摘要
对信息系统风险评估的方法有多种,该文提出了基于威胁分析的量化风险评估方法。包括其评估的步骤、量化的不同实现方式——绝对量化方式和相对量化方式、两种量化方式的优缺点分析以及两种量化方式评估的举例说明。
There are many risk assessment methods for information system, and in this paper the quantitative risk assessment method based on threat analysis is presented. The assessment processes, two kinds of quantitative practices, the absolute one and the relative one, and the analysis of the advantages and drawbacks for the two practices, also the example demonstrations are provided.
出处
《计算机工程》
CAS
CSCD
北大核心
2004年第18期56-58,共3页
Computer Engineering
基金
国家"863"计划基金资助项目:国家信息安全应急响应与风险评估技术研究
关键词
信息系统
风险评估
绝对量化
相对量化
Information system
Risk assessment
Absolute quantification
Relative quantification
