Study on Business Action-based Asset Model and Assets Identification of Information System

被引：0

作者：

Yu Zhi-wei ^{[1
]}

机构：

[1] Zhejiang Univ, Ningbo Inst Technol, Ningbo, Zhejiang, Peoples R China

来源：

2011 INTERNATIONAL CONFERENCE ON FUZZY SYSTEMS AND NEURAL COMPUTING (FSNC 2011), VOL IV | 2011年

关键词：

business action; information security; risk evaluation; assets identification; A(3) model;

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

It is the basis and one key for evaluating and managing the risk of information systems to identify the concrete assets. On the basis of the analysis on the purpose and task of information systems, the business action-based association assets (A(3)) model is put forward in this paper. The index system to evaluate the importance of assets and the procedure to find the key assets are presented to select those key assets as the object of information system risk evaluation and management. Finally, this method is validated through the risk evaluation of a medical treatment facility information system.

引用

页码：246 / 249

页数：4

共 11 条

[1]

Alberts Christopher, 2003, MANAGING INFORM SECU, V8

[2]

Fan Yushun, 2001, INTRO ENTERPRISE MOD, V10, P107

[3]

Kokolakis S.A., 2000, Information management Computer Security, V8, P107, DOI DOI 10.1108/09685220010339192

[4]

SHARON H, 1996, INFORM MANAGEMENT CO, V4, P19

[5]

Stonebumer G., 2010, NIST SPECIAL PUBLICA, V800-30

[6] The IS risk analysis based on a business model [J].

Suh, B ;

Han, I .

INFORMATION & MANAGEMENT, 2003, 41 (02) :149-158

[7]

Wang L. F., 1990, Introduction to Analytic Hierarchy Process

[8]

Wright M, 1999, COMPUT FRAUD SECUR, P9, DOI 10.1016/S1361-3723(99)80005-0

[9]

Yu Zhi Wei, 2007, Journal of Zhejiang University, V41, P1903

[10]

Yu Zhi-wei, 2007, Journal of Zhejiang University, V41, P1244

← 1 2 →