为解决信息安全风险评估过程中信息难以量化分析的问题,在原有定性风险评估方法的基础上,提出一种定量的信息安全风险评估方法.通过对风险的量化分析,使得信息安全风险评估过程中风险值的计算更加科学和准确,解决了以往定性分析方法数据计算粗略、不准确和难于区分风险的重要程度等问题.通过信息安全风险评估过程中的实际应用,表明该方法具有一定的可行性.%In order to overcome the difficulty in quantitative analysis on assessment process of information security risk, a new quantitative assessment method for information security risk is proposed, which is based on original qualitative risk assessment method. Through the quantitative analysis on risk, the method makes the calculation of risk value in assessment process of information security risk more scientific and accurate, thereby solves the problems of previous qualitative analysis method, such as rough data calculation, inaccuracy and the difficulty in differentiating the importance of the risks. Practical application of the new method in assessment process of information security risk verifies its feasibility in certain extent.
展开▼
