摘要
在GB/T 20984的基础上建立了信息安全风险评估的数学模型;通过定义"风险熵",以定量描述各风险域及系统整体风险状态的不确定性程度,揭示信息安全风险随系统复杂程度而递增的规律;对信息安全风险评估和系统风险的整体评价进行了理论归纳.
Based on the standard, GB/T20984- information security technology-risk assessment specification for information security, a math model was built to evaluate information security risk. The definition of risk entropy was given to quantify the uncertainty of the risk state in every risk domain and the whole system, and the law, the system more complex, the more information security risks, was discovered. The risk evaluation of information security and system risk synthetical assessment method was also theoretically concluded.
出处
《四川大学学报(自然科学版)》
CAS
CSCD
北大核心
2010年第3期469-472,共4页
Journal of Sichuan University(Natural Science Edition)
关键词
风险评估
风险概率
风险熵
评估规范
risk evaluation, risk probability, risk entropy, evaluation standard