期刊名称:International Journal of Information and Network Security (IJINS)
印刷版ISSN:2089-3299
出版年度:2014
卷号:3
期号:3
DOI:10.11591/ijins.v3i3.6137
语种:English
出版社:Institute of Advanced Engineering and Science
摘要:The current information security risk evaluation methods are only concerned with the risk of system components, rarely based on business risk perspective. Thus, it is difficult to meet different levels of information security risk comprehension such as the operational staff and the organization's manager. This paper proposes a hierarchical risk evaluation method based on asset dependence chain to quantify the hierarchical risk, the information systems security risks are divided into three levels: the component level, system level and organizational level. By analyzing the assets dependence in three levels, a "business systems-information systems-system components" assets dependence chain is formed. In the end, a hierarchical risk calculation method is presented. The risk analysis result can reflect the level of security risk evaluation needs more comprehensively and objectively.
Loading...
