A System Security Gap Analysis Based Risk Assessment Metric and Method

JIANG Chang-qing; ZHANG Li; LIN Jia-jun; WU Shi-zhong

您当前的位置：

首页 >

文章列表页 >

A System Security Gap Analysis Based Risk Assessment Metric and Method

更新时间：2025-07-16

- A System Security Gap Analysis Based Risk Assessment Metric and Method
- Acta Electronica Sinica Vol. 34, Issue S1, Pages: 2556-2559(2006)
- 作者机构：
  
  1. 中国信息安全产品测评认证中心,北京,100089
  2. 华东理工大学,上海,200237
  3. 中国信息安全产品测评认证中心,北京,100089
  4. 华东理工大学,上海,200237
- 作者简介：
- 基金信息：
- DOI：
  CLC： TN918
- Published：2006
- 稿件说明：
移动端阅览
JIANG Chang-qing, ZHANG Li, LIN Jia-jun, et al. A System Security Gap Analysis Based Risk Assessment Metric and Method[J]. Acta Electronica Sinica, 2006, 34(S1): 2556-2559.
DOI：

JIANG Chang-qing, ZHANG Li, LIN Jia-jun, et al. A System Security Gap Analysis Based Risk Assessment Metric and Method[J]. Acta Electronica Sinica, 2006, 34(S1): 2556-2559. DOI：

摘要

本文提出一种基于信息系统安全性分析来定量计算信息安全风险的度量尺度

差距分析方法及相应的评估流程.通过差距分析法

可以定量地度量信息安全目的和安全现状的在安全保障控制措施和安全保障能力两方面差距

从而改进对信息安全的分析和设计以及如何提升信息安全保障能力.通过本文定义并计算整体信息安全风险度量尺度

还可以计算不同安全控制措施的产生的安全边际效益

进行安全投入产出效益分析.这种可计算的信息安全风险评估尺度和方法的有效性在实际工程中得到应用与检验.

Abstract

This paper propose a quantitative information security risk metric based on information system security analysis

gap analysis method and its assessment procedure.Through security gap analysis method

we can compute quantitatively the difference between security target and TOE security in security assurance control and security assurance capability

and then improve the information system security architecture design and its assurance level.Using the metric

we can also compare the benefit difference among security contols

and calculate the input-output analysis.This computable information security risk assessment metric and method was applied in real case and proved effective.

关键词

Keywords

references

Views

1375

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Security Risk Assessment Model of Blockchain

Related Author

QIN Chao-xia

GUO Bing

SHEN Yan

SU Hong

ZHANG Zhen

ZHOU Chi-min

Related Institution

College of Computer Science, Sichuan University

School of Control Engineering, Chengdu University of Information Technology

College of Computer Science Sichuan University Chengdu Sichuan China

School of Control Engineering Chengdu University of Information Technology Chengdu Sichuan China

⁰