综合评估方法对信息系统安全的资产评估

Assets Evaluation of Information System Security by Integrated Evaluation

文章对传统定量评估和定性评估方法进行讨论,总结其不足之处,并且在此基础上提出定性与定量相结合的综合资产评估方法。综合的资产评估方法通过对信息系统资产机密性、完整性和可用性影响分析进行资产评估。在每个评估步骤中提出相应的评估模型。同时,运用综合评估方法,对某单位信息系统进行资产评估应用,计算出了系统中各部分的权重值,从而有效验证了综合评估方法的科学合理性和良好的可操作性。

Integrated evaluation,a way of combining qualitative and quantitative methods,is proposed based on discussing and concluding the deficiencies of traditional qualitative and by analyzing the confidentiality, integrity,and availability quantitative evaluation ways.It is a way to evaluate the assets of the information system.Meanwhile,through integrated evaluation and its application in assets evaluation of certain information system,the assets of each system part are calculated,and the rationality and the operability of integrated evaluation method are effectively tested and evaluated.