作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2007, Vol. 33 ›› Issue (17): 149-152. doi: 10.3969/j.issn.1000-3428.2007.17.051

• 安全技术 • 上一篇    下一篇

综合风险评估工具的设计与实现

陈深龙,张玉清,毛 剑   

  1. (中国科学院研究生院国家计算机网络入侵防范中心,北京 100043)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2007-09-05 发布日期:2007-09-05

Design and Implementation of Integrated Risk Assessment Tool

CHEN Shen-long, ZHANG Yu-qing, MAO jian   

  1. (National Computer Network Intrusion Protection Center, Graduate University, Chinese Academy of Sciences, Beijing 100043)
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-09-05 Published:2007-09-05

摘要: 研究了信息安全风险评估工具的分类方法与发展趋势,在分析国内外多种风险评估方法的基础上,设计并实现了一个综合风险评估工具。该工具是多专家评估系统,集成了安全管理评价工具、系统软件评估工具和风险评估辅助工具3类工具的功能,运用定量和定性相结合的方法进行风险评估,为提高风险评估效率、确保评估结果的科学性提供了有力支持。

关键词: 信息安全, 风险评估, 评估工具

Abstract: This paper studies the sort method and development trend of the information security risk assessment tool, then designs and implements an integrated risk assessment tool based on the popular analyzing method of risk assessment. This tool is a multi expert assessment system. It integrates the functions of the assessment tool of security management, the assessment tool of system software and the assistant tool of risk assessment, and it also introduces the quantitative and qualitative method, which improves the efficiency of risk assessment and ensures the results are more scientific.

Key words: information security, risk assessment, assessment tool

中图分类号: