信息网络安全

信息网络安全 ›› 2014, Vol. 14 ›› Issue (12): 83-87.doi: 10.3969/j.issn.1671-1122.2014.12.017

• 理论研究 • 上一篇    

基于信息流的资产识别及其重要性评估方法研究

韦峰, 蒋凡   

  1. 中国科学技术大学计算机科学与技术学院,安徽合肥 230027
  • 收稿日期:2014-08-30 出版日期:2014-12-15
  • 通讯作者: 蒋凡 fjiang@ustc.edu.cn
  • 作者简介:韦峰(1990-),男,江苏,硕士研究生,主要研究方向:信息安全与协议分析;蒋凡(1956-),男,江苏,教授,硕士生导师,主要研究方向:信息安全与协议测试。

Assets Recognition and Importance Assessment Based on Information Flow

WEI Feng, JIANG Fan   

  1. School of Computer Science and Technology, University of Science and Technology of China, Hefei Anhui 230027, China
  • Received:2014-08-30 Online:2014-12-15

RichHTML

33

摘要: 信息资产识别及其重要性评估是信息安全风险评估过程中的一个重要环节。文章基于信息流来对以信息处理和信息传递为主的业务流程系统进行资产识别和重要性评估研究。文中首先利用Petri网来分析以信息为处理对象的业务流程系统,识别业务流程中所涉及的信息资产,通过信息传递将不同的信息资产连接起来,这样信息资产就被转化为一个相互连接的有向网络图,然后文章提出FrequencyRank算法并结合信息安全等级保护的内容来对有向网络图中所包含的信息资产节点的重要性进行评估。实验结果表明:文章提出的方案能够准确的计算出信息资产重要性,符合实际的情况。

关键词: 资产识别, 重要性评估, Petri网, FrequencyRank算法, 等级保护

Abstract: Information assets recognition and its importance assessment is a key step in information security assessments. This paper proposes a method based on information flow to give a solution. Firstly, we use Petri Nets theory to analyze the business process, it is beneficial for us to recognize assets' nodes and transform all information assets into a directed graph. Secondly, combined with classified protection of information system, an algorithm called FrequencyRank is put forward to calculate the value of each node in the directed graph, the value of each node represents its importance in the graph. Experiments show that the solution in this paper can accurately get the importance of each node, and also it is consistent with the actual situation.

Key words: assets recognition, importance assessment, Petri Nets, FrequencyRank algorithm, classified protection

中图分类号: