摘要
对比分析各种类型的风险评估方法,提出数字图书馆信息安全风险评估宜采用定性与定量相结合的半定量分析法。介绍国际标准ISO 27000、中国国家标准GB/T 20984及实际工作中常用的几种不同的评估模型,分析它们的异同与优缺点,讨论它们对数字图书馆信息安全管理的适用性,并通过具体的测评实践及理论分析证明宜采用中国国家标准GB/T 20984中的相乘法作为数字图书馆信息安全风险评估的实践模型。
Based on a comparison and an analysis of various risk assessment methods, this paper proposes that a digital library should take a semi-quantitative analysis as the information security risk assessment method, which integrates both qualitative and quantitative methods. In terms of risk assessment model, the paper introduces a few assessment models from ISO 27000, GB/T 20984 and other frequently used in practical work. Comparing these models and their weaknesses and strengths, the paper then probes into their applicability in the information security management of digital libraries. The practical tests of these risk assessment methods in real work and theoretical analysis proves that the best risk assessment model for information security risk assessment of digital libraries is the multiplication model from the GB/T 20984, a national standard of China.
出处
《图书情报工作》
CSSCI
北大核心
2014年第2期14-20,共7页
Library and Information Service
基金
国家社会科学基金重点项目"数字图书馆信息安全管理标准规范研究"(项目编号:12ATQ001)研究成果之一
