计算机工程与应用 ›› 2006, Vol. 42 ›› Issue (26): 17-.

• 博士论坛 • 上一篇    

组合对象信息安全风险评估研究

王连强、吕述望、张剑、刘振华

  

  1. 中科院研究生院
  • 收稿日期:2006-06-07 修回日期:1900-01-01 出版日期:2006-09-11 发布日期:2006-09-11
  • 通讯作者: 王连强 王连强

A Study of Risk Assessment related to Information Security Based on Combined Objects

,,,   

  1. 中科院研究生院
  • Received:2006-06-07 Revised:1900-01-01 Online:2006-09-11 Published:2006-09-11

摘要: 风险评估已经成为信息安全管理的重要组成部分,其方法的选择直接影响着风险结果的准确性和客观性,进而会影响到组织的整体信息安全水平。目前很多评估方法仅能对单个资产的威胁和脆弱性进行分析,并直接采用调查问卷或矩阵的方式得到风险,而没有从面向对象的角度给出威胁相对于系统的客观的整体风险值。本文提出了一种针对组合对象的定性与定量相结合的风险评估方法,有效解决了上述问题,并给出了合理的风险计算公式。

关键词: 信息安全, 风险评估, 威胁, 脆弱性

Abstract: Risk assessment has become an important part of information security management process. The method for risk assessment impacts the veracity and objectivity of the results, and also impacts the overall information security capacity of the organization. At present, many assessment methods only analyze threats and vulnerabilities of single asset, and the means to acquire the risk is questionnaires or matrix. They don’t provide systematic and objective risk value based on objects. This paper present a method of risk assessment based on combined objects, which adopts qualitative and quantitative means. This method resolves those problems and provides reasonable formula for computing the risk value.

Key words: information security, risk assessment, threat, vulnerability