计算机工程
計算機工程
계산궤공정
COMPUTER ENGINEERING
2015年
4期
156-160,165
,共6页
复杂信息系统%企业架构%Zachman框架%风险评估%风险要素%评估流程
複雜信息繫統%企業架構%Zachman框架%風險評估%風險要素%評估流程
복잡신식계통%기업가구%Zachman광가%풍험평고%풍험요소%평고류정
Complex Information System( CIS)%Enterprise Architecture( EA)%Zachman framework%risk assessment%risk factor%assessment process
复杂信息系统( CIS)在系统风险管理和风险评估上因其结构复杂性而存在较大难度。为此,基于Zachman框架,提出一种CIS风险评估框架,并在GB/T 20984-2007信息安全技术-信息安全风险评估规范基础上,建立CIS的风险评估流程。依据风险管理层次与安全域划分原则对CIS进行架构分解,研究安全域内和域间的评估方法。在传统风险要素的基础上增加CIS互联关系的风险要素。引入互信息表征互联关系的关联度,利用层次分析法对风险权重进行评估。结合实例对CIS风险评估流程进行验证,结果表明,该流程可对CIS风险做出客观准确的评估。
複雜信息繫統( CIS)在繫統風險管理和風險評估上因其結構複雜性而存在較大難度。為此,基于Zachman框架,提齣一種CIS風險評估框架,併在GB/T 20984-2007信息安全技術-信息安全風險評估規範基礎上,建立CIS的風險評估流程。依據風險管理層次與安全域劃分原則對CIS進行架構分解,研究安全域內和域間的評估方法。在傳統風險要素的基礎上增加CIS互聯關繫的風險要素。引入互信息錶徵互聯關繫的關聯度,利用層次分析法對風險權重進行評估。結閤實例對CIS風險評估流程進行驗證,結果錶明,該流程可對CIS風險做齣客觀準確的評估。
복잡신식계통( CIS)재계통풍험관리화풍험평고상인기결구복잡성이존재교대난도。위차,기우Zachman광가,제출일충CIS풍험평고광가,병재GB/T 20984-2007신식안전기술-신식안전풍험평고규범기출상,건립CIS적풍험평고류정。의거풍험관리층차여안전역화분원칙대CIS진행가구분해,연구안전역내화역간적평고방법。재전통풍험요소적기출상증가CIS호련관계적풍험요소。인입호신식표정호련관계적관련도,이용층차분석법대풍험권중진행평고。결합실례대CIS풍험평고류정진행험증,결과표명,해류정가대CIS풍험주출객관준학적평고。
Research on Complex Information Systems( CIS) is a big difficulty on a system of risk management and risk assessment because of the complexity of the structure. Based on Enterprise Architecture( EA) Zachman framework and GB/T 20984-2007 standard information security risk assessment norms, this paper presents a complex model of information system risk assessment framework and establishes a risk assessment process CIS. Based on risk management hierarchy and principle of security domain, it decomposes the architecture of CIS and studies assessment within and between domains. On the basis of traditional risk factors, the paper increases interconnection risk factor as the specific factor to the CIS,it introduces correlation to characterize interconnection and AHP method. With examples of CIS risk assessment process is validated,results show that the process can make an objective and accurate assessment for CIS risk.
