文献类型：会议论文

英文题名：A probabilistic estimation model for information systems security risk analysis

作者：Nan, Feng[1]; Jing, Xie[1]; Deying, Fang[2]

第一作者：Nan, Feng

通讯作者：Nan, F.

机构：[1] School of Management, Tianjin University, Tianjin, China; [2] Business College, Beijing Union University, Beijing, China

第一机构：School of Management, Tianjin University, Tianjin, China

通讯机构：[1]School of Management, Tianjin University, Tianjin, China

会议论文集：Proceedings - International Conference on Management and Service Science, MASS 2009

会议日期：September 20, 2009 - September 22, 2009

会议地点：Wuhan, China

语种：英文

外文关键词：Information systems - Information use - Risk assessment - Risk perception

摘要：In this paper, a probabilistic estimation model for information systems security (ISS) risk analysis based on evidential reasoning approach is presented. The modeling process consists of four phases: specification of the model structure, estimation of evidence strength, computation of beliefs on assertions, and ISS risk monitoring and analysis. Using the changes of strength of evidences obtained in the organization's information systems, the model can continually estimate the probability of risk, and identify the sources of risk. The significance of the work is that the model provides objective and visible support for ISS risk analysis. ?2009 IEEE.