检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]重庆邮电大学计算机科学与技术学院,重庆400065 [2]北京印刷学院计算机科学系,北京102600 [3]重庆邮电大学通信与信息工程学院,重庆400065
出 处:《计算机应用》2009年第12期3178-3181,共4页journal of Computer Applications
基 金:国家自然科学基金资助项目(40801214)
摘 要:针对信息安全风险评估中风险要素关系复杂、评价因素难以准确度量的问题,以威胁为中心组织风险要素、建立风险评估模型并实现基于可拓集的风险评价方法。此模型应用资产、弱点和控制措施对威胁发生可能性和后果进行评估,并呈现系统风险的层次结构。基于此模型,可拓集方法将评价因素的定性表达区间化并利用区间关联函数实现定性向定量的转化,然后根据定量的风险关联度向量对系统风险做出定性的判决,从而实现系统风险的定性与定量相结合的评估。具体的实例分析表明了此方法的可行性和有效性。In the process of information security risk assessment, there are complex relationships between risk elements and it is also difficult to accurately measure risk evaluation factors. The paper proposed a risk assessment model which took threat as a center to organize risk elements and a risk evaluation method based on extensible set. The model displayed a hierarchical structure for system risk, in which the possibility and consequences of threat were evaluated by three risk factors -asset, vulnerability and control measure. Based on this model, the extensible set method translated qualitative determination into quantitative result by mapping qualitative expression to interval and using interval dependent function and made a qualitative judgment according to a quantitative risk-correlation vector, and therefore, could combine quantitative and qualitative methods to evaluate system risk. A specific example illustrates that the method is feasible and effective.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.3