{"title":"信息系统风险评估和管理的现状","authors":"Lulu Liang, Wang Ren, Jing Song, Huaming Hu, Qiang He, Shuo Fang","doi":"10.1109/ISIAS.2013.6947735","DOIUrl":null,"url":null,"abstract":"Risk assessment and management for information system are very important for assuring the system security. It requires not only careful but also systematic analysis of threat and vulnerability information. Depending on the analysis result, we could determine the extent to which events could adversely impact the organization and the likelihood that such events will occur. Under FISMA(Federal Information Security Management Act) of 2002, the Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) develops a series of publications to protect the information system. In this paper, we give the outline of the state of the art of the risk assessment and management in the ITL at NIST. Some fundamental concepts and model are introduced to interpret the process of risk assessment. Besides, the relationship among the security related publications corresponding with the risk management is analyzed and concluded.","PeriodicalId":370107,"journal":{"name":"2013 9th International Conference on Information Assurance and Security (IAS)","volume":"128 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"The state of the art of risk assessment and management for information systems\",\"authors\":\"Lulu Liang, Wang Ren, Jing Song, Huaming Hu, Qiang He, Shuo Fang\",\"doi\":\"10.1109/ISIAS.2013.6947735\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Risk assessment and management for information system are very important for assuring the system security. It requires not only careful but also systematic analysis of threat and vulnerability information. Depending on the analysis result, we could determine the extent to which events could adversely impact the organization and the likelihood that such events will occur. Under FISMA(Federal Information Security Management Act) of 2002, the Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) develops a series of publications to protect the information system. In this paper, we give the outline of the state of the art of the risk assessment and management in the ITL at NIST. Some fundamental concepts and model are introduced to interpret the process of risk assessment. Besides, the relationship among the security related publications corresponding with the risk management is analyzed and concluded.\",\"PeriodicalId\":370107,\"journal\":{\"name\":\"2013 9th International Conference on Information Assurance and Security (IAS)\",\"volume\":\"128 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 9th International Conference on Information Assurance and Security (IAS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISIAS.2013.6947735\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 9th International Conference on Information Assurance and Security (IAS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISIAS.2013.6947735","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The state of the art of risk assessment and management for information systems
Risk assessment and management for information system are very important for assuring the system security. It requires not only careful but also systematic analysis of threat and vulnerability information. Depending on the analysis result, we could determine the extent to which events could adversely impact the organization and the likelihood that such events will occur. Under FISMA(Federal Information Security Management Act) of 2002, the Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) develops a series of publications to protect the information system. In this paper, we give the outline of the state of the art of the risk assessment and management in the ITL at NIST. Some fundamental concepts and model are introduced to interpret the process of risk assessment. Besides, the relationship among the security related publications corresponding with the risk management is analyzed and concluded.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
