【摘要】 近年来,国内外信息安全风险评估的研究工作取得突飞猛进的进展,各种评估方法层出不穷,大大缩短了评估所花费的时间、资源,提高了评估的效率,改善了评估的效果。然而无论何种方法,基本上都遵循了风险评估流程,只是在具体实施手段和风险计算方面有所不同,其共同的目标都是找出组织信息资产面临的风险,并确定主要安全风险,从而分析其影响,以及目前安全水平与组织安全需求之间的差距。本文重点剖析了九种常见的信息安全风险评估方法及其优缺点。更多还原

【Abstract】 In recent years,the research work of the information safety risking-assessment has made rapid progress,and various evaluation methods are endless.It shortens the consumption in the time and resources,and improves the efficiency of the assessment,and improves the assessment result.The differenf kind of methods basically follows the risk assessment process.In the concrete implementation method and calculating method,they have a little different.Their common goal is to find out the risks of organizational information assets,and determined the main safety risk,and analyzing the influence,as well as the distance of the security level and organization security needing.This paper analyzes nine kinds of common information safety risking-assessment methods and also introduces their advantages and disadvantages.更多还原