检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]中国信息安全测评中心,北京100085 [2]上海三零卫士信息安全有限公司,上海200232
出 处:《信息安全与通信保密》2012年第8期59-61,64,共4页Information Security and Communications Privacy
摘 要:由于当前主流的信息安全风险评估方法仅关注系统组件的风险,很少立足于业务风险视角,难以满足业务人员、组织管理者等不同层面人员对信息安全风险的理解。文中提出了一种层次化风险评估方法来量化风险,该方法将信息系统安全风险分为组件级、系统级和组织级3个层面,分别关注系统单一组件的风险、单个信息系统风险和多个信息系统构成的组织总体风险。通过对3个层次风险的逐层分析,使得风险分析结果更为全面和客观地反映安全风险评估的层次化需求。The current methods for risk assessment of information security concern only the risk of system components, base seldom on business risk perspective. Thus, it is difficult to meet the comprehension on information security risk by the people from different levels. Such as the operational staff, organization's management personnel. This paper proposes a hierarchic risk assessment method for quantifying the risk, and this method divides the information systems security risks into three levels including component level, system level and organizational level, and these levels respectively pay attention to the risk of a single component, the risk of a single information system and the organization's overall risk constituted by multiple information system. Through level-by-level analysis on these three levels of risk, the risk analysis results could more comprehensively and objectively reflect the hierarchic requirements in security risk assessment.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.139.100.28
