Risk Analysis of Information System Security Based on Distance of Information-State Transition

作     者：ZHOU Chao PAN Ping MAO Xinyue HUANG Liang 

作者机构：College of Computer Science and Technology Guizhou University Guiyang 550025 Guizhou China Wuhan Second State Tax Inspectorate Hubei Provincial Office SAT Wuhan 430021 Hubei China 

出 版 物：《Wuhan University Journal of Natural Sciences》 (武汉大学学报（自然科学英文版）)

年 卷 期：2018年第23卷第3期

页      面：210-218页

核心收录：

学科分类：08[工学] 0839[工学-网络空间安全] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：Supported by the National Natural Science Foundation of China(61662009) the Education Reform Project in Guizhou Province(SJJG201404) the Natural Science Foundation of Guizhou Province Education Department(KY(2015)367) 

主　　题：distance of information state transition(DIT) deviation distance information asset risk analysis 

摘      要：The configuration of information system security policy is directly related to the information asset risk, and the configuration required by the classified security protection is able to ensure the optimal and minimum policy in the corresponding security level. Through the random survey on the information assets of multiple departments, this paper proposes the relative deviation distance of security policy configuration as risk measure parameter based on the distance of information-state transition（DIT） theory. By quantitatively analyzing the information asset weight, deviation degree and DIT, we establish the evaluation model for information system. With example analysis, the results prove that this method conducts effective risk evaluation on the information system intuitively and reliably, avoids the threat caused by subjective measurement, and shows performance benefits compared with existing solutions. It is not only theoretically but also practically feasible to realize the scientific analysis of security risk for the information system.