吴小刚,李洵,张土乔,陈旭昱

DOI: https://doi.org/10.16265/j.cnki.issn1003-3033.2004.08.014

2004-01-01

Abstract:The responsibilities and functions in project safety risk management for designers and contractors are discussed. Generally the process of risk management is divided into three stages: the risk identification, evaluation, and decision making. The former two are mainly the designer's responsibility, for which a model of sub-system risk management approach is put forward. The model is exemplified and analyzed with real cases. The feasibility in risk identification and evaluation period is proved. The evaluation criteria of occurrence probability of unexpected events and severity of outcomes are rationally set up in evaluation method, which provide the scientific basis in risk evaluation of the construction safety.

郭艳卿,何德全,尤新刚,孔祥维

DOI: https://doi.org/10.3321/j.issn:0529-6579.2004.z2.027

2004-01-01

Abstract:As a latest subject, Information Hiding has received a rapid development in recent years. But the essence of Information Hiding is still obscure. In this paper, we make an analysis of different methods for evaluating the performance of Information Hiding. Then, after finding the analogy between physics and Information Hiding, we introduce the concept level property of Information Hiding and discuss the security of Information Hiding in terms of level property.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

WANG Wei,LI Chun-ping,LI Jian-bin

DOI: https://doi.org/10.16208/j.issn1000-7024.2007.14.060

2007-01-01

Abstract:Safe field in the information,the risk assessment is foundation and premises that builds up the safe system of the information system,but the risk assessment method rises to the usefulness of the assessment prominent function.The risk assessment method contain a lot of kinds,each method have it the place of the shortage.The risk assessment method adopted threat tree model and analytical hierarchy process that method combine together,made use of two kinds of vantages that assessment method,made up the shortage of the one risk assessment method,the aim is search into a kind of more valid,more reasonable and more accurate risk assessment method.

Shi Jian,Guo Shanqing,Xie Li

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.01.034

2006-01-01

Abstract:Risk assessment is critical to establishing an effective Information Security Management System and it is the foundation of information system security systematism.After introducing information security risk assessment briefly,this paper provides a real-time risk assessment method using qualitative and quantitative assessment synthetically.By analyzing the assets,vulnerabilities and threats of information system,this method can evaluate the risk of the system in real time with the events produced by security devices.

CHEN Lei-ting,WEN Li-Yu,LI Zhi-gang

DOI: https://doi.org/10.3969/j.issn.1001-0548.2005.03.023

2005-01-01

Abstract:This paper introduces the definition, standard and development on evaluation of information security; emphasis on Class of B2 in TCSEC, especially the security policy of B2, such as discretionary access control, object reuse, Labels (label integrity and exportation of labeled information) and mandatory access control. this paper also studies and analyses the other requirements for class B2, such as identification and authentication in the requirement of accountability; operational assurance (system architecture, system integrity, covert channel analysis and trusted facility management) and life-cycle assurance (security testing, design specification and verification and configuration management) in the requirement of assurance; security features user’s guide, trusted facility manual, test documentation and design documentation in the requirement of documentation. in the end of this paper, we study and comparatively analyses the class of B2 with the class of EAL5 in CC.

LI Hetian,LIU Yun,HE Dequan

DOI: https://doi.org/10.3321/j.issn:1001-4632.2007.01.023

2007-01-01

Abstract:A security risk evaluation method based on fuzzy-set comprehensive evaluation theory is demonstrated in this paper to obtain the aim of quantitatively assessing security risk.The security risk is evaluated by making the fuzzy matrix for security risk and addressing risk factor set,security risk indicator sets and the weigh coefficient of security risk factors and applied to the railway passenger ticket system.The security targets provided by the railway passenger ticket system consist of system security,availability,identification authenticity and transaction reliability in order to protect the physical assets and information assets in face of the threats which come from system itself,personnel, environmental and natural disasters.The proposed model for security risk evaluation is used to calculate the security severity of Web server for the system.The numeric results for security risk also provide a method to decide the most critical component of the system which should arouse the system administrator enough attention to take the appropriate technical or administrative security measure or controls to enhance the security of the system.

