An information security risk assessment method based on conduct effect and dynamic threat

2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS) Pub Date : 2017-11-01 DOI:10.1109/ICSESS.2017.8343029

Qiao Hong, Tian Jianwei, Tian Zheng, Qi Wenhui, L. Xi, Zhu Hongyu, Chen Shengsheng

引用次数: 3

Abstract

Traditional Information Security Risk Assessment method did not consider the dynamic characteristic and risk conduct effect among assets, which makes the assessment result inaccurately. To solve this problem, this paper proposes a novel Information Security Risk Assessment method based on Conduct effect and Dynamic threat (ISRACD). ISRACD adopts DTC (Dynamic Threat Calculation) method to calculate threat degree more objectively. Besides, ISRACD proposes ACEC (Asset Conduct Effect Calculation) method to describe the conduct effect among assets and quantify the conduct value. Based on the two methods, ISRACD can obtain the security level more precisely.

查看原文本刊更多论文

基于行为效应和动态威胁的信息安全风险评估方法

传统的信息安全风险评估方法没有考虑资产之间的动态特性和风险传导效应，导致评估结果不准确。为了解决这一问题，本文提出了一种基于行为效应和动态威胁的信息安全风险评估方法(ISRACD)。ISRACD采用动态威胁计算(DTC)方法，更客观地计算威胁程度。此外，ISRACD还提出了ACEC (Asset Conduct Effect Calculation)方法来描述资产间的传导效应，量化传导价值。基于这两种方法，ISRACD可以更精确地获得安全级别。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS)

自引率

0.00%

发文量