摘要
传统信息安全风险评估模型只考虑资产、威胁及脆弱性要素已不再适用,为准确对信息安全风险进行评估,提出基于安全防控措施的信息安全风险评估模型,并运用相乘法原理计算综合风险值判定安全等级,与传统评估模型进行对比,得出评估模型具有直观、准确性高等特点。
The traditional information security risk assessment model are no longer applicable that only considers that assets,threats and vulnerabilities.In order to accurately assess information security risks,an information security risk assessment model based on security prevention and control measures is proposed,and the principle of multiplication is applied to calculate the comprehensive risk value and to determine the safety level.A comparsion of the proposed model with the traditional model concludes that the new model is intuitive and accurate.
作者
赵蕾
李宗容
景延嵘
李楠芳
李胜春
ZHAO Lei;LI Zongrong;JING Yanrong;LI Nanfang;LI Shengchun
出处
《青海电力》
2018年第3期13-15,44,共4页
Qinghai Electric Power
关键词
信息安全
风险评估
风险值
相乘法
information security
risk assessment
risk value
multiplication
