摘要
随着信息技术和网络技术的飞速发展,国民经济、社会生活的各个方面对信息系统的依赖程度越来越高,安全问题也日益凸显。信息系统安全风险评估作为衡量系统安全性的重要手段,为信息系统的建设和管理决策提供了重要依据。本文对信息系统安全进行了定义,并与信息安全加以区别。描述了风险评估的模型,按照定量分析和定性分析方法介绍了典型的评估方法并做了具体的比较。最后探讨了当前我国信息系统安全风险评估中存在的问题及发展方向。
With the rapid development of information technology and network technology, the dependence of national economy and social life on information system gets higher and higher, and its security problem becomes in- creasingly distinct. As an important means to determine the security of information system, information system secur- ity risk assessment has provided an important basis for the construction of information system and for the decision making of management. This paper gives a definition of information system security and tells its difference from infor- mation security. The model of risk assessment is described. The classical assessment methods are compared in ac- cordance with the qualitative and quantitative analysis methods. Finally, the paper discusses the problems in infor- mation system security risk assessment in China and its future development.
出处
《情报理论与实践》
CSSCI
北大核心
2009年第5期114-116,113,共4页
Information Studies:Theory & Application
基金
黑龙江省软科学攻关项目(项目编号:GZ08D201)
黑龙江省社会科学基金项目(项目编号:05B0018)资助的成果
关键词
信息系统
信息安全
风险评估
information system
information security
risk assessment
