According to the international standard of ISO 27001, this paper proposes a general assessment model based on fuzzy mathematics, threat scene creation, CVSS and risk matrix. The model estimates the asset value, threat level and vulnerability level respectively, and then calculates the risk total value of the digital library. In the end, the authors give an example research according to the model. The result proves its rationality and feasibility.
黄水清,陈双喜,任妮. 基于ISO27001的数字图书馆信息安全风险评估模型研究*[J]. 现代图书情报技术, 2009, 25(6): 44-49.
Huang Shuiqing,Chen Shuangxi,Ren Ni. Research of Risk Assessment Model of Digital Library Information Security Based on ISO27001. New Technology of Library and Information Service, 2009, 25(6): 44-49.