摘要
信息安全风险评估是信息安全系统工程的重要组成部分,是建立信息系统安全体系的基础与前提.针对目前风险计算缺乏统一的标准和具体的计算方法,结合实际的风险评估工作,提出了一种信息安全风险评估的通用模型.通过分析系统的资产、弱点和威胁,根据安全设备产生的安全事件,实时地评估信息系统风险的方法,为有效地进行风险评估提供了通用可行的方案.
In the information security engineering,risk assessment is an important part,the basis of the information system security systematism.Combining with practice of risk assessment,a kind of general information security risk assessment model is proposed in this paper.By analyzing the assets,vulnerabilities and threats of information system, this method can evaluate the risk of in real time with the events produced by security devices.
出处
《河南科技学院学报(自然科学版)》
2013年第4期57-61,共5页
Journal of Henan Institute of Science and Technology(Natural Science Edition)
关键词
信息安全
风险评估
决策模型
风险计算
量化分析
information security
risk assessment
decision-making model
risk calculation
quantization analysis