针对技术方面的安全风险和人的弱点的安全风险以及以前的风险评估都是分开进行的情况,指出了现实的信息安全风险往往是技术问题与人为因素密不可分的,因此需要综合评估。分析了两类信息安全风险的评估要素,阐述了建立综合评估指标体系的原则,基于结构方程模型给出了具体的评估指标体系,介绍了模型的确定性算法,在评估的基础上讨论了综合防范的原则和措施,这对于信息安全风险的评估和防范具有一定的参考价值。%The traditional information security risk comes from the technical aspects, but people's weaknesses can cause the second information security risk:non-traditional information security risk.In the past literatures two kinds of information securi-ty risks are evaluated separately.In a real work to prevent information security risk, technical problems and human weakness are often closely connected each other, so the comprehensive assessment is needed.In this paper, two kinds of information security risks were mixed to analyze synchronously.The evaluation index system were expounded and the specific assessment indicators were given.Meanwhile, the summary of index system of evaluation of information security risks was carried out by structural e-quation model using definite linear algorithm, and comprehensive prevention principles and measures were discussed based on the evaluation at last.The work is valuable for the assessment and prevention of information security risk.
展开▼
