面向业务流程的信息系统风险控制方法

摘要 为有效控制信息系统中业务流程所面临的安全风险，提出一种基于业务流程的风险控制方法（WRCM）.该方法包含风险量化和风险控制两部分，在风险量化部分为风险控制部分定义了11个风险量化参数.在风险控制部分，以线性规划方法为基础，通过控制效果最大化操作，将最小残余风险损失作为目标函数导出安全风险损失最小化部署方案；通过控制成本最小化操作，将最小控制成本作为目标函数，在不超过最小残余风险损失的前提下导出控制成本最小化部署方案.风险控制效果对比实验检测结果表明，WRCM具有较好的安全风险控制效果和较低的控制成本.
In order to effectively control the security risks of the business process in the information system, a risk control method based on work-flow (WRCM) was proposed. It includes two operations, the risk quantification and the risk control. In the risk quantification operation, the risk quantification parameters are defined and initialized. In the risk control operation, the minimum residual risk damage was used as object function to get a minimum risk damage deployment scheme based on linear programming method through the control effect maximization operation. Then, the minimum control cost was used as object function to get the minimum control cost deployment scheme through the control cost minimization operation. Experiments show that the WRCM has preferable risk control effect and lower control cost.