| 信息安全风险评估研究综述 |
| |
| 引用本文: | 刘莹,顾卫东.信息安全风险评估研究综述[J].青岛大学学报(工程技术版),2008,23(2):37-43. |
| |
| 作者姓名: | 刘莹 顾卫东 |
| |
| 作者单位: | 山东轻工业学院信息科学与技术学院,济南,250100;山东省计算中心,济南,250014 |
| |
| 摘 要: | 为全面了解信息安全风险评估的研究现状和前沿技术,介绍了风险评估的理论基础、评估模型、发展历程等相关知识,通过对国内外在信息安全风险评估方面的技术发展状况进行比较,探讨了信息安全风险评估的方法和工具。研究发现,我国在信息安全风险评估方面,还存在评估标准不规范、评估方法可操作性差等问题。应充分借鉴国外成熟经验,用完整的国际标准体系完善我国风险评估标准,用先进的OCTAVE框架改进现有的风险评估方法。
|
| 关 键 词: | 信息安全 风险评估 信息系统 |
Survey of Information Security Risk Assessment Research |
| |
| LIU Ying,GU Wei-dong.Survey of Information Security Risk Assessment Research[J].Journal of Qingdao University(Engineering & Technology Edition),2008,23(2):37-43. |
| |
| Authors: | LIU Ying GU Wei-dong |
| |
| Affiliation: | LIU Ying, GU Wei-dong(1. College of Information Science and Technology, Shandong Institute of Light Industry, Jinan 250100, China; 2. Shandong Computer Science Center, Jinan 250014, China) |
| |
| Abstract: | In order to get a comprehensive knowledge to the present situation and the frontier technique of the information security risk assessment, the article introduces in detail the correlative knowledge of the risk assessment, for example: theory, models, present situation and so on, compares the situation of the risk assessment technological developments between domestic and foreign countries, discusses methods and tools of the appraisal. Study shows that nonstandard and poor exercisable in appraisal implementation still exists in home. And it is necessary for us to consummate appraisal standard and improve appraisal methods using the mature foreign experience, for example: entire international standard system, OCTAVE and so on. |
| |
| Keywords: | information security risk assessment information system |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
