• 查询稿件
  • 获取最新论文
  • 知晓行业信息

面向铁路信息网络的资产安全属性量化评估方法

Quantitative evaluation method of asset security attributes for railway information network

  • 摘要: 目前,我国既有信息安全管理体系虽明确提出了资产评估要求,但缺乏具体的评估方法。而大多数已提出的评估方法与实际业务场景安全要求脱节,导致针对具体业务场景的资产评估实施存在诸多局限。文章通过分析铁路信息系统的业务特点及信息资产对系统安全状况的影响,利用层次分析法,提出了适用于铁路信息网络的资产安全属性评估方法。实验证明,所提出的方法可以有效地刻画信息资产对系统整体安全的影响程度,准确地描述资产在不同业务场景中的价值差异。通过此方法与漏洞评分系统相结合,可以更准确地评估漏洞在不同应用环境中的威胁程度。

     

    Abstract: At present, although China's existing information security management system clearly puts forward asset evaluation requirements, it lacks specific evaluation methods. However, most of the proposed evaluation methods are divorced from the security requirements of the actual business scenario, lead to many limitations in the implementation of asset evaluation for specific business scenarios. By analyzing the business characteristics of railway information system and the impact of information assets on system security, this paper proposed an asset security attribute evaluation method suitable for railway information network by using analytic hierarchy process. Experiments show that the proposed method can effectively describe the impact of information assets on the overall security of the system, and accurately describe the value differences of assets in different business scenarios. By combining this method with vulnerability scoring system, it can be more accurately evaluated the threat degree of vulnerabilities in different application environments.

     

/

返回文章
返回