OALib Journal期刊
ISSN: 2333-9721
费用：99美元

投递稿件

查看量	下载量

相关文章
更多...

南京师范大学学报(工程技术版) 2010

一种融合实体行为信任的风险评估模型

, PP. 72-79

徐育雄,窦万峰

Keywords: 资产评估,脆弱性评估,威胁评估,风险评估,信息熵,行为信任

Full-Text Cite this paper Add to My Lib

Abstract:

针对信息系统风险难以准确量化的问题,通过对信息系统风险影响要素资产、脆弱性和威胁的识别、分析与量化,提出了一种新的风险评估模型.该模型考虑三者之间的内在联系,综合计算系统的固有风险.同时考虑到信息系统的风险还受到外部实体行为信任的影响,给出一种融合实体行为信任的风险计算方法.在威胁评估过程中,通过信息熵理论确定各影响因素的权重,克服了直接赋值确定权重的主观判断方法,使评估结果更加客观和准确.应用实例表明融合实体行为信任风险计算系统的风险是合理的,该方法能够较好地评估信息系统的风险.

References

[1]	[ In ternational Organ ization for Standa rd iza tion, Interna tiona l E lectrotechn ica l Comm ission. ISO / IEC 13335 Inform a tion Techno logy-Guide lines for theM anag em ent o f IT Secur ity [ S /OL]. [ 2010-09-01]. http: / /www. csa- in t.l org /onlinestore /Ge tcatalog ltemDeta ils. asp? m at= 2416204&Parent= 3548.
[2]	[ Secco F lyM anagement C onsulting Company. BS7799 and ISO / IEC 17799 Inform ation Security M anag em ent Sy stem and its Certifica tion and Accred itation Re la ted Know ledge Interlocu tion[M ]. Be ijing: Ch ina Standard Press, 2003.
[3]	[ Saaty T L. H ow to m ake a dec ision: the ana lytic hierarchy pro cess[ J]. European Journal of Operation Research, 1990, 48 ( 1): 9-12.
[4]	[ 张润莲, 武小年, 周胜源, 等. 一种基于实体行为风险评估的信任模型[ J]. 计算机学报, 2009, 32( 4): 688-698. Zhang Run lian,W u X iaon ian, Zhou Shengyuan, e t a.l A trust m ode l based on behav iors risk eva luation[ J]. Ch inese Journal o f Computers, 2009, 32( 4): 688-698. ( in Chinese)
[5]	[ 范红, 闵京华. 信息安全风险管理指南[ D]. 北京: 国务院信息化工作办公室, 2006. Fang H ong, M in Jinghua. Inform ation Secur ityR iskM anagem ent Gu ide[ D] . B eijing: Sta te Counc il In fo rm atization O ffice, 2006. ( in Chinese)
[6]	[ A sna rY, G iorg ini P. M ode lling and Ana ly sing R isk at Organ izationa lLeve,l DIT-06-063[ R ]. Ita ly: Un ive rsity of Tren to, 2006.
[7]	[ A snar Y, G iorg ini P, M y lopou lo s J. R iskM ode lling and Reasoning in Go alM ode ls, D IT-06-008[ R]. Ita ly: Un ive rs ity o f Trento, 2006.
[8]	[ A snar Y, G iorg ini P, FabioM assacc,i e t a.l From T rust to Dependability Through R isk Analysis, DIT-06-079[ R /OL]. Ita ly: Un iversity o f Trento, 2006.
[9]	[ J?sang A, Presti S. Ana lys ing the re lationship between risk and trust[ C ] / / Proceed ing s o f the iT rust. 04. Ox ford: Springer- Ve rlag, 2004: 135-145.
[10]	[ O lsen Robert A. Trust as risk and the founda tion of investment va lue[ J]. The Journa l o f Soc io-Econom ics, 2008, 37( 6): 2 189-2 200.
[11]	[ StoneburnerG, Goguen A, Fer ingaA. R iskM anagem entGu ide fo r Inform ation Techno logy System s[ R /OL]. Na tiona l Institute o f Standards and Techno logy 800-30, 2002. [ 2010-09-07]. http: / /csrc. n ist. gov / pub lications/n istpubs/800-30 / sp800-30. pd.f
