts into project about ISMS, which gains all-fight effectiveness and proves its scientificity and feasibility.
出处
《平顶山工学院学报》
2007年第3期9-12,共4页
Journal of Pingdingshan Institute of Technology
