摘要
论文提出包含威胁识别、资产识别和脆弱性识别三个基本要素的风险分析原理图,提出基于ISO27001标准和PDCA模型的信息设备安全风险管理体系,为开展威胁识别、脆弱性识别等风险管理提供理论支持。
This paper contains threat identification, identify assets and vulnerability identification of three basic elements of risk analysis principle diagram and proposed ISO27001 and PDCA model of information security risks of equipment management system based on, for carrying out the threat identification, vulnerability identification of risk management to provide theoretical support.
关键词
风险管理
威胁识别
脆弱性识别
信息设备
risk management
threat identification
vulnerability identification
information equipment