摘要
为了实现信息系统风险防范措施的优化决策,提出了基于经常性事件的信息系统风险评估优化决策方法。经过统计调查和系统分析,将不可接受的风险、对系统整体安全性影响较大的风险、重要的资产和自定义主要的风险防范措施,定义为经常性事件。通过对实现系统优化设计的阿姆达尔定律做出改进,得出单项风险防范措施对整体系统安全性贡献值的度量方法,并据此构建出优化决策量化模型。最后以实例证明了模型的有效性。
In order to achieve the optimization of measure decision-making for the information system risk countermeasures, the optimization decision-making method for information system risk assessment based on common case is proposed. The unacceptable risk, the risk affects is bigger for overall security of the system, the important asset and the user-defined important risk prevention measures are considered as common case after statistic investigation and system analysis. To make the improvement for the Amdahl's law that be used to realize the system optimization design, then obtains the quantification computational method of the single item risk for the selection on the type of technology input which should be strengthened, and have designed the optimization method for strengthening the information system risk assessment decision making on common case. Finally, a case study is presented to verify the feasibility of the model.
出处
《计算机工程与设计》
CSCD
北大核心
2009年第15期3504-3506,3590,共4页
Computer Engineering and Design
基金
国家自然科学基金项目(70473068)
