摘要
网络风险管理的目的是为确保通过合理步骤,以防止所有对网络安全构成威胁的事件发生。计算机网络风险防范模式包括风险防范策略、风险防范措施和实施风险防范。网络风险防范策略主要有:①当存在系统漏洞时,实现保证技术来降低弱点被攻击的可能性;②当系统漏洞被恶意攻击时,运用层次化保护、结构化设计以及管理控制将风险最小化或防止这种情形的发生;③当攻击者的成本比攻击得到更多收益时,运用保护措施,通过提高攻击者成本来降低攻击者的攻击动机;④当损失巨大时,运用设计原则、结构化设计以及技术或非技术类保护措施来限制攻击的程度,从而降低可能的损失。风险防范措施包括风险假设、风险规避、风险限制、风险计划、研究和了解、风险转移。在实施风险防范的过程中包括对行动进行优先级排序、评价建议的安全控制类别、成本-收益分析、选择风险防范控制、分配责任、制定安全措施实现计划、实现被选择的安全控制及残余风险分析。最后以某市政府官方门户网络应用系统为例进行了实证。
The objective of the network risk management is to prevent all incidents that threaten network security by reasonable steps.Computer network model,including risk prevention strategies,risk prevention measures and the implementation of risk prevention.Network risk prevention strategies are: ①When vulnerabilities exist,technology should ensure reducing the possibility of vulnerabilities being attacked;②when the system vulnerability is in a malicious attack,layered protection,structural design,and management control are used to minimize risk or to prevent the occurring;③when an attacker's attack cost is lower the benefits from attacks,the protective measures such as increasing the cost of the attacker are used to reduce the motivation of attackers;④when there is a large loss design principles,structural design and technical or non-technical protection measures are used to restrict the degree of attacks,and thus to reduce possible losses.Risk prevention measures include risk assumption,risk avoidance,risk limits,risk plan,research and understanding,and risk transfer.The implementation of risk prevention includes actions to prioritize,security control categories of evaluation,cost-benefit analysis,risk prevention and control selection,allocation of responsibilities,formulating safety measures to realize the target,achieving the selected security controls and residual risks analysis.Finally,a municipal official portal web is taken as an application example to demonstrate our analysis.
出处
《中国人口·资源与环境》
CSSCI
北大核心
2011年第2期96-99,共4页
China Population,Resources and Environment
基金
国家科技支撑计划重点项目"综合风险鉴别与防范技术研究"(编号:2006BAC18B06)
关键词
计算机
网络风险
防范模式
防范流程
computer
network risk
prevention model
prevention process