| 摘要: |
| 根据信息安全风险评估理论提出一种面向业务的风险评估方法。该方法明确将各类业务系统作为整体安全对象进行风险评估,并应用"故障树"方法对业务系统进行风险建模和风险计算。该方法是一种行之有效,易于操作的安全评估方法。 |
| 关键词: 信息安全风险评估 故障树方法 |
| DOI: |
| 投稿时间:2006-07-17 |
| 基金项目:广西留学回国人员科学基金项目(桂科回0342001);广西科技攻关项目(桂科攻0385001)联合资助 |
|
| A Risk Assessment Method for the Security of Applied Systems |
|
ZHAN Feng
|
| (School of Computer, Electronics and Information, Guangxi University, Nanning, Guangxi, 530004, China) |
| Abstract: |
| A risk evaluation method for applied systems in security is presented in terms of risk assessment knowledge of information systems.In this method,any applied system is considered as a whole object in security to be assessed.The "Fault tree analysis" is used to setup a risk model and to do risk calculation.The method is applied to concrete project of security evaluation.The result reveals that it is effective and easy in operation. |
| Key words: information security security evaluation Fault Tree analysis |
