摘要
在分析总结现有国内外风险评估研究成果基础上,通过对某油田企业的风险评估需求进行分析,提出适应该企业的一种改进的风险评估模型及计算方法。该模型引入了不可接受安全事件,从而减少了计算工作量;并将脆弱性要素赋值细化为暴露程度及严重程度两个权重,将现有安全措施细化为预防措施和恢复措施,从而使得调整因子和赋值更贴合实际,也提升了计算结果的准确性。
Based on summarizing and analyzing the research resuhs of existing risk assessment both at home and abroad, and through the analysis on risk assessment demand of certain oil enterprise, the paper presents an improved risk assessment model and calculation methods. The unacceptable security incidents is introduces into the model, thus to reduce the calculation workload. The vulnerability factor is refined for two weights of exposure levels and severity level, and the existing security measure refined for prevention measure and recovery measure, thus making the adjustment factor and the assignment stick more suitable to reality, and meanwhile, improving the accuracy of calculation results.
出处
《信息安全与通信保密》
2015年第9期103-108,共6页
Information Security and Communications Privacy
关键词
风险评估
不可接受事件
威胁
脆弱性
资产
risk assessment
unacceptable incident
threat
vulnerability
asset
