基于威胁的信息系统安全技术选择策略研究被引量：3

Selection Strategy of Information System Security Technologies Based on Threat

下载PDF

导出

摘要利用博弈论研究了基于信息系统安全威胁类型的安全技术选择与资源优化配置问题,同时考虑了具体威胁类型、信息系统安全技术特征、成本与组合效率等因素,指出了组织在信息系统安全管理时所选择的安全技术首先应当能够处理或弱化其所面临的大部分威胁,即以威胁为安全技术选择的基础,并且组织为了实现对有限资源的优化配置,应根据各种威胁导致的期望损失来确定相应的安全技术选择概率。模型将安全技术对不同威胁的检测率与误检率加以区分,较一种安全技术对所有威胁只有一个笼统的检测率和误检率更具实际意义。 The game theory was employed to study the selection of security technologies and the optimization of resource allo-cation at the basis of the threat types to organization information system.The factors like the definite types of threats, the charac-teristics of information system security technologies, the cost and efficiency of them and so on were all considered together.And some conclusions were resulted.First, the organizations should choose security technologies with the ability to deal with or miti-gate most of the threats they would encounter probably during the management of information system security, i.e.to select secur-ity technologies at the basis of threats.Second, in order to optimize the resources allocation, the organizations could determine the corresponding security technology choosing probability according to the expected loss of every kind of threat.Compare to the researches considering that one information system security technology has only one general detection rate and false detection rate, the model has an innovation that one security technology has different detection rates and false detection rates to different threats, which is more practical.

作者方玲仲伟俊梅姝娥

机构地区东南大学经济管理学院

出处《武汉理工大学学报（信息与管理工程版）》 CAS 2014年第6期857-861,共5页 Journal of Wuhan University of Technology：Information & Management Engineering

基金国家自然科学基金资助项目(71071033) 江苏省2013年度普通高校研究生科研创新计划基金资助项目(CXLX13_124)

关键词威胁信息系统安全技术组合资源配置博弈论 threat information system security technology portfolio resources allocation game theory

分类号 F272.3 [经济管理—企业管理] C931.6 [经济管理—管理学]

引文网络
相关文献

参考文献16

1HANNU S. Analysing business losses caused by infor-mation systems risk: a business process analysis ap-proach [J]. Journal of Information Technology, 2007(23) :185 -202.
2YEH Q j, CHANG J T. Threats and countermeasuresfor information system security : a cross - industrystudy [ J] . Information & Management, 2007,44(5〉:480-491.
3WILLI G. Beyond zero: analysing threat trends [ J ].Network Security, 2011(7) :7 - 9.
4TERRENCE A, TUNAY I T. Network software securi-ty and user incentives [ J ]. Management Science,2006,52(11) :1703 -1720.
5CAVUSOGLU H, CAVUSOGLU H,ZHANG J. Securitypatch management ; share the burden or share the damage[J]. Management Science, 2008,54(4) :657 - 670.
6XIA Y Z, ZHANG S Y. A kind of network securitybehavior model based on game theory [ C ] // Proceed-ings of the Fourth International Conference on Paralleland Distributed Computing, Applications and Technol-ogies. [S. 1. ] .. [ s. n. ],2003 :950 - 954.
7CAVUSOGLU H,MISHRA B,HAGHUNATHAN S.The value of intrusion detection systems informationtechnology security architecture [ J ] . Information Sys-tems Research,2005,16(1) :28 -46.
8YUE W T,METIN C. Intrusion prevention in informa-tion systems : reactive and proactive responses [ J ].Journal of Management Information Systems,2007,24(1):329 -353.
9OGUT H,CAVUSOGLU H,RAGHUNATHAN S. In-trusion -detection policies for IT security breaches[J ]. Informs Journal on Computing,2008,20 ( 1):112-123.
10PAUL R, MICHAEL I,STEVEN H. Generating poli-cies for defense in depth[ C] Proceedings of the 21stAnnual Computer Security Applications Conference Ta-ble of Contents. [S. 1. ] :[s. n. ] ,2005:505 -514.