Qiang YAN,Hua-ying SHU,Zhong CHEN,Yun-suo DUAN

DOI: https://doi.org/10.3969/j.issn.1007-5321.2005.04.017

2005-01-01

Abstract:Security evaluation is an important approach for the security risk management of the information system. But there are lack of effective methods and tools for security evaluation. To resolve the problem, an object model of security evaluation is established based on the object oriented technology. The concepts of correlation test and dependency test are introduced and a set of tools is also developed according to the model. The practical application indicates that the object oriented technology can improve the efficiency of security evaluation, and the correlation test and dependency test also improve the penetration testing effects.

LI Jun,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.10.041

2007-01-01

Abstract:Information Security risk evaluation is the process of evaluating complex information systems according to multi-guideline. In order to raise the objectivity and accuracy of the evaluation,an evaluation method based on Rough Set is proposed,the principle and basic procedure of evaluation by this method is described in detail. Finally,it is of realistic and practical significance to apply the evaluation conclusion mentioned above to security-level classification.

Zhou Guoqiang,Lu Wei,Zeng Qingkai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.11.002

2007-01-01

Abstract:An information security evaluation model is proposed.Based on the analyses of contents and functions of security evolution,the architecture of the security evaluation model and platform is presented,and its implementation is given.The main functions of this model are to organize,manage and control the security test and evaluation.It also has features in generalization,integration and configuration.

Yu Zhiwei,Tang Rengzhong,Jia Dongjiao,Ye Fanbo

DOI: https://doi.org/10.3321/j.issn:1004-132X.2007.04.021

2007-01-01

Abstract:To identify the security requirements of information systems, a business process-based security requirement analysis method was presented. Focused on the business process security, the related assets which affect the business process security were identified by security tree model. The security requirements of assets were identified by risk packet and risk transferring model, and then the security requirements list was formed after coverage analysis. Finally, a case was studied to illustrate the proposed method.

闫强,陈钟,段云所,唐礼勇

DOI: https://doi.org/10.3969/j.issn.1000-3428.2003.06.001

2003-01-01

Abstract:This paper reviews the history of information system security evaluation criteria, introduces criteria which have important effect on security evaluation such as TCSEC and CC, clarifies the evaluation method and its implementation model, and introduces recent researches of other countries in this field.

CHEN Wei-hua,JIANG Quan-yuan,CAO Yi-jia,HAN Zhen-xiang

DOI: https://doi.org/10.3321/j.issn:1000-3673.2005.04.004

2005-01-01

Abstract:Based on probability theory the risk theory was applied to the vulnerability assessment of power system. Here, the power system was defined as a vulnerable system and a set of risk indices to assess the power system vulnerability and corresponding algorithm were built, thus the defects of traditional determinsistic security assessment method, which cannot satisfy the requirement of electricity market and complicated power grid, could be overcome. On this basis, a risk theory and risk indices based power system vulnerability assessment software was developed. Taking the New England test system for example, the effectiveness and advanced property of the presented method were proved.

Abdullah Al Hayajneh,Hasnain Nizam Thakur,Kutub Thakur

DOI: https://doi.org/10.5539/cis.v16n4p1

2023-11-20

Computer and Information Science

Abstract:In the contemporary era marked by the extensive utilization of data, information systems have been extensively embraced by global organizations and also hold a pivotal position in national defense and various other domains. The growing interconnectedness between individuals and diverse information systems has resulted in an intensified emphasis on the evaluation of potential risks. The mitigation of these dangers extends beyond simple technological solutions and includes established standards, legal structures, and policies, adopting a complete approach based on safety engineering concepts. This study aims to develop a robust framework for the harmonization of Information Technology Security Standards. It will explore prevalent techniques for conducting risk assessments and differentiate between quantitative and qualitative approaches to evaluation. Moreover, this study illustrates the combination of quantitative and qualitative evaluation methodologies, providing a comprehensive framework for the analysis and design of risk assessment. In addition, this study advances our understanding of INFOSEC risk assessment and contributes to the advancement of more efficient information security strategies by sharing global perspectives, addressing challenges in classification, clarifying the incorporation of Information Security Management Systems (ISMS), and highlighting the significance of Artificial Intelligence in the domain of Information Security (INFOSEC).

