| 一种信息资产风险值的计算方法 |
| |
| 引用本文: | 商敏红,;陈敏康.一种信息资产风险值的计算方法[J].网络安全技术与应用,2014(5):163-164. |
| |
| 作者姓名: | 商敏红 ;陈敏康 |
| |
| 作者单位: | [1]江苏信息职业技术学院电子信息工程系,江苏214153; [2]江苏省税务干部学校信息中心,江苏214063 |
| |
| 基金项目: | 江苏省高等职业院校国内高级访问学者计划资助项目(2013) |
| |
| 摘 要: | 按照信息安全风险评估流程,说明了资产识别、威胁识别和脆弱性识别的方法和量化标准,选择适当的、符合国家评估标准的风险计算分析模型,提出一种信息资产安全风险值计算方法,采用二维矩阵法计算安全事件的风险值,对风险值对应的风险程度进行风险等级划分,并通过计算一个信息系统的风险值进行验证.
|
| 关 键 词: | 风险识别 信息资产 威胁 脆弱性 |
The calculation method of a kind of value at risk of information assets |
| |
| Affiliation: | Shang Minhong, Chen Minkang |
| |
| Abstract: | according to the information security risk assessment process, illustrates the asset identification, threat identification and vulnerability identification method and the quantitative criteria , select the appropriate, in line with national assessment standard ofrisk analysis model, puts forward a kind of information assets security risk value calculation method, the two-dimensional matrix method to calculate the risk value of the security incident, the risk value corresponding to the degree of risk to the risk of hierarchy, and through the calculation of value at risk of an information system for validation. |
| |
| Keywords: | risk identification information assets threats vulnerability |
| 本文献已被 CNKI 维普 等数据库收录! |
|
