计算机科学 ›› 2010, Vol. 37 ›› Issue (5): 45-48.
• 计算机网络与信息安全 • 上一篇 下一篇
刘勇,林奇,孟坤
出版日期:
发布日期:
基金资助:
LIU Yong,LIN Qi,MENG Kun
Online:
Published:
摘要: 针对信息系统风险评估中过分依赖主观赋值的现象,提出了基于信息嫡的风险评估方法,该方法通过构建威胁一脆弱性矩阵和威胁一损失矩阵,并对所构建的矩阵用信息嫡方法分别对其行和列进行处理,从而降低了对主观赋值的依赖性,提高了结果的准确性。最后结合中小企业的实际,设计了一套方便可行的评估流程。利用该方法对典型的企业信息系统进行了实例分析,说明了该方法的有效性。
关键词: 信息熵,风险评估,定量方法,企业信息系统
Abstract: For the security risk assessment, the result always relies on the value assigned by some ctueries directly. In order to assess the information system of an enterprise objectively, we proposed an security risk assessment method based on information entropy. By constructing the matrix of Threat-Vulnerability and the matrix of Threat-Loss, we can enhance the result accuracy through dealing with the data of the matrixes by the method of the information entropy.In the end of the paper, we gave an example to explain the efficiency of the proposed method by analyzing an special enterprise information system
Key words: Information entropy, Security risk assessment, Quantitive method, Enterprise information system
刘勇,林奇,孟坤. 一种基于信息熵的企业信息系统的安全风险定量评估方法[J]. 计算机科学, 2010, 37(5): 45-48. https://doi.org/
LIU Yong,LIN Qi,MENG Kun. Research on Quantitive Security Risk Assessment Method of an Enterprise Information System Based on Information Entropy[J]. Computer Science, 2010, 37(5): 45-48. https://doi.org/
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://www.jsjkx.com/CN/
https://www.jsjkx.com/CN/Y2010/V37/I5/45
Cited
首页