信息安全与通信保密
信息安全與通信保密
신식안전여통신보밀
CHINA INFORMATION SECURITY
2012年
8期
59-61,64
,共4页
风险评估%风险要素%资产价值%威胁
風險評估%風險要素%資產價值%威脅
풍험평고%풍험요소%자산개치%위협
risk assessment%risk element%risk element asset value%threat
由于当前主流的信息安全风险评估方法仅关注系统组件的风险,很少立足于业务风险视角,难以满足业务人员、组织管理者等不同层面人员对信息安全风险的理解。文中提出了一:仲层次化风险评估方法来量化风险,该方法将信息系统安全风险分为组件级、系统级和组织级3个层面,分别关注系统单一组件的风险、单个信息系统风险和多个信息系统构成的组织总体风险。通过对3个层次风险的逐层分析,使得风险分析结果更为全面和客观地反映安全风险评估的层次化需求。
由于噹前主流的信息安全風險評估方法僅關註繫統組件的風險,很少立足于業務風險視角,難以滿足業務人員、組織管理者等不同層麵人員對信息安全風險的理解。文中提齣瞭一:仲層次化風險評估方法來量化風險,該方法將信息繫統安全風險分為組件級、繫統級和組織級3箇層麵,分彆關註繫統單一組件的風險、單箇信息繫統風險和多箇信息繫統構成的組織總體風險。通過對3箇層次風險的逐層分析,使得風險分析結果更為全麵和客觀地反映安全風險評估的層次化需求。
유우당전주류적신식안전풍험평고방법부관주계통조건적풍험,흔소립족우업무풍험시각,난이만족업무인원、조직관리자등불동층면인원대신식안전풍험적리해。문중제출료일:중층차화풍험평고방법래양화풍험,해방법장신식계통안전풍험분위조건급、계통급화조직급3개층면,분별관주계통단일조건적풍험、단개신식계통풍험화다개신식계통구성적조직총체풍험。통과대3개층차풍험적축층분석,사득풍험분석결과경위전면화객관지반영안전풍험평고적층차화수구。
The current methods for risk assessment of information security concern only the risk of system components, base seldom on business risk perspective. Thus, it is difficult to meet the comprehension on information security risk by the people from different levels. Such as the operational staff, organization's management personnel. This paper proposes a hierarchic risk assessment method for quantifying the risk, and this method divides the information systems security risks into three levels including component level, system level and organizational level, and these levels respectively pay attention to the risk of a single component, the risk of a single information system and the organization's overall risk constituted by multiple information system. Through level-by-level analysis on these three levels of risk, the risk analysis results could more comprehensively and objectively reflect the hierarchic requirements in security risk assessment.