| 信息系统风险评估实践 |
| |
| 引用本文: | 昝彧弘.信息系统风险评估实践[J].信息安全与通信保密,2008(8):155-157. |
| |
| 作者姓名: | 昝彧弘 |
| |
| 作者单位: | 北京航天飞行控制中心,北京100094 |
| |
| 摘 要: | 风险评估在信息安全保密体系建设中起着重要作用,是组织内开展基于风险管理的基础,它贯穿信息系统的整个生命周期,是安全策略制定的依据;也是按照PDCA改进组织安全保密体系的关键。论文在分析常见信息系统风险评估方法的基础上,提出基于应用系统、关注纵深防御和持续改进的风险评估方法,从而全面、系统地开展风险评估工作。
|
| 关 键 词: | 应用系统 纵深防御 持续改进 风险评估 |
Risk Evaluating of Information System |
| |
| Affiliation: | ZAN Yu-hong (Beijing Aeronautics Control Centre, Beijing 100094, China) |
| |
| Abstract: | Risk evaluation plays an important role in the construction of information security and privacy system, It runs through the whole life circle of information system, is the basis for development of risk-based management and security strategy in an organization, and also the key to improving the security and privacy system of the organization in accordance with PDCA.This paper analyses common risk evaluating methods of information system, then puts forward the risk evaluating method based on application system and attention depth-defense and continue action, consequently risk evaluating is developed general. |
| |
| Keywords: | application system depth-defense continue action risk evaluating |
| 本文献已被 维普 万方数据 等数据库收录! |
|
