关键词: 马尔科夫逻辑网, 信息安全, 风险管理, 风险评估, 边际推理模型, 系统可用性

Abstract: Recent years, in practices of the information security risk management of enterprises, there is no quantitative method to develop risk management scheme and select risk management tools, and manual risk analysis always takes too much time. In this paper, it proposes an information security risk management approach based on Markov logic network. First, it uses Markov logic network to describe dependencies between the components and services of the evaluated systems. Next, it uses marginal reasoning model of Markov logic network to estimate the system availability in case of different risk management measures, so as to provide a quantitative basis for the selection of management measures. Case studies show that, this method can provide reliable quantitative basis for selecting information system security risk management measures for enterprise, and the method is simple to implement.

Key words: Markov logic networks, information security, risk management, risk assessment, marginal reasoning model, system availability