北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2009, Vol. 32 ›› Issue (5): 128-131.doi: 10.13190/jbupt.200905.128.371

• 研究报告 • 上一篇    下一篇

结合OCTAVE和灰色系统的信息安全风险评估方法

王晓箴1,2,卢志刚1,2,刘宝旭1   

  1. (1.中国科学院 高能物理研究所计算中心, 北京 100049; 2.中国
    科学院 研究生院, 北京 100049)
  • 收稿日期:2008-12-15 修回日期:2009-06-01 出版日期:2009-10-28 发布日期:2009-10-28
  • 通讯作者: 王晓箴

Algorithm of Information Security Risk Evaluation Based on OCTAVE and Grey System

WANG Xiao-zhen1,2,LU Zhi-gang1,2,LIU Bao-xu1   

  1. (1. Computing Center of Institute of High Energy Physics, Chinese Acad
    emy of Sciences, Beijing 100049, China;
    2. Graduate of University, Chinese Academy of Science, Beijing 100049, China)
  • Received:2008-12-15 Revised:2009-06-01 Online:2009-10-28 Published:2009-10-28
  • Contact: WANG Xiao-zhen

摘要:

为提高评估准确性,提出一种定性和定量结合的评估算法. 在数据收集阶段采用可操作的关
键威胁、资产、弱点评估(OCTAVE)方法,从企业中不同阶层成员的视角出发,定义需要评
估的资产范围,并进行管理脆弱性与技术脆弱性评估. 在定量计算部分,利用灰色系统理论
,在对指标进行归一化处理后,利用三角白化权函数计算其隶属度,从而确定风险等级. 实
验结果表明,本文方法可有效提高信息安全风险评估的准确性,并具较好的实用推广价值.

关键词: 风险评估, 灰色系统, 归一化方法

Abstract:

To make sure the assessment accuracy, an efficient algorithm with qualitative analysis and quantify calculate is described. To collect the data, the algorithm chooses the operationally critical threat, asset and vulnerability evaluation (O
CTAVE) method, defining the assets which need to be assessed, evaluating the administrant and technical vulnerabilities. To calculate the risk, grey theory is chosen, and triangular whiten weight function is used to compute the membership degrees, the risk level is then determined. This valuable method can be used in practical operations of information security risk assessment.

Key words: risk evaluation, grey system, normalization method