Please wait a minute...
New Technology of Library and Information Service  2009, Vol. 25 Issue (6): 44-49    DOI: 10.11925/infotech.1003-3513.2009.06.09
article Current Issue | Archive | Adv Search |
Research of Risk Assessment Model of Digital Library Information Security Based on ISO27001
Huang Shuiqing Chen Shuangxi Ren Ni
(College of Information Science and Technology,Nanjing Agricultural University,Nanjing 210095,China)
Download: PDF (469 KB)  
Export: BibTeX | EndNote (RIS)      
Abstract  

According to the international standard of ISO 27001, this paper proposes a general assessment model based on fuzzy mathematics, threat scene creation, CVSS and risk matrix. The model estimates the asset value, threat level and vulnerability level respectively, and then calculates the risk total value of the digital library. In the end, the authors give an example research according to the model. The result proves its rationality and feasibility.

 

Key wordsISO27001      Digital Library      Risk Assessment      Assessment Model     
Received: 11 May 2009      Published: 25 June 2009
ZTFLH: 

TP393 G250

 
Corresponding Authors: Huang Shuiqing     E-mail: sqhuang@njau.edu.cn
About author:: Huang Shuiqing,Chen Shuangxi,Ren Ni

Cite this article:

Huang Shuiqing,Chen Shuangxi,Ren Ni. Research of Risk Assessment Model of Digital Library Information Security Based on ISO27001. New Technology of Library and Information Service, 2009, 25(6): 44-49.

URL:

http://manu44.magtech.com.cn/Jwk_infotech_wk3/EN/10.11925/infotech.1003-3513.2009.06.09     OR     http://manu44.magtech.com.cn/Jwk_infotech_wk3/EN/Y2009/V25/I6/44

[1] 吴亚飞,李新友,禄凯.信息安全风险评估[M].北京:清华大学出版社,2007:6-7.
[2]郝玉洁,刘贵松,秦科,等.信息安全概论[M].成都:电子科技大学出版社,2007:12-13.
[3]范红.信息安全风险评估规范国家标准理解与实施[M].北京:中国标准出版社,2008:58-66.
[4]赵坚.数字图书馆信息安全风险评估辅助工具的开发与设计[D].南京:南京农业大学,2008.
[5] ISO/IEC 27001:2005. Information Technology—Security Techniques—Information Security  Management Systems—Requirements[S]. Genevan:International Organization for Standardization,2005.
[6] CERT. OCTAVE: Information Security Risk Evaluation[EB/OL]. (2008-09-17). [2009-05-05]. http://www.cert.org/octave/.
[7] 毛欣欣,许榕生,丁天昌. 一种基于CVSS的网络脆弱性评估系统[J].电子技术,2009(1):59-61.
[8] 朱晓欢. 基于ISO27000的复合图书馆信息安全风险评估理论与实证研究[D].南京:南京农业大学, 2007.
[9] GB/T 20984—2007:2007.信息安全技术——信息安全风险评估规范[S].北京:国家技术监督局,2007.
[10] 徐爱国,彭俊好,张淼.信息安全管理[M].北京:北京邮电大学出版社,2008:168-169.
[11] ISO/IEC TR 13335:1998 Guidelines for the Management of IT Security[S]. Genevan:International Organization for Standardization,1998.
[12] 科飞管理咨询公司.信息安全风险评估[M].北京:中国标准出版社,2005:8.
[13] 黄水清,朱晓欢. 基于ISO27001的数字图书馆信息资产风险评估[J].图书情报工作,2006,50(11):79-82,89.

[1] Liu Minghui. Risk Assessment of Civil Aviation Terrorism Based on K-means Clustering[J]. 数据分析与知识发现, 2018, 2(10): 21-26.
[2] Feng Wen’gang,Li Yan,Li Fuhai,Wang Xin,Zhou Xiping. Risk Assessment and Decision Analysis of Civil Aviation Security with Risk Ranking and Decision Tree[J]. 数据分析与知识发现, 2018, 2(10): 27-36.
[3] Qi Yunfei,Zhao Yuxiang,Zhu Qinghua. Linked Data for Mobile Visual Search System of Digital Library[J]. 数据分析与知识发现, 2017, 1(1): 81-90.
[4] Hong Liang,Qian Chen,Fan Xing. Context-aware Recommendation System for Mobile Digital Libraries[J]. 现代图书情报技术, 2016, 32(7-8): 110-119.
[5] Liu Jian,Bi Qiang,Ma Zhuo. Assessment of Digital Library’s Micro-services: An Empirical Study[J]. 现代图书情报技术, 2016, 32(5): 22-29.
[6] Chen Guo, Hu Changping. Research on the Structural Features of Keyword Network of Scientific Research Areas:An Empirical Study of LIS[J]. 现代图书情报技术, 2014, 30(7): 84-91.
[7] Xiong Yongjun, Yuan Xiaoyi. Design and Implementation of Automatic Monitoring System about Library Document Database Running State[J]. 现代图书情报技术, 2014, 30(7): 127-132.
[8] Wang Chuanqing, Bi Qiang. System Model of Digital Library Automatic Semantic Annotation Tool[J]. 现代图书情报技术, 2014, 30(6): 17-24.
[9] Wei Meng. Literature Recommendation Using Evolution Patterns[J]. 现代图书情报技术, 2014, 30(4): 20-26.
[10] Hu Changping, Chen Guo. A New Feature Selection Method Based on Term Contribution in Co-word Analysis[J]. 现代图书情报技术, 2013, 29(7/8): 89-93.
[11] Wang Zhongyi, Xia Lixin, Shi Yijin, Zheng Senmao. The Creation and Publishing of Middle Linked Data in Digital Library[J]. 现代图书情报技术, 2013, (5): 28-33.
[12] Liu Wei, Xia Cuijuan, Zhang Chunjing. Big Data and Linked Data: The Emerging Data Technology for the Future of Librarianship[J]. 现代图书情报技术, 2013, (4): 2-9.
[13] Zhou Shanshan, Bi Qiang, Gao Junfeng. A Method of Information Retrieval Results Visualization Based on Social Network Analysis[J]. 现代图书情报技术, 2013, 29(11): 81-85.
[14] Chen Junjie, Huang Guofan. Construction Strategy and Main Technology of the Mobile Library APP——Take iOS for Instance[J]. 现代图书情报技术, 2012, (9): 75-80.
[15] Dong Li, Zeng Ting, Chen Wu, Jiang Airong. A Review of ICADL 2011[J]. 现代图书情报技术, 2012, 28(7): 33-39.
  Copyright © 2016 Data Analysis and Knowledge Discovery   Tel/Fax:(010)82626611-6626,82624938   E-mail:jishu@mail.las.ac.cn