| 信息安全风险评估工具的设计与实现 |
| |
| 引用本文: | 孙鹏鹏,张玉清,韩臻. 信息安全风险评估工具的设计与实现[J]. 计算机工程与应用, 2007, 43(9): 95-98,135 |
| |
| 作者姓名: | 孙鹏鹏 张玉清 韩臻 |
| |
| 作者单位: | 北京交通大学,软件学院,北京,100044;中国科学院,研究生院,计算机网络入侵防范中心,北京,100039;中国科学院,研究生院,计算机网络入侵防范中心,北京,100039;北京交通大学,软件学院,北京,100044 |
| |
| 基金项目: | 国家自然科学基金 , 国家自然科学基金 , 中国科学院基金 |
| |
| 摘 要: | 研究了信息安全风险评估工具的分类方法与发展趋势,在参考国内外评估方法和评估工具的基础上,对风险评估工具进行了设计与实现。该工具是专家评估系统,根据自定义的安全策略和安全基线动态生成调查问卷表,运用定量和定性相结合的方法进行风险评估,为提高风险评估效率、确保评估结果的科学性提供了有力支持。
|
| 关 键 词: | 信息安全 风险评估 评估工具 |
| 文章编号: | 1002-8331(2007)09-0095-04 |
| 修稿时间: | 2006-11-01 |
Design and implementation of risk assessment tool |
| |
| SUN Peng-peng,ZHANG Yu-qing,HAN Zhen. Design and implementation of risk assessment tool[J]. Computer Engineering and Applications, 2007, 43(9): 95-98,135 |
| |
| Authors: | SUN Peng-peng ZHANG Yu-qing HAN Zhen |
| |
| Affiliation: | 1.School of Software, Beijing Jiaotong University, Beijing 100044, China; 2.National Computer Network Intrusion Protection Center,Graduate School of Chinese Academy of Sciences,Beijing 100039,China |
| |
| Abstract: | This paper studies on the sort method and developing trend of the information security risk assessment tool,then designs and implements a risk assessment tool based on referring to the domestic and foreign assessment methods and tools.This tool is an expert assessment system.It makes dynamic questionnaire based on the policy and baseline,and it also introduces into the quantitative and qualitative method,which improves the efficiency of risk assessment and ensures the results are more scientific. |
| |
| Keywords: | information security risk assessment assessment tool |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
