| 信息系统安全风险评估研究 |
| |
| 引用本文: | 陈颂,王光伟,刘欣宇,杜娟.信息系统安全风险评估研究[J].通信技术,2012,45(1):128-130. |
| |
| 作者姓名: | 陈颂 王光伟 刘欣宇 杜娟 |
| |
| 作者单位: | 1. 北京市装甲兵工程学院信息系计算机教研室,北京,100072
2. 北京市96610部队,北京,102208 |
| |
| 摘 要: | 介绍信息系统安全风险分析的概念,分析安全风险评估的基本要素和常见的系统风险评估模式。文章在此基础上,系统性考虑了信息系统所面临的安全威胁、存在的脆弱性以及已经确知的安全控制策略等因素,提出一种信息系统安全风险评估的流程,从而提高风险评估的准确性。提出的安全风险评估流程,综合考虑了信息系统所面临安全威胁、潜在脆弱性以及安全防护确知等因素,可以在一定程度上提高安全风险评估的有效性和准确性。
|
| 关 键 词: | 信息系统 信息安全 风险评估 等级防护 |
Study on Security Risk Assessment for Information System |
| |
| CHEN Song
,
WANG Guang-wei
,
LIU Xin-yu
,
DU Juan.Study on Security Risk Assessment for Information System[J].Communications Technology,2012,45(1):128-130. |
| |
| Authors: | CHEN Song WANG Guang-wei LIU Xin-yu DU Juan |
| |
| Affiliation: | 1.Computer Section of Information Engineering Department, Academy of Armored Forces Engineering, Beijing100072, China; 2.PLA Unit 96610, Beijing i02208, China) |
| |
| Abstract: | The concept of security risk assessment for information system is given. The essential factors and common methods for security risk assessment are analyzed. Based on those and in consideration of the confronted threats, potential vulnerabilities, and some determined strategies for security control, a process of security risk assessment for information system is proposed. The proposed assessment process could improve the accuracy of security risk assessment, and by comprehensively considering the confronted potential security threats, the existing vulnerabilities and security unascertainable factors, could raise efficiency and accuracy of the security risk assessment. |
| |
| Keywords: | information system information security risk assessment classified securityprotection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
