| 信息系统风险评估标准与方法分析 |
| |
| 引用本文: | 吴震,王敏.信息系统风险评估标准与方法分析[J].成都信息工程学院学报,2010,25(4):377-381. |
| |
| 作者姓名: | 吴震 王敏 |
| |
| 作者单位: | 成都信息工程学院信息安全研究所,四川,成都,610225 |
| |
| 基金项目: | 四川省科技厅应用基础资助项目 |
| |
| 摘 要: | 介绍了常用的英国、ISO、中国等3种评估标准,并分析比较了BS7799和CA3标准的不同之处。同时,对信息安全风险评估中另一个重要内容——风险评估方法进行研究,给出了定量、定性、定性与定量相结合、基于“树”的技术、动态系统的技术等评估的方法,分析总结了各种方法的优缺点及其适用场合,为优选评估方案提供了理论依据。最后阐述了信息系统风险评估的发展趋势。
|
| 关 键 词: | 信息安全 风险评估 信息系统安全风险 标准 模型 方法 |
Survey of Standards and Methods of Information Security Risk Assessment |
| |
| WU Zhen,WANG Min.Survey of Standards and Methods of Information Security Risk Assessment[J].Journal of Chengdu University of Information Technology,2010,25(4):377-381. |
| |
| Authors: | WU Zhen WANG Min |
| |
| Institution: | ( Information Security Institute, CUIT, Chengdu 610225, China) |
| |
| Abstract: | Three kinds of security risk assessment standards are introduced in this paper. The British, ISO and Chinese assessment standards are depicted too, and the difSerence between BS7799 and CC standard is analysed as well. At the same time, the methods of risk assessment are researched including quantitive method, qualitative method, and the method by combination of the two, based on tree and dynamic system. The result shows us the characteristic of these methods and how to use them. Finally the development trend of information system security risk assessment is discussed. |
| |
| Keywords: | information security risk assessment information system security risk standards models methods |
| 本文献已被 维普 万方数据 等数据库收录! |
|
