采用OCTAVE模型的电子政务信息系统风险评估
OCTAVE-Based Risk Evaluation for E-Government Information Systems
-
摘要: 电子政务信息系统风险评估是各级政府部门制定有效、可靠的安全防护措施的必要前提。该文采用“可操作的关键威胁、资产和弱点评估”模型作为理论依据,构造出采用模型的电子政务信息系统风险评估指标体系。利用层次分析法确定权数,以主观概率来描述指标的隶属度,从而建立了电子政务信息系统风险的模糊综合评估方法。结合实例分析,实现了对电子政务信息系统风险的科学评估。Abstract: The risk evaluation of E-government information systems is of the most importance in government administration and services. This paper presents a risk evaluation factors system based on operationally critical threat, asset and vulnerability evaluation (OCTAVE). A method of multi-element fuzzy synthesis Judgement on the risk of E-government information systems is established. A case study demonstrates the effectiveness of the proposed system and method.