A Method for System Auditing Based on Baseline Assessment
Common Criteria(CC) provides only the standard for evaluating information security product or system. CC based evaluation on system auditing is considered crucial for the overall evaluation and in trouble without an effective method; however, the information system is a large-scale complex system. It includes many uncertain factors, as software, hardware, people and so on. As a result, information systems security risk is related to many ambiguous factors, what are difficult to measure, with ambiguity. In this paper, a method for system auditing based on baseline assessment was presented, In our method, analytic hierarchy process is introduced, which could be used to evaluate the security situation of information system.
analytical hierarchy process(AHP) baseline assessment configration auditing
Jianwu Zhang Guoai Xu Yixian Yang Shize Guo
Key Laboratory of network and information attack & defense technology of MOE, Beijing University of Posts and Telecommunications, Beijing, P. R. China National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications,Beijing, P. R. China
国际会议
西安
英文
568-572
2011-05-13(万方平台首次上网日期,不代表论文的发表时间)