摘要
按照信息安全风险评估流程,说明了资产识别、威胁识别和脆弱性识别的方法和量化标准,选择适当的、符合国家评估标准的风险计算分析模型,提出一种信息资产安全风险值计算方法,采用二维矩阵法计算安全事件的风险值,对风险值对应的风险程度进行风险等级划分,并通过计算一个信息系统的风险值进行验证。
according to the information security risk assessment process, illustrates the asset identification, threat identification and vulnerability identification method and the quantitative criteria , select the appropriate, in line with national assessment standard ofrisk analysis model, puts forward a kind of information assets security risk value calculation method, the two-dimensional matrix method to calculate the risk value of the security incident, the risk value corresponding to the degree of risk to the risk of hierarchy, and through the calculation of value at risk of an information system for validation.
出处
《网络安全技术与应用》
2014年第5期163-164,共2页
Network Security Technology & Application
基金
江苏省高等职业院校国内高级访问学者计划资助项目(2013)
关键词
风险识别
信息资产
威胁
脆弱性
risk identification
information assets
threats
vulnerability