基于防控措施的信息安全风险评估模型研究

Research on Information Security Risk Assessment Model Based on Prevention and Control Measures

传统信息安全风险评估模型只考虑资产、威胁及脆弱性要素已不再适用,为准确对信息安全风险进行评估,提出基于安全防控措施的信息安全风险评估模型,并运用相乘法原理计算综合风险值判定安全等级,与传统评估模型进行对比,得出评估模型具有直观、准确性高等特点。

The traditional information security risk assessment model are no longer applicable that only considers that assets,threats and vulnerabilities.In order to accurately assess information security risks,an information security risk assessment model based on security prevention and control measures is proposed,and the principle of multiplication is applied to calculate the comprehensive risk value and to determine the safety level.A comparsion of the proposed model with the traditional model concludes that the new model is intuitive and accurate.