期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

IS风险评估方法分类研究 被引量:1

IS risk assessment methodologies research and development trend overview
下载PDF
导出
摘要 尝试分别从信息技术演化过程和驱动因素两个方面对信息系统风险评估方法(ISRAM)进行分类。首先选择信息技术和ISRAM发展的时间主线划分ISRAM,然后提取ISRAM设计实现过程中考虑的驱动因素划分ISRAM,并分别给出两种分类方法的半形式化描述;最后,分析目前ISRAM面临的挑战和未来发展趋势。 This paper tried to put forward some ideas about information systems risk assessment methologies(ISRAM) classification in both information technologies evolvement progress and driven factors of the implementation of ISRAMs. Firstly, this paper selected the information technology and their development with time threads classify ISRAMs. Secondly, abstracted threes driven factors during the designing and implementation of ISRAMs to classify them. And then described each classification method in semiformal way. Lastly, analyzed challenges faced by ISRAM researching and development trends in the future.
作者 吴迪 陈晓桦 李斌 郭涛
机构地区 中国信息安全产品测评认证中心 认证与注册部
出处 《计算机应用研究》 CSCD 北大核心 2007年第9期55-57,共3页 Application Research of Computers
基金 国家"863"计划资助项目(2005AA142150)
关键词 信息系统风险评估方法 分类方法 演化过程 驱动因素 information systems risk assessment methodologies (ISRAM) classification approach evolvement progress driven factors
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献10

  • 1冯登国,张阳,张玉清.信息安全风险评估综述[J].通信学报,2004,25(7):10-18. 被引量:308
  • 2HOO K J S.How much is enough? A risk-management approach to computer security[R].[S.l.]:CRISP,2000.
  • 3Carnegie Mellon University.OCTAVESM criteria version 2.0[K].2001.
  • 4Carnegie Mellon University.Operationally critical threat,asset,and vulnerability evaluation(OCTAVESM) framework[K].1999.
  • 5ISO 17799-1:2000,信息技术信息安全管理实施细则[S].
  • 6ISACA.Control objectives for information technology(COBIT)[S].2000.
  • 7NIST.Computer security division,systems and network security group,federal information technology security assessment framework[S].2000.
  • 8MOSLEH A.A framework for computer security risk management[C]//Proc of the 3rd International Computer Security Risk Management Model Builders' Workshop.[S.l.]:Los Alamos National Laboratory,NIST,NCSC,1989.
  • 9Australian/New Zealand standard,Risk management AS/NZS 4360[S].2004.
  • 10GRAN B A.The CORAS methodology for model-based risk assessment IST-2000-25031[R].2003.

二级参考文献5

  • 1United States General Accounting Office, Accounting and Information Management Division. Information Security Risk Assessment[Z]. Augest 1999.
  • 2National Institute of Standards and Technology. Special Publications 800-30, Risk Management Guide(DRAFT)[Z]. June 2001.
  • 3BUTLER S A, FISCHBECK P. Multi-Attribute Risk Assessment, Technical Report CMD-CS-01-169[R]. December 2001.
  • 4BUTLER S A. Security Attribute Evaluation Method: A Cost-Benefit Approach[Z]. Computer Science. Department, 2001.
  • 5PELTIER T R. Information Security Risk Analysis[Z]. Rothstein Associates Inc, 2001.

共引文献307

同被引文献18

  • 1陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法[J].软件学报,2006,17(4):885-897. 被引量:342
  • 2Moore A, Ellison R, Linger R. Attack modeling for information security and survivability [R]. Pittsburgh: Carnegie Mellon University, 2001.
  • 3Mauw S, Oostdijk M. Foundations of attack trees [G]// LNCS 3935 : Proc of the 8th Annual Int Conf on Information Security and Cryptology. Berlin: Springer, 2005:186-198.
  • 4Jha S, Sheyner O, Wing J. Two formal analyses of attack graphs[C] //Proc of the 15th IEEE Computer Security Foundations Workshop. Los Alamitos, CA: IEEE Computer Society, 2002:45-59.
  • 5Jha S, Sheyner O, Wing J. Minimization and reliability analyses of attack graphs, CMU-CS-02-109[R]. Pittsburgh: Carnegie Mellon University, 2002.
  • 6Sheyner O, Haines J, Jha S, et al. Automated generation and analysis of attack graphs [C]//Proc of the IEEE Syrup on Security and Privacy. Piscataway, NJ: IEEE, 2002: 273- 284.
  • 7Sheyner O. Scenario graphs and attack graphs [D]. Pittsburgh: Carnegie Mellon University, 2004.
  • 8Bodin L, Gordon L, Loeb M. Evaluating information security investments using the analytic hierarchy process [J]. Communications of the ACM, 2005, 48(2): 79-83.
  • 9Karabacak B, Sogukpinar I. ISRAM: Information security risk analysis method [J]. Computers & Security, 2005, 24 (2) : 147-159.
  • 10Houmb H, Braber D, Lund S, et al. Towards a UML profile for model-based risk assessment [C]//Proc of UML Workshop on Critical Systems Development with UML. Piscataway, NJ: IEEE, 2002:79-92.

引证文献1

二级引证文献8

计算机应用研究
2007年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部