| 信息安全风险评估工具及其应用分析 |
| |
| 引用本文: | 陈清明,张俊彦. 信息安全风险评估工具及其应用分析[J]. 信息安全与通信保密, 2010, 0(1): 93-95 |
| |
| 作者姓名: | 陈清明 张俊彦 |
| |
| 作者单位: | 上海市信息安全测评认证中心,上海,200011 |
| |
| 摘 要: | 信息安全风险评估是信息安全保障工作中的一种科学的方法。要准确地评价信息系统中的薄弱点和风险状况,除依靠评估人员的技能外,评估工具也是一个重要的环节。文中对风险评估中常用的工具进行分析,分别介绍了主动型、被动型和管理型风险评估工具在风险评估工作中的工作机制与作用,并通过实例展示如何利用评估工具引导评估人员得到相对客观的结果。
|
| 关 键 词: | 信息安全 风险评估 评估工具 |
Tools for and Their Applications in Information Security Risk Assessment |
| |
| CHEN Qing-ming,ZHANG Jun-yan. Tools for and Their Applications in Information Security Risk Assessment[J]. China Information Security, 2010, 0(1): 93-95 |
| |
| Authors: | CHEN Qing-ming ZHANG Jun-yan |
| |
| Affiliation: | CHEN Qing-ming,ZHANG Jun-yan (Shanghai Information Security Testing Evaluation , Certification Center,Shanghai 200011,China) |
| |
| Abstract: | Information security risk assessment is a scientific method for insurance of information security. In order to exactly evaluate the vulnerability and risk, this insurance job depends on the skill of the evaluator, furthermore, the risk-assessment tools also play on important role. This paper presents the techniques and functions of the commonly-used tools, including the passive tools, active tools and administrative tools. Meanwhile, through many cases, the authors show how to guide the evaluator to acquire... |
| |
| Keywords: | information security risk assessment assessment tool |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
