基于知识的信息安全风险评估方法

Q4 Computer Science Journal of China Universities of Posts and Telecommunications Pub Date : 2013-12-01 DOI:10.1016/S1005-8885(13)60220-4

Ji-zheng GUAN , Ming-tao LEI , Xiao-lu ZHU , Jian-yi LIU

{"title":"基于知识的信息安全风险评估方法","authors":"Ji-zheng GUAN , Ming-tao LEI , Xiao-lu ZHU , Jian-yi LIU","doi":"10.1016/S1005-8885(13)60220-4","DOIUrl":null,"url":null,"abstract":"<div><p>It is an important function for managers to keep away from information security risks. With the increasing complex and scale of information systems, information system security risks may be more difficult to assess and strategies for risk reduction may be lack of objectivity. To solve this problem, this paper proposes a knowledge-based information security risk assessment method in which basic rules and specific rules are defined to match every asset, threat and vulnerability. Basic rules are defined as the rules without influence of external relationships. Specific rules are defined as the rules by user group. Performance analysis shows this method could increase efficiency and ensure accuracy of risk assessment.</p></div>","PeriodicalId":35359,"journal":{"name":"Journal of China Universities of Posts and Telecommunications","volume":"20 ","pages":"Pages 60-63"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/S1005-8885(13)60220-4","citationCount":"7","resultStr":"{\"title\":\"Knowledge-based information security risk assessment method\",\"authors\":\"Ji-zheng GUAN , Ming-tao LEI , Xiao-lu ZHU , Jian-yi LIU\",\"doi\":\"10.1016/S1005-8885(13)60220-4\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>It is an important function for managers to keep away from information security risks. With the increasing complex and scale of information systems, information system security risks may be more difficult to assess and strategies for risk reduction may be lack of objectivity. To solve this problem, this paper proposes a knowledge-based information security risk assessment method in which basic rules and specific rules are defined to match every asset, threat and vulnerability. Basic rules are defined as the rules without influence of external relationships. Specific rules are defined as the rules by user group. Performance analysis shows this method could increase efficiency and ensure accuracy of risk assessment.</p></div>\",\"PeriodicalId\":35359,\"journal\":{\"name\":\"Journal of China Universities of Posts and Telecommunications\",\"volume\":\"20 \",\"pages\":\"Pages 60-63\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1016/S1005-8885(13)60220-4\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of China Universities of Posts and Telecommunications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1005888513602204\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"Computer Science\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of China Universities of Posts and Telecommunications","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1005888513602204","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 7

摘要

防范信息安全风险是管理者的一项重要职能。随着信息系统的复杂性和规模的增加，信息系统安全风险的评估难度加大，降低风险的策略缺乏客观性。针对这一问题，本文提出了一种基于知识的信息安全风险评估方法，该方法通过定义基本规则和具体规则来匹配各种资产、威胁和漏洞。基本规则是指不受外部关系影响的规则。具体规则是按用户组定义的规则。性能分析表明，该方法可以提高效率，保证风险评估的准确性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Knowledge-based information security risk assessment method

It is an important function for managers to keep away from information security risks. With the increasing complex and scale of information systems, information system security risks may be more difficult to assess and strategies for risk reduction may be lack of objectivity. To solve this problem, this paper proposes a knowledge-based information security risk assessment method in which basic rules and specific rules are defined to match every asset, threat and vulnerability. Basic rules are defined as the rules without influence of external relationships. Specific rules are defined as the rules by user group. Performance analysis shows this method could increase efficiency and ensure accuracy of risk assessment.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of China Universities of Posts and Telecommunications Computer Science-Information Systems

CiteScore

0.50

自引率

0.00%

发文量

1878