Abstract: Based on the discrete characteristics of the high-level risks of 5G networks, this article provides a 5G network risk assessment model based on the general risk management framework of ISO 27005. Through the analysis of the characteristics of 5G ecology, four ecological plane are proposed as the external context for risk analysis. Through the analysis of the characteristics of 5G technology, a structured risk analysis idea based on ICO integration is proposed, and the main high-level risks of 5G networks are analyzed based on this. The 5G security matrix is proposed as a countermeasure model for 5G network risks, and practical suggestions are given from the perspectives of trust system, assessment system, de-trust system, 5G security map, and continuous risk measurement and management. Finally, recommendations for security rating of key 5G components are made.

Key words: 5G risk, security matrix, trust system, assessment system, de-trust system

摘要： 本文针对5G网络高级别风险的离散型特征，基于ISO 27005的一般性风险管理框架，提出了一种5G网络风险的评估模型。通过对于5G生态的特征分析，衍生出四个生态平面的概念，作为风险分析的外部环境。通过对5G技术的特征分析，提出了基于ICO融合的一种结构化风险分析思路，并据此分析出5G网络主要的高级别风险。最后，将5G安全矩阵作为5G网络风险的对策模型，分别从信任体系、测评体系、去信任化体系、5G安全全景以及持续的风险度量与管理等角度给出了实践性的建议，并对关键的5G组件进行了安全定级建议。

关键词: 5G网络风险, 安全矩阵, 信任体系, 测评体系, 去信任化