The research of information security risk assessment method
出版社:
- 会议名称:International Conference on Networked Computing and Advanced Information Management(NCM 2010)
- 举办地点:Seoul,Korea (South)
- 举办日期:Aug 16-18,2010
- 页数:370-375
摘要内容:
Fault tree technology has been broadly used in the industry system but seldom used in the field of risk assessment for information system. In this study, by consulting the standard of BS7799, the fault tree technology is introduced to evaluate the risks of information system. Based on integrity, usability and confidentiality of information system, fault tree model for the information system is established. This model can quantitatively calculate the risk faced by the system; tree framework structure was adopted to analyze faults, which can be easily understood and programmed; Importance of every bottom faults was carefully analyzed, which offers the new model and effective implementation for the risk analysis and the searching of fault sources. In this research, an idiographic example was used to demonstrate the method and to validate the algorithms.
关键词:
- Information security;Risk assessment;Fault tree analysis