摘要
随着企业系统的信息化程度不断加深,企业信息安全风险评估迎来了新的挑战。针对当前评估方法指标单一且缺乏直观性特点,该文设计了一种企业信息安全风险评估模型,该模型依据信息安全风险评估流程对信息系统进行风险评估,从系统安全事件的损失和资产价值两个方面描述系统的风险情况,并在二维坐标系上对系统进行划分,直观地描述了系统的风险情况。
With the enhancing degree of information technology to of enterprise systems, the enterprise information security risk assessment will be in face of challenges. Because of the single index and lack of intuitive features of the current evaluation meth- ods, we design an enterprise information security risk assessment model, which assesses risks of information systems according to the information security risk assessment process. It describes the system from two respects, the extent of damage about security events and asset value, and classify systems in the two-dimensional coordinate to intuitively describe the risk situation of the system.
作者
成昂轩
王健弘
CHENG Ang-xuan1, WANG Jian-hong2 (1.Troops 94789 PLA, Nanjing 210018, China; 2. Troops 94860 PLA, Nanjing 210049, China)
出处
《电脑知识与技术》
2017年第9期32-33,51,共3页
Computer Knowledge and Technology
关键词
企业信息安全
风险评估
破坏程度
资产价值
enterprise information security
risk assessment
damage extent
asset value