摘要
为了能够充分描述业务及信息资产依赖的关系,以便在评估威胁的业务影响时,能综合考虑资产依赖程度和业务安全目标或需求,建立了一个内部依赖的递阶层次结构的资产依赖模型,结合网络分析法(ANP)计算组织业务在保密性、可用性和完整性上对资产的依赖程度,以反映业务对资产的安全需求,威胁对业务的影响由威胁强度和安全需求共同确定。实例分析表明,ANP方法得到的资产依赖性结果与现实更相符,从而为风险评估结果的合理性提供了保证。
In the information age, business process has become an important information security risk factor. However, there is lack of models to adequately describe the dependencies among business processes and information assets and in the process evaluating the impact of threat on business, the dependencies and security objectives or requirements of business have not been taken into account simultaneously, which has a negative impact on risk assessment result. This study presents an asset dependency diagram with hierarchical structure and inner dependencies and Analytic Network Process ( ANP ) is used to calculate the dependency degrees of organization business on information assets about confidentiality,integrity and availability respectively, which reflect the security requirements of business to assets. Based on this,the impact of a threat on business is determined by threat strength and security requirements. An example shows that the results about asset dependency according to ANP are more in line with reality,therefore the reasonableness of the risk assessment result is ensured.
出处
《北京印刷学院学报》
2015年第4期34-38,共5页
Journal of Beijing Institute of Graphic Communication
基金
北京市自然科学基金(4142016)