|
|
- 2018
云安全风险评估度量模型
|
Abstract:
摘要: 针对云计算环境下安全风险评估问题,从与云计算相关的政策法规、管理和技术三个层面出发,建立云安全风险评估指标体系。融合德尔菲法、模糊层次分析法、模糊综合评价法构建云计算环境下安全风险评估度量模型。风险实例评估度量结果表明该度量模型对于云计算环境下的安全风险评估能提供有效的量化评价依据。
Abstract: From three aspects related to cloud computing of policies, management and technologies, an indicator system of cloud security risk assessment is established for the security risk assessment problem in cloud computing environment. A metric model of security risk in cloud computing environment is established by fusing Delphi method, fuzzy analytical hierarchy process and fuzzy comprehensive evaluation method. Measurement results of risk instances show that the metric model could provide effective quantitative evaluation for the security risk assessment in cloud computing environment
| [1] | 全国信息安全标准化技术委员会. GB/T 31509-2015 信息安全技术 信息安全风险评估实施指南[S]. 北京:中国标准出版社,2015. National Information Security Standardization Technical Committee. GB/T 31509-2015 Information Security Technology Information Security Risk Assessment Implementation Guide[S]. Beijing: China Standard Press, 2015. |
| [2] | 龚德忠.云计算安全风险评估的模型分析[J].湖北警官学院学报,2011(6): 85-86. GONG Dezhong. Model analysis of cloud computing security risk assessment[J]. Journal of Hubei University of Police, 2011(6): 85-86. |
| [3] | 汪兆成. 基于云计算模式的信息安全风险评估研究[J]. 信息网络安全,2011(9): 56-60. WANG Zhaocheng. Research on information security risk assessment based on cloud computing model[J]. Netinfo Security, 2011(9): 56-60. |
| [4] | 姜政伟,赵文瑞.基于等级保护的云计算安全评估模型[J].计算机科学,2013,40(8): 151-156. JIANG Zhengwei, ZHAO Wenrui. Model for cloud computing security assessment based on classified protection[J]. Computer Science, 2013, 40(8): 151-156. |
| [5] | 全国信息安全标准化技术委员会. GB/T 31167-2014 信息安全技术 云计算服务安全指南[S]. 北京:中国标准出版社,2014. National Information Security Standardization Technical Committee. GB/T 31167-2014 Information Security Technology Cloud Computing Services Security Guide[S]. Beijing: China Standard Press, 2014. |
| [6] | CSA.The notorious nine: cloud computing top threats in 2013[R]. CSA, 2013. |
| [7] | ENISA.Cloud computing: benefits, risks and recommendations for information security[R]. ENISA, December, 2012. |
| [8] | 付沙,杨波,李博. 基于灰色模糊理论的信息系统安全风险评估研究[J]. 现代情报,2013,33(7): 34-37. FU Sha, YANG Bo, LI Bo. Information system security risk assessment based on grey fuzzy theory[J]. Journal of Modem Information, 2013, 33(7): 34-37. |
| [9] | 李鑫,李京春,郑雪峰,等. 一种基于层次分析法的信息系统漏洞量化评估方法[J].计算机科学,2012,39(7): 58-63. LI Xin, LI Jingchun, ZHENG Xuefeng, et al. Analytic hierarchy process(AHP)-based vulnerability quantitative assessment method for information systems[J]. Computer Science, 2012, 39(7): 58-63. |
| [10] | 姜茸,马自飞,李彤,等.云计算技术安全风险评估研究[J]. 电子技术应用,2015,41(3): 111-115. JIANG Rong, MA Zifei, LI Tong, et al. Study on security risk assessment for technology of cloud computing[J]. Application of Electronic Technique, 2015, 41(3): 111-115. |
| [11] | 付钰,吴晓平, 叶清,等. 基于模糊集与熵权理论的信息系统安全风险评估研究[J]. 电子学报,2010,38(7): 1489-1494. FU Yu, WU Xiaoping, YE Qing, et al. An approach for information systems security risk assessment on fuzzy set and Entropy-Weight[J]. Chinese Journal of Electronics, 2010, 38(7):1489-1494. |
| [12] | 全国信息安全标准化技术委员会.GB/T 31168-2014信息安全技术 云计算服务安全能力要求[S]. 北京:中国标准出版社, 2014. National Information Security Standardization Technical Committee. GB/T 31168-2014 Information Security Technology Cloud Computing Services Security Capability Requirements[S]. Beijing: China Standard Press, 2014. |
