| 半量化的信息安全风险评估计算模型 |
| |
| 引用本文: | 桂若柏.半量化的信息安全风险评估计算模型[J].信息安全与通信保密,2009(9):110-112. |
| |
| 作者姓名: | 桂若柏 |
| |
| 作者单位: | 中国电信股份有限公司海南系统集成分公司,海南,海口,570105 |
| |
| 摘 要: | 论文针对信息安全评估过程中风险值的计算问题,在风险评估的概念基础上,提出了以风险管理为核心的评估模型。具体分析了该模型中资产、脆弱性、威胁等关键因素的属性、评估方式、赋值计算方法,然后根据评估模型的风险增减关系得出风险值的计算公式,并提供了形象的计算示例。由于在赋值计算过程中大量依赖评估者的经验,风险值的具体数额未必完全精确反映风险状况,论文遵循先定量后定性的理念,提出了半量化的风险分类矩阵,将风险值对照矩阵的区间值得出信息资产风险严重程度的分类评价,以便归类处置。
|
| 关 键 词: | 半量化 风险 评估 计算 模型 |
A Semi-quantitative Information Security Risk Assessment Model |
| |
| GUI Ruo-bai.A Semi-quantitative Information Security Risk Assessment Model[J].China Information Security,2009(9):110-112. |
| |
| Authors: | GUI Ruo-bai |
| |
| Affiliation: | GUI Ruo-bai (Hainan System Integration Branch, China Telecom Corporation Limited, Haikou Hainan 570105, China) |
| |
| Abstract: | To calculate the risk value in risk assessment, a model for information security risk assessment is proposed in this paper, which takes risk management as the core. The author specifically analyzes the key factors of the model, such as asset, vulnerability, threat, and deduces the calculation formula for risk value in accordance with the increase or decrease of the risk. Because the assessment result depends heavily on assessor's experience, the specific amount of risk value may not reflect the risk status comprehensively and accurately. Thus, the author proposes a semi-quantitative risk matrix, and with risk value level in matrix points out the risk seriousness of information asset. |
| |
| Keywords: | semi-quantitative risk assessment calculation model |
| 本文献已被 维普 万方数据 等数据库收录! |
|
