计算机工程与应用 ›› 2009, Vol. 45 ›› Issue (30): 92-94.DOI: 10.3778/j.issn.1002-8331.2009.30.027

• 网络、通信、安全 • 上一篇    下一篇

基于面向对象的信息系统风险评估方法

王桢珍1,武小悦1,谢永强2   

  1. 1.国防科技大学 信息系统与管理学院,长沙 410073
    2.中国电子设备系统工程公司研究所,北京 100039
  • 收稿日期:2008-06-11 修回日期:2008-07-29 出版日期:2009-10-21 发布日期:2009-10-21
  • 通讯作者: 王桢珍

Object-oriented based method of information system risk evaluation

WANG Zhen-zhen1,WU Xiao-yue1,XIE Yong-qiang2   

  1. 1.Institute of Information System and Management,National University of Defense Technology,Changsha 410073,China
    2.The Research Institute of the China Electronic & Systems Engineering Company,Beijing 100039,China
  • Received:2008-06-11 Revised:2008-07-29 Online:2009-10-21 Published:2009-10-21
  • Contact: WANG Zhen-zhen

摘要: 风险评估是信息系统安全保证的核心和关键。对现有的风险评估方法进行分析评价,将面向对象的系统分析思想引入信息系统的风险评估中,完善了系统风险评估方法。能够在信息系统建设初期确定系统中关键的、高风险组件或子系统,可有效指导系统安全防护工作的经济高效开展。

关键词: 风险评估, 面向对象, 体系结构, 离散时间马尔科夫过程

Abstract: To implement information system safety defense,risk evaluation is the core and key step.This article analyzes and estimates existing information system evaluation methods and brings the notion of object-oriented based system architecture decomposing into information system risk evaluation methods,and consummates the existing methods.The method in this paper can confirm the key and high-risk components or sub-systems of a information system in initial building stage and instruct its later safety defense work efficiently and economically.

Key words: risk evaluation, object-oriented, architecture, discrete time Markov process

中图分类号: