Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2016, Vol. 39 ›› Issue (3): 105-109.doi: 10.13190/j.jbupt.2016.03.019

• Reports • Previous Articles     Next Articles

Information System Risk Control Method Based on Work-Flow

YANG Hong-yu, CHENG Xiang   

  1. School of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China
  • Received:2016-03-21 Online:2016-06-28 Published:2016-06-28

Abstract:

In order to effectively control the security risks of the business process in the information system, a risk control method based on work-flow (WRCM) was proposed. It includes two operations, the risk quantification and the risk control. In the risk quantification operation, the risk quantification parameters are defined and initialized. In the risk control operation, the minimum residual risk damage was used as object function to get a minimum risk damage deployment scheme based on linear programming method through the control effect maximization operation. Then, the minimum control cost was used as object function to get the minimum control cost deployment scheme through the control cost minimization operation. Experiments show that the WRCM has preferable risk control effect and lower control cost.

Key words: work-flow, information security risk control, linear programming method, control cost

CLC Number: