Research on Security Threats and Risk Assessment of Web Information System

doi:10.13190/j.jbupt.2016.s.020

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2016, Vol. 39 ›› Issue (s1): 87-93.doi: 10.13190/j.jbupt.2016.s.020

• Papers • Previous Articles Next Articles

Research on Security Threats and Risk Assessment of Web Information System

LEI Min^1,2, LIU Xiao-ming³, ZHANG Hong³, WANG Mian^1,2, YANG Yu^1,2

1. Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China;
2. National Engineering Laboratory for Disaster Backup and Recovery, Beijing 100876, China;
3. National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029, China

Received:2015-08-20 Online:2016-06-28 Published:2016-06-28

Abstract

Abstract:

An increasing numbers of web information systems are deployed on the Internet to provide service, however, the web information system is facing various security threats, from physical security on bottom layer to communications and operations management, system security, application security and data security. The article gave out classifications of security threats faced by type of threats in web applications and set up grade for each threat according to its extent of danger, probability of occurrence and remediation. The article also uses fuzzy comprehensive evaluation to build a security analysis model aiming at constructing common analysis framework for web information system security assessment.

Key words: web information system, security assessment, risk assessment, fuzzy comprehensive evaluation

CLC Number:

TN919

LEI Min, LIU Xiao-ming, ZHANG Hong, WANG Mian, YANG Yu. Research on Security Threats and Risk Assessment of Web Information System[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2016, 39(s1): 87-93.

[1]	YANG Hongyu, YUAN Haihang, ZHANG Liang. A Risk Assessment Method of Network Host Node with Host Importance [J]. Journal of Beijing University of Posts and Telecommunications, 2022, 45(2): 16-21.
[2]	YANG Hong-yu, ZHANG Le, ZHANG Liang. An Information System Risk Assessment Method Based on Risk Propagation [J]. Journal of Beijing University of Posts and Telecommunications, 2021, 44(4): 41-48.
[3]	LU Yi-qin, HUANG Jun-xian, CHENG Zhe, QIN Jian-cheng. A Multi-Index Mimic Voting Algorithm Based on Improved AHP-FCE Model [J]. Journal of Beijing University of Posts and Telecommunications, 2021, 44(2): 8-13.
[4]	LI Xiao-hui, DU Yang-fan, SHI Xiao-zhu, YANG Xu. NLOS Ranging Error Compensation Algorithm Based on Fuzzy Association Channel Identification [J]. Journal of Beijing University of Posts and Telecommunications, 2020, 43(1): 21-27.
[5]	ZHAO Jian, WANG Rui, LI Zheng-min, LEI Min, MA Min-yao. Security Threats and Risk Assessment of IoT System [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2017, 40(s1): 135-139.
[6]	GE Hai-hui, ZHENG Shi-hui, CHEN Tian-ping, YANG Yi-xian. Fuzzy Risk Assessment of Information Security Threat Scenario [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2013, 36(6): 89-92,107.
[7]	. Network Security Analysis Based on Host-Security-Group [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2012, 35(1): 19-23.
[8]	WU Huan, PAN Lin, WANG Xiao-zhen, XU Rong-sheng. A Risk Assessment Model Using Incomplete Attack Graphs Analysis [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2010, 33(3): 57-61.
[9]	LuZhenbang,ZHOU Bo. Hierarchical Risk Assessment Based on Shapley Entropies and Choquet Integrals [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(6): 83-87.
[10]	XIAO Qian LUO Shou-Shan YANG Wen-Chuan ZHENG Kang-Feng. Secure Multi-Party Fuzzy Comprehensive Evaluation Model and Its Protocol [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(3): 5-9.
[11]	. Fuzzy Comprehensive Evaluation Based Loss Discrimination Algorithm in Wired/Wireless Hybrid Network [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(3): 60-64.

Research on Security Threats and Risk Assessment of Web Information System

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 11

Recommended Articles

Metrics

Comments