| 信息安全风险评估ASMI方法论的应用研究 |
| |
| 引用本文: | 陈阳怀.信息安全风险评估ASMI方法论的应用研究[J].信息安全与通信保密,2011(4):85-89. |
| |
| 作者姓名: | 陈阳怀 |
| |
| 作者单位: | 北京航空航天大学软件学院,北京,100091 |
| |
| 摘 要: | 基于信息安全风险评估工作的发展现状,为进一步提高其科学性和实践价值,通过综合分析信息安全风险评估相关标准和实践方法,建立以追求信息安全客观风险为目标的信息安全风险评估思想,并构建了由安全现状(Aactuality)、参考基准(Standard)、测量模型(Model)和工程实施(Implementing)4个方面组成的信息安全风险评估方法论(简称ASMI方法论)。同时,还深入分析了ASMI方法论的组成要素、相互关系、应用方法和实践价值。该方法论有望对信息安全风险评估业务、信息安全保障体系建设和信息安全标准体系的协调发展起到积极的促进作用。
|
| 关 键 词: | 信息安全 风险评估 ASMI方法论 信息系统 |
Application Research of ASMI Methodology for Information Security Risk Assessment |
| |
| CHEN Yang-huai.Application Research of ASMI Methodology for Information Security Risk Assessment[J].China Information Security,2011(4):85-89. |
| |
| Authors: | CHEN Yang-huai |
| |
| Affiliation: | CHEN Yang-huai (Software College of Beihang University,Beijing 100191,China) |
| |
| Abstract: | With the development of information security risk assessment work and for further improving its scientism and practical value,the idea of safety risk evaluation aiming at pursuing objective risk of information security is established through comprehensive analysis of relevant standards and practical methods,including the safety risk assessment methodology composed of four parts:safety actuality,reference standard,measurement model and engineering implementation(abbreviated as ASMI Methodology). Also,this pa... |
| |
| Keywords: | information security risk assessment ASMI methodology information system |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
