摘要
信息安全是制约电子商务发展的重要因素之一,安全风险的评估和量化是进行风险控制、保证交易安全的基础。该文分析了金融领域广泛使用的风险计算方法--VAR方法,在分析威胁、脆弱点及资产价值等风险因素的基础上,给出了风险因素的形式化表示及信息安全风险量化的VAR方法。通过仿真实验说明了VAR与安全投资之间的关系及利用VAR进行风险评估的意义。电子商务企业可以根据VAR值选择适当的控制措施,从而达到安全投资和风险的平衡。
Information security is a critical factor that restrain the development of E-commerce, security risk assessment and quantification is the foundation of risk control and trade security. In this paper, the value at risk (VAR) method used in the fields of financial risk assessment is introduced, the risk factors, threat, vulnerability, and assets are analized, and a risk quantification model and the method of calculating VAR are proposed. Simulation experiment shows the relationship between VAR and security investment as well as the significance of using VAR in risk assessment. E-commerce enterprises can select proper security control measures according to VAR and get a well trade-off between security investment and risk.
出处
《电子科技大学学报》
EI
CAS
CSCD
北大核心
2009年第S1期61-64,共4页
Journal of University of Electronic Science and Technology of China
基金
山东省教育厅科技计划(J07YJ14)
关键词
资产
风险量化
威胁
在险价值
脆弱点
assets
risk quantification
threat
value at risk
vulnerability
