摘要
为了在风险评估过程中更全面地考虑关键资产、威胁、脆弱性和控制措施等要素之间的关系,更贴切地得到最终风险排序结果,根据当前国家信息安全风险评估相关规范标准,提出一种基于场景校验的风险评估算法。算法中,通过在常规的风险评估算法模型中先后引入了两次不同的场景校正因子s1和s2,应对不同项目场景中各要素之间关系复杂多变的特点进行了控制,从而使得到的风险排序结果能够更为准确地展现实际的风险情况。
For the full consideration of the relationship among between key assets,threats,vulnerabilities,and control measures,and the acquirement of more appropriate results in the risk assessment process,a risk assessment algorithm based on scene check is proposed in accordance with the at-present state information security assessment standards.This algorithm improves risk ranking results by introducing scene-check factors s1 and s2 into the normal model,thus to control the impact of complex relationship among between all the factors in the scenes of different projects.
出处
《信息安全与通信保密》
2010年第9期70-72,共3页
Information Security and Communications Privacy
关键词
风险评估
模型
场景校验
risk evaluation
model
scene check
