|
|
Research of Risk Assessment Model of Digital Library Information Security Based on ISO27001 |
Huang Shuiqing Chen Shuangxi Ren Ni |
(College of Information Science and Technology,Nanjing Agricultural University,Nanjing 210095,China) |
|
|
Abstract According to the international standard of ISO 27001, this paper proposes a general assessment model based on fuzzy mathematics, threat scene creation, CVSS and risk matrix. The model estimates the asset value, threat level and vulnerability level respectively, and then calculates the risk total value of the digital library. In the end, the authors give an example research according to the model. The result proves its rationality and feasibility.
|
Received: 11 May 2009
Published: 25 June 2009
|
|
Corresponding Authors:
Huang Shuiqing
E-mail: sqhuang@njau.edu.cn
|
About author:: Huang Shuiqing,Chen Shuangxi,Ren Ni |
[1] 吴亚飞,李新友,禄凯.信息安全风险评估[M].北京:清华大学出版社,2007:6-7.
[2]郝玉洁,刘贵松,秦科,等.信息安全概论[M].成都:电子科技大学出版社,2007:12-13.
[3]范红.信息安全风险评估规范国家标准理解与实施[M].北京:中国标准出版社,2008:58-66.
[4]赵坚.数字图书馆信息安全风险评估辅助工具的开发与设计[D].南京:南京农业大学,2008.
[5] ISO/IEC 27001:2005. Information Technology—Security Techniques—Information Security Management Systems—Requirements[S]. Genevan:International Organization for Standardization,2005.
[6] CERT. OCTAVE: Information Security Risk Evaluation[EB/OL]. (2008-09-17). [2009-05-05]. http://www.cert.org/octave/.
[7] 毛欣欣,许榕生,丁天昌. 一种基于CVSS的网络脆弱性评估系统[J].电子技术,2009(1):59-61.
[8] 朱晓欢. 基于ISO27000的复合图书馆信息安全风险评估理论与实证研究[D].南京:南京农业大学, 2007.
[9] GB/T 20984—2007:2007.信息安全技术——信息安全风险评估规范[S].北京:国家技术监督局,2007.
[10] 徐爱国,彭俊好,张淼.信息安全管理[M].北京:北京邮电大学出版社,2008:168-169.
[11] ISO/IEC TR 13335:1998 Guidelines for the Management of IT Security[S]. Genevan:International Organization for Standardization,1998.
[12] 科飞管理咨询公司.信息安全风险评估[M].北京:中国标准出版社,2005:8.
[13] 黄水清,朱晓欢. 基于ISO27001的数字图书馆信息资产风险评估[J].图书情报工作,2006,50(11):79-82,89. |
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
|
Shared |
|
|
|
|
|
Discussed |
|
|
|
|