|
|||||
|
|
| 结合OCTAVE和灰色系统的信息安全风险评估方法 | |
| 引用本文: | 王晓箴,卢志刚,刘宝旭.结合OCTAVE和灰色系统的信息安全风险评估方法[J].北京邮电大学学报,2009,32(5):128-131. |
| 作者姓名: | 王晓箴 卢志刚 刘宝旭 |
| 作者单位: | 中国科学院,高能物理研究所计算中心,北京,100049;中国科学院,研究生院,北京,100049;中国科学院,高能物理研究所计算中心,北京,100049 |
| 基金项目: | 海南省自然科学基金项目,国家高技术研究与发展计划项目,国家科技支撑计划重点项目,北京市自然科学基金面上项目 |
| 摘 要: | 为提高评估准确性,提出一种定性和定量结合的评估算法. 在数据收集阶段采用可操作的关 键威胁、资产、弱点评估(OCTAVE)方法,从企业中不同阶层成员的视角出发,定义需要评 估的资产范围,并进行管理脆弱性与技术脆弱性评估. 在定量计算部分,利用灰色系统理论 ,在对指标进行归一化处理后,利用三角白化权函数计算其隶属度,从而确定风险等级. 实 验结果表明,本文方法可有效提高信息安全风险评估的准确性,并具较好的实用推广价值. |
| 关 键 词: | 风险评估 灰色系统 归一化方法 |
| 收稿时间: | 2008-12-15 |
| 修稿时间: | 2009-6-1 |
Algorithm of Information Security Risk Evaluation Based on OCTAVE and Grey System |
|
| WANG Xiao-zhen,LU Zhi-gang,LIU Bao-xu.Algorithm of Information Security Risk Evaluation Based on OCTAVE and Grey System[J].Journal of Beijing University of Posts and Telecommunications,2009,32(5):128-131. | |
| Authors: | WANG Xiao-zhen LU Zhi-gang LIU Bao-xu |
| Affiliation: | (1. Computing Center of Institute of High Energy Physics, Chinese Acad emy of Sciences, Beijing 100049, China; 2. Graduate of University, Chinese Academy of Science, Beijing 100049, China) |
| Abstract: | To make sure the assessment accuracy, an efficient algorithm with qualitative analysis and quantify calculate is described. To collect the data, the algorithm chooses the operationally critical threat, asset and vulnerability evaluation (OCTAVE) method, defining the assets which need to be assessed, evaluating the administrant and technical vulnerabilities. To calculate the risk, grey theory is chosen, and triangular whiten weight function is used to compute the membership degrees, the risk level is then determined. This valuable method can be used in practical operations of information security risk assessment. |
| Keywords: | risk evaluation grey system normalization method |
| 本文献已被 CNKI 万方数据 等数据库收录! | |
| 点击此处可从《北京邮电大学学报》浏览原始摘要信息 | |
| 点击此处可从《北京邮电大学学报》下载全文 | |