資源描述:
《基于風(fēng)險(xiǎn)傳播的信息安全評(píng)估方法研究與應(yīng)用》由會(huì)員上傳分享,免費(fèi)在線(xiàn)閱讀,更多相關(guān)內(nèi)容在學(xué)術(shù)論文-天天文庫(kù)。
1、上海交通大學(xué)碩士學(xué)位論文基于風(fēng)險(xiǎn)傳播的信息安全評(píng)估方法研究與應(yīng)用姓名:王巍申請(qǐng)學(xué)位級(jí)別:碩士專(zhuān)業(yè):軟件工程指導(dǎo)教師:楊根興;蔡立志20081101基于風(fēng)險(xiǎn)傳播的信息安全評(píng)估方法研究與應(yīng)用評(píng)估是一個(gè)重要環(huán)節(jié),以確保資源能夠集中于風(fēng)險(xiǎn)較大的資產(chǎn)。筆者根據(jù)設(shè)計(jì)的風(fēng)險(xiǎn)評(píng)估流程和計(jì)算方法,對(duì)該的相關(guān)人員進(jìn)行了大量的訪(fǎng)談,引導(dǎo)組織相關(guān)人員根據(jù)設(shè)計(jì)確定的分類(lèi)賦值標(biāo)準(zhǔn)對(duì)組織的資產(chǎn)、威脅和脆弱性進(jìn)行了評(píng)估和賦值。最后根據(jù)設(shè)計(jì)的計(jì)算方法對(duì)組織資產(chǎn)的風(fēng)險(xiǎn)進(jìn)行了量化評(píng)估,得到了較好的量化評(píng)估效果,比較客觀地反映了組織資產(chǎn)的信息安全風(fēng)險(xiǎn)水平。關(guān)鍵字風(fēng)險(xiǎn)評(píng)估,信息安全,風(fēng)險(xiǎn)傳播,威脅,脆弱性基于風(fēng)險(xiǎn)傳播的信息安
2、全評(píng)估方法研究與應(yīng)用STUDYANDAPPLICATIONOFPROPAGATION-BASEDINFORMATIONSECURITYRISKASSESSMENTABSTRACTTheinformationsecurityproblemisnotonlybasedonthetechnologyanymore,butalsoitisbecomingaglobalproblemwhichisconcerningwithnationsecurity.It'sextremelyurgentfacingtotheworldthathowtomakeajudgmentonwhetherthein
3、fosystemcanreachthesecurityneedsorhowtoenhancethemanagementscientificallyontheinformation.Theriskassessmenthelpstomakethosegoalscometrue.Thesafetyrequirementscanbegeneralizedduringtheprocedureofriskassessment,theriskofinformationwillbemoreunderstandableandtheresourcesandeffortswillbeputonthosem
4、ostriskyinformationassets.Thequestionishowtoassesstheriskmorescientifically.Herethisarticleisresearchingthemaintheoriesonriskassessmentofinfosecurity,frameworks,processingprocedures,regularmethodsonevaluating,andtherelatedsecuritystandards.Accordingtheresearch,thereisadeficiencyinriskevaluation
5、oncurrentexistingtheoriesofinfosecurity,whichistheriskpropagation,whichhasnotbeenconsideredasaimportantelementinthosetheories.Thisarticlewillintroduceanimprovedmethodforriskevaluationbasedonpropagation,whichconsideredboththeriskinitiatedbytheassetandtheriskexpandedfromtheotherassets.Theresultwi
6、llbemuchclosertothefacts.Meanwhileconsideringthevarietyaffectiononconfidentiality、integrity、availabilityoftheassetsmadebytherisk,thenewimprovingformulaused“judgmentmatrix”toidentifythedifferentweightingfunctionofthreatsandvulnerabilityrelatetothedestructivelevelonconfidentiality、integrity、avail
7、abilityofassets.Atthelastpart,theimprovedmethodwillbeappliedonarealprojectappraisal.ThemaintargetofthisprojectistoestablishtheinfosecuritysystembasedonISO27001.Duringtheconstruction,riskevaluationisanimportantsegmentwhichensurewhe