[12]	[ M ancha la D W. Trust m etr ics, models and pro toco ls for electron ic comm erce transac tions[ C ] / / Pro c o f the 18 th In t Con f on Distr ibuted Com puting Sy stem s. W ash ing ton DC: IEEE Com puter Soc iety, 1998.
[13]	[ Povey D. Deve lop ing e lectron ic trust plo icies using a risk m anag em ent model[ C] / / Pro c of the Int Exhibition and Cong ress on Secure Netwo rk ing. Be rlin H e idelberg: Springer-Verlag, 1999.
[14]	[ Cahill V. Us ing trust for secure co llaboration in uncerta in env ironm ent[ J]. IEEE Pe rvasive Com puting, 2003, 2( 3): 52-61.
[15]	[ J?sang A, Brad ley D, Knap Skog S J. Belie-f based risk ana lysis[ C] / /Proceedings of the 2nd Australasian Info rma tion SecurityW orkshop( AISW2004). Duned in, New Zea land: CRPIT, 2004: 63-68.
[16]	[ 全国信息安全标准化技术委员会. GB /T 20984-2007 信息安全技术信息安全风险评估规范[ S]. 北京: 中国标准出版社, 2007. Standardization Adm in istra tion of Ch ina. GB /T 20984-2007 In fo rm ation Secur ity Techno logy-R isk Assessm en t Spec ification for Info rma tion Secur ity[ S]. Be ijing: Ch ina Standard Press, 2007. ( in Chinese)
[17]	[ Cox S, Jones B, Co llinson D. Trust re lations in high- re liability organ izations[ J]. R isk Analysis, 2006, 26( 5): 1 123-1 138.
[18]	[ Yu lm etyev R M, Em e lyanova N A, Ga farov FM. Dynam ical Shannon entropy and in fo rm ation Tsa llis entropy in comp lex system s[ J]. Phy sica A, 2004, 341( 11): 649-676.
[19]	[ 吴亚非, 李新友, 禄凯. 信息安全风险评估[M ]. 北京: 清华大学出版社, 2007. W u Yafe,i L iX inyou, Lu Ka.i Inform ation Security R isk A ssessm ent[M ] . Beijing: Tsinghua Un iversity Press, 2007. ( in Chinese)
[20]	[ 杨洋, 姚淑珍. 一种基于威胁分析的信息安全风险评估方法[ J]. 计算机工程与应用, 2009, 45( 3): 94-96. Yang Y ang, Yao Shuzhen. R isk assessm ent m e thod of inform ation secur ity based on threa t ana lysis[ J]. Computer Eng inee ring and App lications, 2009, 45( 3): 94-96. ( in Ch inese)
[21]	[ Lin A Z, Vu lling s E, Da lzie l J. A trust-based access contro lm odel for v irtua l o rganizations[ C ] / / Proceed ings of the GCC W o rkshops. USA: IEEE Com puter Soc iety, 2006: 557-564.
[22]	[ T ian L Q, Lin C. A kind of gam e- theoretic con tro lm echanism of user behav ior trust based on pred iction in trustwo rthy netw ork [ J] . Ch inese Journa l o f Computers, 2007, 30( 11) : 1 930-1 938.
[23]	[ 陈亮. 信息系统安全风险评估模型研究[ J]. 中国人民公安大学学报: 自然科学版, 2007, 13( 4): 50-53. Chen L iang. R isk assessm ent model of inform ation system security[ J]. Journal of Chinese People. s Pub lic SecurityUn iv ers ity: Sc ience and Technology Edition, 2007, 13( 4): 50-53. ( in Ch inese)
[24]	[ 罗佳, 杨世平. 基于熵权系数法的信息安全模糊风险评估[ J]. 计算机技术与发展, 2009, 19( 10) : 177-181. Luo Jia, Yang Sh ip ing. Fuzzy risk assessment fo r inform ation security based on me thod o f entropy-we ight coe ffic ient[ J] . Computer Techno logy and Development, 2009, 19( 10) : 177-181. ( in Ch inese)

Full-Text

Contact Us

service@oalib.com

QQ:3279437679

WhatsApp +8615387084133