摘要
通过对支撑组织业务运转的信息资产所处的位置和流动属性的分析,将传统的GB/T20984-2007中定义的五种主要资产,即数据、软件、硬件、人员和服务划分为位置固定资产与位置变动资产;引入业务流程风险模型以有效识别信息资产所在业务节点面对的风险;应用AHP方法对资产建立风险等级层次模型确定风险的大小,为后续的风险管理活动提供一个科学的风险等级划分依据并通过实例验证本方法的可用性。
Through analyzing the location and flow features of information assets which support the business operation, divides the traditional categories of assets in GB/T20984 - 2007 such as data, software, hardware and the service into position fixed assets and position change assets;introduces the risk model of business process to identify the particular risks of the information assets in services node ;introduces AHP method to establish risk level hierarchical model to determine the risk level and provide a scientific basis for follow-up risk management activities. And the availability of this method is verfied by an example.
出处
《图书情报工作》
CSSCI
北大核心
2011年第8期62-66,共5页
Library and Information Service
关键词
业务流程
信息安全风险评估
位置固定资产
位置变动资产
AHP
business process information security risk assessment position fixed assets position changes assets AHP