CAJ | 학술논문

依据资产、脆弱性、威胁等风险评估基本要素,提出一种基于Markov方法、以威胁为核心的高校信息安全风险评估模型.通过运用Markov,德尔菲集体讨论法,层次分析法等方法得到威胁发生的概率、威胁的后果属性、属性值及其权重,进而计算出威胁指数.利用威胁指数对风险进行排序,为制定有针对性的高校信息安全风险管理策略提供科学的依据.并着重对不同方法选取的初始概率值对最终结果影响进行了比较分析,发现初始概率对最终的结果影响很大.
의거자산、취약성、위협등풍험평고기본요소,제출일충기우Markov방법、이위협위핵심적고교신식안전풍험평고모형.통과운용Markov,덕이비집체토론법,층차분석법등방법득도위협발생적개솔、위협적후과속성、속성치급기권중,진이계산출위협지수.이용위협지수대풍험진행배서,위제정유침대성적고교신식안전풍험관리책략제공과학적의거.병착중대불동방법선취적초시개솔치대최종결과영향진행료비교분석,발현초시개솔대최종적결과영향흔대.
With the rapid development of information construction in colleges and universities, information security risk assessment is im-perative. This paper presents a universities' information security risk assessment model based on Markov method and menace analysis. By using Markov, Delphi collective discussion and the Analytic Hierarchy Process(AHP), the probability of occurrence of the threat, the property of the consequences of the threat, property values and their weights are arrived at, then menace index is calculated. The menace index is then used to rank risks involved, thus provides a scientific basis for developing appropriate information security risk management strategy in universities. And with a focus on the effects of the initial probability value selected by different methods on the final result, the comparative analysis conducted finds a significant impact on the final result by the initial probability.