北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2006, Vol. 29 ›› Issue (2): 59-61.doi: 10.13190/jbupt.200602.59.pengjh

• 论文 • 上一篇    下一篇

基于效用的安全风险度量模型

彭俊好,徐国爱,杨义先,汤永利   

  1. 北京邮电大学 信息安全中心
  • 出版日期:2006-04-28 发布日期:2006-04-28

Measure Model of Security Risk Based on Utility

PENG Jun-hao,XU Guo-ai,YANG Yi-xian,TANG Yong-li   

  1. Information Security Center, Beijing University of Posts and Telecommunications
  • Online:2006-04-28 Published:2006-04-28

PDF

512

摘要: 把效用函数引入信息安全风险领域,利用其反函数,定义绝对损失效应和相对损失效应,用以度量安全风险. 在此基础上建立了统一的风险等级划分标准. 绝对损失效应能度量高损失、低概率与低损失、高概率风险事件间的差异,相对损失效应能度量不同规模组织风险承受能力差异,而普遍使用的平均损失却不能度量这些差异.

关键词: 信息安全, 风险评估, 效用理论, 损失效应

Abstract: Utility function was introduced into security risk area, and its inverse function is used to define absolute loss effect and relative loss effect as measure of risk. They are used to build criteria of risk rank. Absolute loss effect can measure the difference of risk between security incidents with high loss,low probability and security incidents with low loss,high probability. Relative loss effect can measure the difference of risk tolerance among organizations with different scale, but the average loss used very often can't measure these differences.

Key words: information security, risk evaluation, utility theory, loss effect

版权所有 © 2018 《北京邮电大学学报》编辑部 京ICP备14033833号     在线人数:今日访问 当前在线 总访问

通信地址:北京市海淀区西土城路10号北京邮电大学195信箱    邮编:100876    电话:(010)62281995    QQ:307514248    微博    留言    电子邮箱:byxb@bupt.edu.cn