| 信息安全评估的模型和方法研究 |
| |
| 引用本文: | 李禾,王述洋.信息安全评估的模型和方法研究[J].中国安全科学学报,2007,17(2):144-148. |
| |
| 作者姓名: | 李禾 王述洋 |
| |
| 作者单位: | 1. 东北林业大学信息与计算机工程学院,哈尔滨,150040
2. 东北林业大学机电工程学院,哈尔滨,150040 |
| |
| 摘 要: | 提出了信息系统安全评估及弱点管理的工作模型;明确了信息安全评估中涉及的资产、资产价值、威胁、弱点等基本概念;给出了资产赋值、威胁、弱点量化原则;同时对信息系统安全评估及弱点管理的工作模型,及综合的风险计算模型和公式给以介绍。研究工作旨在为信息安全评估工作和后续的弱点管理工作提供理论依据和参考,以提高风险评估的质量和效果,为企业的信息安全评估提供了支撑平台。同时对安全信息库的建设方式、企事业单位的信息安全评估管理体系的建设提出建议。
|
| 关 键 词: | 弱点管理 安全弱点 漏洞评估 威胁 资产 |
| 文章编号: | 1003-3033(2007)02-0144-05 |
| 收稿时间: | 2006-11-02 |
| 修稿时间: | 2007-01-31 |
Research on the Model and Methods of Information Security Assessment |
| |
| LI He,WANG Shu-yang.Research on the Model and Methods of Information Security Assessment[J].China Safety Science Journal,2007,17(2):144-148. |
| |
| Authors: | LI He WANG Shu-yang |
| |
| Abstract: | This paper presents a working model for information system security evaluation and related vulnerability management, defines some basic concepts in information security evaluation such as assets, value of assets, threat and vulnerability, and then puts forward some principles for the quantification of these concepts. Meanwhile, this working model, integrated model for risk calculation, and some related formulas are also introduced in detail. This research, on the one hand, aims to provide theoretical references for information security evaluation and subsequent vulnerability management, to improve the quality of risk assessment and to provide supporting platform for the assessment of enterprises' information security, and on the other, this research can also achieve some beneficial proposals for the construction of enterprises' information security evaluation management system. |
| |
| Keywords: | vulnerability management security vulnerability vulnerability evaluation threats asset |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
