计算机工程

• 安全技术 • 上一篇    下一篇

模糊认知图在信息安全风险评估中的应用研究

陈宇,王亚弟,王晋东,王娜   

  1. (解放军信息工程大学 密码工程学院,郑州 450004)
  • 收稿日期:2015-07-16 出版日期:2016-07-15 发布日期:2016-07-15
  • 作者简介:陈宇(1977-),男,讲师、博士研究生,主研方向为信息安全风险评估、无线传感器网络安全;王亚弟,教授、博士生导师;王晋东,教授;王娜,副教授。
  • 基金项目:

    国家部委基金资助项目。

Application Research on Fuzzy Cognitive Map in Information Security Risk Assessment

CHEN Yu,WANG Yadi,WANG Jindong,WANG Na   

  1. (Institute of Cipher Engineering,PLA Information Engineering University,Zhengzhou 450004,China)
  • Received:2015-07-16 Online:2016-07-15 Published:2016-07-15

摘要:

由于各类信息安全风险评估标准过于复杂,企业在实施中大多只能替代性地选择按照安全标准进行建设,从而导致安全措施与系统实际情况不符,无法根据系统变化快速调整。针对该问题,提出一种实施难度低的风险评估方法。利用模糊认知图获取资产间关系,通过模糊认知图推理过程计算系统风险值。以一个移动办公信息系统为例对方法进行应用研究,结果表明,该方法效率高、成本低,能够及时、合理地反映系统的风险状态。

关键词: 模糊认知图, 信息安全, 风险评估, 资产增值树, 风险聚合

Abstract:

Since various types of information security risk assessment standards are too complex,as an alternative,most enterprises can only choose to do construction in accordance with safety standards in implementation.This always leads to a substantial gap that security measures are not for particular systems and cannot be quickly adjusted according to the changes of the system.To deal with these problems,this paper proposes a risk assessment method with low difficulty of implementation.In this method,Fuzzy Cognitive Map(FCM) is used to capture dependencies between assets FCM reasoning process is used to calculate the value of systemic risks.An application of the method is studied using an example of a mobile office system.Results indicate that the proposed method is efficient and low-cost.It can reflect the risk status of the system promptly and appropriately.

Key words: Fuzzy Cognitive Map(FCM), information security, risk assessment, asset value-added tree, risk aggregation

中图分类号: