摘要
随着信息技术的发展,社会信息化运作的程度逐渐加深,信息系统的安全风险问题也越来越多。利用风险评估的手段,可以消除安全漏洞,减低破坏程度。首先介绍了当前国内外的信息安全风险评估的现状,从信息资产价值的角度,运用SoS体系多维度的分析方法,从系统脆弱度、系统控制度和系统破坏度分析风险熵值的计算数值和相应的权重关系,对信息熵的原理进行了阐述,构建了风险评估的模型,最后依据模型的计算公式,应用到电力企业的实际案例中,对风险作出等级量化分级,评估安全风险,通过实验数据的分析,证明方法的准确性,对该领域研究起到了积极的研究意义。
With the development of information technology,the degree of social information operation is gradually deepened,and the security risk of information system is becoming more and more serious.By using the means of risk assessment,we can eliminate security loopholes and reduce the degree of damage.This paper first introduces the current situation of information security risk assessment at home and abroad.From the perspective of information assets value,using the multi-dimensional analysis method of SOS system,it analyzes the calculation value of risk entropy and the corresponding weight relationship from the system vulnerability,system control and system damage.Through the elaboration of the principle of information entropy,it constructs the risk assessment model.Finally,according to the model.The calculation formula is applied to the actual case of electric power enterprises to make a quantitative classification of the risk level and evaluate the safety risk.Through the analysis of experimental data,the accuracy of the method is proved,which has a positive research significance for the research in this field.
作者
王刚
WANG Gang(Department of Information technology, Shanxi Police Officer Vocational College, Xi’an 710041, China)
出处
《微型电脑应用》
2020年第9期56-59,共4页
Microcomputer Applications
基金
陕西省教育厅2018年度专项科学研究计划(18JK0961)。
关键词
信息安全
信息熵
风险评估
SoS体系
风险要素
评估模型
资产价值
information safety
information entropy
risk assessment
SoS system
risk factors
evaluation model
asset value