Sun Yang,Xiong Wei

DOI: https://doi.org/10.1109/icsess.2017.8342948

2017-01-01

Abstract:The vulnerability of network or information system is the inherent reason for the existence of security risks and security risks. External threats exploit the vulnerability of the network or information system to launch attacks. Therefore, in the field of network security risk assessment technology, security vulnerability analysis takes an important position and is the basis for a network security risk assessment. This paper mainly reviews the research status of network security vulnerability analysis methods, network security quantitative evaluation method and real-time evaluation method of network security.

杨仕平,熊光泽,桑楠,吴新勇

DOI: https://doi.org/10.3969/j.issn.1000-7024.2004.02.001

2004-01-01

Abstract:On the basis of analyzing the necessity of safety testing and evaluation for safety critical software, the safety evaluation criteria fitted for testing and evaluating safety critical software are proposed and the relations between safety evaluation criteria and reliability evaluation criteria are presented. Followed this, the limitations of the four classical testing and evaluation approaches used to evaluate the software with high safety requirements are summarized. The feasibility of safety testing and evaluation based on the technology of importance sampling and stress testing is researched, and the concrete implement process about this approach is discussed in detail, during the course of doing this, the safety critical control system of the nuclear power plant is used in a practical example in order to exemplify the correctness of the proposed approach. Finally, the related work and future trends of the research in this field are listed.

Hui Zhao,Yiting Wang,Xin Liu

DOI: https://doi.org/10.1038/s41598-022-07197-1

IF: 4.6

2022-02-28

Scientific Reports

Abstract:Abstract The continuous expansion of the construction scale of smart city has reconstructed the urban information pattern. How to maintain the stability of information security while giving full play to the role of information sharing is a practical problem that must be solved for the sustainable development of smart city. Based on the information ecology theory, this paper construct the smart city information security risk evaluation system from six aspects. Then, zGT2FSs is established based on type-2 fuzzy set theory and IAA method, which fully considers the internal and external uncertainty of expert decision-making. According to the calculation results, the key influencing factors of information security risk of smart city are analyzed to provide suggestions and guidance for the formulation of information security control in the process of smart city construction in China.

multidisciplinary sciences

翁亮,李建华,杨宇航,诸鸿文

DOI: https://doi.org/10.3321/j.issn:1006-2467.2001.11.035

2001-01-01

Abstract:IT security evaluation is a major measure to ensure IT system/product security, while secure network is a new technology based on network management, intelligent network and evaluation technology aiming to enhance the configuration and performance of IT security functions. This paper summarized both current IT security technologies and secure network functional model. It analyzed in detail the cooperation of these two technologies in re use of evaluation results, formal evaluation method and assurance maintain mechanism. And then it raised one feasible cooperation model. The result of this paper provides a new approach for the development of both the technologies.

Yong li Tang,Yi qi Dai

DOI: https://doi.org/10.1109/WICOM.2009.5302149

2009-01-01

Abstract:it has attracted more attention to the researchers about how to build an appropriate model to assess the risk of information systems. Aimed at this issue, a measurement framework of combining qualitative analysis with quantitative computation is proposed. From the implementation of information security management measurement (ISMM), the model, factors, indices, means and implementation flow are also given in detail. At last, the implementation flow of ISMM is depicted.

Huangmiao Chen,Xiuzhen Chen,Lei Fan,Changsong Chen

DOI: https://doi.org/10.1109/ssic.2015.7245673

2015-01-01

Abstract:This paper firstly analyzes security vulnerabilities, threats and special security requirements of current vehicle information system. And further referring to the classified security protection evaluation standards of traditional information system, we establish classified security protection evaluation system for vehicle information system. This system summarizes typical information assets in car system, divides vehicle information system into two classes/levels: family and business, and defines target and requirement of security protection for two kinds of vehicle information system, respectively. Finally, a series of feasible evaluation methods and tools are presented for evaluation practice. A big contribution of this paper is to explore classified security protection evaluation for vehicle information system and fills up the gap of evaluating security state of automotive information system all over the world.