期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于等级保护体系的信息安全风险评估方法研究 被引量:4

Evaluation Method of Infosec Risk based on Classified Protection System
下载PDF
导出
摘要 信息安全风险评估指标体系的建立与量化分析是进行评估的关键问题。针对这一问题,文中提出了一种基于等级保护体系的信息安全风险评估方法。该方法依据等级保护的相关规定建立新的指标体系,利用AHP方法建立基于等级保护指标的风险评估量化模型,并设计算法完成对模型的计算和分析。实验结果显示该评估方法在降低了人为主观因素的前提下能够计算信息系统的风险值,对系统安全风险的评估有一定的实用价值。 The establishment and quantification of index system is a key issue for infosec risk assessment. In view of this problem, an evaluation method of infosec risk based on classified protection system is proposed. The method, in accordance with the reh,vant provi- sions of classified protection establishes a new index system, and with AHP, constructs a risk assessment quantitative model based on the classified protection index, and with the designed algorithm, completes the calculation and analysis of the model. Experimental re- suits indicate that this method can calculate the risk value of information system on the premise of reducing the subjective factors, and this is of significant value for dividing of security risk levels.
作者 张元天 刘福强 陈泱
机构地区 海军装备研究院 [
出处 《信息安全与通信保密》 2016年第8期78-81,86,共5页 Information Security and Communications Privacy
关键词 信息安全 安全评估 等级保护 AHP方法 information security seeurity assessment classified protection AHP method
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献6

二级参考文献10

  • 1[1]Tim B. Multisensor data fusion for next generation distributed intrusion detection systems[A]. 1999 IRIS National Symposium on Sensor and Data Fusion, Laurel,USA,1999.
  • 2[2]Tim B. Intrusion systems and multisensor data fusion: creating cyberspace situational awareness[J]. Communications of the ACM, 2000, 43(4): 99~105.
  • 3[3]Martin R, Chris G.Snort users manual, Snort release 2.0.0[EB/OL].http://www.snort.org/docs/SnortUsersManual.pdf,2002-07-06.
  • 4[4]Tim B, Roger R. Defense-in-depth revisited:qualitative risk analysis methodology for complex network-centric operations[EB/OL].http://www.silkroad.com/papers/pdf/archives/defense-in-depth-revisited-original.pdf,2002-07-23.
  • 5[5]Honeynet Project.Know your enemy: statistics[EB/OL].http://www.HoneyNet.org/papers/stats/, 2001-07-22.
  • 6United States General Accounting Office, Accounting and Information Management Division. Information Security Risk Assessment[Z]. Augest 1999.
  • 7National Institute of Standards and Technology. Special Publications 800-30, Risk Management Guide(DRAFT)[Z]. June 2001.
  • 8BUTLER S A, FISCHBECK P. Multi-Attribute Risk Assessment, Technical Report CMD-CS-01-169[R]. December 2001.
  • 9BUTLER S A. Security Attribute Evaluation Method: A Cost-Benefit Approach[Z]. Computer Science. Department, 2001.
  • 10PELTIER T R. Information Security Risk Analysis[Z]. Rothstein Associates Inc, 2001.

共引文献376

同被引文献38

引证文献4

二级引证文献13

信息安全与通信保密
2016年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部