A Business Process-based Risk Evaluation Framework

被引：2

作者：

Yu, Zhiwei ^{[1
]}

机构：

[1] Zhejiang Univ, Ningbo Inst Technol, Ningbo, Zhejiang, Peoples R China

来源：

FRONTIERS OF MANUFACTURING SCIENCE AND MEASURING TECHNOLOGY, PTS 1-3 | 2011年 / 230-232卷

关键词：

Business Process; Business Activity; Information Security; Risk Evaluation;

D O I：

10.4028/www.scientific.net/AMR.230-232.1024

中图分类号：

T [工业技术];

学科分类号：

08 ;

摘要：

To present the essence of information system risk evaluation and improve the effect of evaluation, the paper puts forward a business process-based information system risk evaluation after analyzing the current risk evaluation methods. The framework begins with the description of business process in perspective of information security and then analyzes and assesses the business activities. The risk-control evaluation of business activities is brought forward and the optional security control measures are comprehensively evaluated so as to ensure security of business activities. The framework focuses on business process activities so that information system assets, their vulnerabilities and threats are associated and evaluation of isolated and meaningless assets is avoided.

引用

页码：1024 / 1028

页数：5

共 9 条

[1]

Alberts C.J., 2003, MANAGING INFORM SECU

[2]

[Anonymous], SURVIVING SECURITY I

[3]

Djordjevic I, 2002, PROBABILISTIC SAFETY ASSESSMENT AND MANAGEMENT, VOL I AND II, PROCEEDINGS, P1897

[4]

Kokolakis S.A., 2000, Information management Computer Security, V8, P107, DOI DOI 10.1108/09685220010339192

[5]

Yu Zhi Wei, 2007, Journal of Zhejiang University, V41, P1903

[6]

Yu Zhi-wei, 2007, Journal of Zhejiang University, V41, P1244

[7]

Yu Zhi-wei, 2011, 2011 INT C IN PRESS

[8]

Yu Zhiwei, 2007, China Mechanical Engineering, V18, P457

[9]

YU Zhiwei, 2007, J ZHEJIANG U ENG SCI, V41, P1270

← 1 →