摘要
信息系统广泛应用于各行各业,其安全性已经引起人们的密切关注。信息系统风险评估是分析信息系统的安全现状和潜在风险,从而为安全策略的设计实现提供依据和指导的过程,是规划、建设和维护信息系统安全结构的一项重要而且不可缺少的工作。本文根据信息系统功能模块化强的特点,采用系统聚类法建立了信息安全风险模块化层次结构评估模型,将一个完整的信息系统分为"管理模块"、"核心模块"、"分布层模块"、"服务器模块"、"边缘分布模块"、"外网接入模块"以及"外部环境模块"7个模块,并对模块化评估模型聚类方法和评估实施步骤作了详细的介绍。
Information system has been used in every walk of life and its security has nearly been noticed. The risk evaluation which can analyze the current status and potential risk of information system provide gist and direction for later security programming, moreover it is an important and indispensable for programming, building and maintaining security framework of information system, so it is indispensable. We use system clustering method to build risk evaluation method of modularization and hiberarchy based on the strong function modularization of information system. It breaks up the system into seven modules: manage module, core module, distribution layer module, sever module, margin distribution module, Internet module and outer circumstance module. In this article, we introduce detailedly the modularization model, the clustering method and the evolution process.
出处
《计算机科学》
CSCD
北大核心
2007年第10期309-310,F0003,共3页
Computer Science
基金
本文研究得到重庆市自然科学基金项目(CSTC
2004BB2181)资助。
关键词
风险评估
模块化
层次化
Risk evaluation, Modularization, Hiberarehy
