基于行为效应和动态威胁的信息安全风险评估方法

2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS) Pub Date : 2017-11-01 DOI:10.1109/ICSESS.2017.8343029

Qiao Hong, Tian Jianwei, Tian Zheng, Qi Wenhui, L. Xi, Zhu Hongyu, Chen Shengsheng

{"title":"基于行为效应和动态威胁的信息安全风险评估方法","authors":"Qiao Hong, Tian Jianwei, Tian Zheng, Qi Wenhui, L. Xi, Zhu Hongyu, Chen Shengsheng","doi":"10.1109/ICSESS.2017.8343029","DOIUrl":null,"url":null,"abstract":"Traditional Information Security Risk Assessment method did not consider the dynamic characteristic and risk conduct effect among assets, which makes the assessment result inaccurately. To solve this problem, this paper proposes a novel Information Security Risk Assessment method based on Conduct effect and Dynamic threat (ISRACD). ISRACD adopts DTC (Dynamic Threat Calculation) method to calculate threat degree more objectively. Besides, ISRACD proposes ACEC (Asset Conduct Effect Calculation) method to describe the conduct effect among assets and quantify the conduct value. Based on the two methods, ISRACD can obtain the security level more precisely.","PeriodicalId":179815,"journal":{"name":"2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"An information security risk assessment method based on conduct effect and dynamic threat\",\"authors\":\"Qiao Hong, Tian Jianwei, Tian Zheng, Qi Wenhui, L. Xi, Zhu Hongyu, Chen Shengsheng\",\"doi\":\"10.1109/ICSESS.2017.8343029\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Traditional Information Security Risk Assessment method did not consider the dynamic characteristic and risk conduct effect among assets, which makes the assessment result inaccurately. To solve this problem, this paper proposes a novel Information Security Risk Assessment method based on Conduct effect and Dynamic threat (ISRACD). ISRACD adopts DTC (Dynamic Threat Calculation) method to calculate threat degree more objectively. Besides, ISRACD proposes ACEC (Asset Conduct Effect Calculation) method to describe the conduct effect among assets and quantify the conduct value. Based on the two methods, ISRACD can obtain the security level more precisely.\",\"PeriodicalId\":179815,\"journal\":{\"name\":\"2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSESS.2017.8343029\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSESS.2017.8343029","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

传统的信息安全风险评估方法没有考虑资产之间的动态特性和风险传导效应，导致评估结果不准确。为了解决这一问题，本文提出了一种基于行为效应和动态威胁的信息安全风险评估方法(ISRACD)。ISRACD采用动态威胁计算(DTC)方法，更客观地计算威胁程度。此外，ISRACD还提出了ACEC (Asset Conduct Effect Calculation)方法来描述资产间的传导效应，量化传导价值。基于这两种方法，ISRACD可以更精确地获得安全级别。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An information security risk assessment method based on conduct effect and dynamic threat

Traditional Information Security Risk Assessment method did not consider the dynamic characteristic and risk conduct effect among assets, which makes the assessment result inaccurately. To solve this problem, this paper proposes a novel Information Security Risk Assessment method based on Conduct effect and Dynamic threat (ISRACD). ISRACD adopts DTC (Dynamic Threat Calculation) method to calculate threat degree more objectively. Besides, ISRACD proposes ACEC (Asset Conduct Effect Calculation) method to describe the conduct effect among assets and quantify the conduct value. Based on the two methods, ISRACD can obtain the security level more precisely.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS)

自引率

0.00%

发文量