| 摘 要: 尽管计算机网络为人们的工作、生活和学习提供了极大的便利,但计算机网络也对社会构成了潜在的安全威胁。木马、病毒开发技术的更新升级,以及计算机网络信息系统自身固有的漏洞等,是影响网络信息系统推广应用和安全运行的主要因素。面对快速增长的计算机网络信息安全需求,仅被动地采用防御技术已经无法满足网络安全防御的要求,而计算机网络信息安全风险评估可以有效地分析网络信息系统的实时运行状态和预测其未来发展趋势,评估风险对计算机网络信息安全的影响,并对计算机网络信息安全风险评估标准与方法研究。 |
| 关键词: 计算机网络;安全风险评估;安全漏洞;层次分析;D-S证据理论 |
|
中图分类号: TP393
文献标识码: A
|
| 基金项目: 辽宁省教育厅高等学校基本科研项目(LJKMZ20222007);大连东软信息学院科技创新基金项目(TIFP202307);大连市青年科技之星项目(2021RQ068) |
|
| Research on Standards and Methods for Computer Network Information Security Risk Assessment |
|
LU Kai, LIU Xinning
|
(Department of So f twa re and Big Data Technology, Dalian Neusof t University of In formation, Dalian 116023, China)
lukai@neusoft.edu.cn; liuxinning@neusoft.edu.cn
|
| Abstract: Despite the great convenience that computer networks provide for people's work, life, and study, they also pose potential security threats to society. Factors such as the continuous updating and upgrading of Trojan horses and virus development technologies, as well as inherent vulnerabilities in computer network information systems, significantly impact the widespread application and secure operation of network information systems. The rapidly growing demand for computer network information security cannot be met solely by passive defense technologies. Therefore, computer network information security risk assessment can effectively analyze the real-time operational status of network information systems, predict their future development trends, assess the impact of risks on computer network information security, and research standards and methods for computer network information security risk assessment. |
| Keywords: computer network; security risk assessment; security vulnerabilities; Analytic Hierarchy Process; D-S evidence theory |
