• 学术论文 •

### 基于GB/T 20984-2007 风险评估计算模型的研究

1. 1（中山大学数据科学与计算机学院 广州 510006） 2（广州市计划生育宣传教育中心 广州 510630） 3（广州市人口信息中心 广州 510630） 4（信息技术教育部重点实验室(中山大学) 广州 510006）
• 出版日期:2015-10-05 发布日期:2016-01-18

### Research of Information Security Risk Assessment Model Based on GB/T 20984

1. 1( School of Data Science and Computer，Sun Yet-sen University，Guangzhou 510006) 2 (Guangzhou Family Planning Publicity and Education Center，Guangzhou 510630） 3 (Guangzhou Population Information Center，Guangzhou 510630） 4(Key Laboratory of Information Technology(Sun Yat-sen University)，Ministry of Education， Guangzhou 510006)
• Online:2015-10-05 Published:2016-01-18

Abstract: Information security has been globalized in the Internet era, which is also one ofthe socially focused concerns.It makes the information security risk assessment system particularly important. Security incidents often usedthe diversification of vulnerabilities to make the security of systems improved in the past.. Information security is dependent on the integrated system engineering involving technology and management. Risk assessment is a process which identifies the weaknesses of the information system andanalyses the threat level of eventsusing the weakness above.. At last, risk assessment need to evaluate the possibility of negative impacts for the threats. The implementary specification for risk assessmentis not specific enough, so it is necessary to refine related theory according tomore practise..Based on the original risk calculationa improved information security risk assessment model is designed in this paper.The improved assessment will solve the problem of information security risk calculation in the GB/T 20984--2007 technical specification better. . Through the analysis of the value of risk assets, threat and vulnerability of risk assets, the risk value is calculated.The value will be used to clarify the effectiveness of risk control measures.Through the risk analysis, the risk calculation value becomes more scientific and reliable, presentinga new approach to risk analysis and calculation. It has proved thatthe combination of standard for assessment and practise will prove the validity of the model better.