摘要
信息系统风险评估是对信息系统的资产面临的威胁、存在的弱点、造成的影响,以及三者总和作用而带来风险的可能性的评估,是实施信息系统风险管理的基础。为了对电力信息系统的安全性能进行动态评价,结合实体行为对系统风险的影响,对现有的静态风险评估算法进行了改进,给出了基于电力信息系统的一种动态风险计算方法,理论分析和结果表明,改进方法提高了评估结果的可靠性和时效性。
The information system risk assessment is used to assess the asset threat,weakness and impact of informationsystem,and risk probability of the three items. It is the basis to implement risk management of the information system. In orderto dynamically evaluate the safety of the electric power information system,the available static risk assessment algorithm was im?proved in combination with the impact of entity behavior on the system risk,and a dynamic risk computing method based onelectric power information system is given. The theoretical analysis and results show that the improved method can enhance thereliability and timeliness of the assessment result.
作者
靳丹
马志程
杨鹏
张雪锋
丁立彤
JIN Dan;MA Zhicheng;YANG Peng;ZHANG Xuefeng;DING Litong(Information Communication Company,Gansu Electronic Power Company of State Grid,Lanzhou 730050,China;Xi’an University of Posts and Telecommunications,Xi’an 710121,China)
出处
《现代电子技术》
北大核心
2016年第14期162-165,共4页
Modern Electronics Technique
基金
国家自然科学基金(61301091)
国家电网公司科技项目(52272313507G)
西安邮电大学青年教师科研基金资助项目(ZL2012-22)
关键词
电力信息系统
动态风险评估
风险管理
理论分析
electric power information system
dynamic risk assessment
risk management
theoretical analysis
