A Business Process-based Risk Evaluation Framework
To present the essence of information system risk evaluation and improve the effect of evaluation,the paper puts forward a business process-based information system risk evaluation after analyzing the current risk evaluation methods.The framework begins with the description of business process in perspective of information security and then analyzes and assesses the business activities.The risk-control evaluation of business activities is brought forward and the optional security control measures are comprehensively evaluated so as to ensure security of business activities.The framework focuses on business process activities so that information system assets,their vulnerabilities and threats are associated and evaluation of isolated and meaningless assets is avoided.
Business Process Business Activity Information Security Risk Evaluation
Zhiwei Yu
Ningbo Institute of Technology, Zhejiang University, Ningbo, China
国际会议
重庆
英文
1024-1028
2011-06-23(万方平台首次上网日期,不代表论文的发表时间)