| 数字图书馆信息安全风险评估的方法与模型 |
| |
| 引用本文: | 黄水清,任妮.数字图书馆信息安全风险评估的方法与模型[J].图书情报工作,2014,58(2):14-20. |
| |
| 作者姓名: | 黄水清 任妮 |
| |
| 作者单位: | 1. 南京农业大学信息科学技术学院;
2. 江苏省农业科学院经济与信息研究所 |
| |
| 基金项目: | 本文系国家社会科学基金重点项目“数字图书馆信息安全管理标准规范研究”(项目编号:12ATQ001)研究成果之一。 |
| |
| 摘 要: | 对比分析各种类型的风险评估方法,提出数字图书馆信息安全风险评估宜采用定性与定量相结合的半定量分析法。介绍国际标准ISO 27000、中国国家标准GB/T 20984及实际工作中常用的几种不同的评估模型,分析它们的异同与优缺点,讨论它们对数字图书馆信息安全管理的适用性,并通过具体的测评实践及理论分析证明宜采用中国国家标准GB/T 20984中的相乘法作为数字图书馆信息安全风险评估的实践模型。
|
| 关 键 词: | ISO27000 GB/T20984-2007 数字图书馆 信息安全管理 风险评估 |
| 收稿时间: | 2013-12-27 |
Study on the Risk Assessment Method and Model of Digital Libraries’ Information Security |
| |
| Huang Shuiqing,Ren Ni.Study on the Risk Assessment Method and Model of Digital Libraries’ Information Security[J].Library and Information Service,2014,58(2):14-20. |
| |
| Authors: | Huang Shuiqing Ren Ni |
| |
| Institution: | 1. College of Information Science and Technology, Nanjing Agricultural University, Nanjing 210095;
2. Institute of Agricultural Economics and Information, Jiangsu Academy of Agricultural Sciences, Nanjing 210014 |
| |
| Abstract: | Based on a comparison and an analysis of various risk assessment methods, this paper proposes that a digital library should take a semi-quantitative analysis as the information security risk assessment method, which integrates both qualitative and quantitative methods. In terms of risk assessment model, the paper introduces a few assessment models from ISO 27000, GB/T 20984 and other frequently used in practical work. Comparing these models and their weaknesses and strengths, the paper then probes into their applicability in the information security management of digital libraries. The practical tests of these risk assessment methods in real work and theoretical analysis proves that the best risk assessment model for information security risk assessment of digital libraries is the multiplication model from the GB/T 20984, a national standard of China. |
| |
| Keywords: | ISO 27000 GB/T 20984-2007 digital library information security management risk assessment |
|
| 点击此处可从《图书情报工作》浏览原始摘要信息 |
| 点击此处可从《图书情报工作》下载免费的PDF全文 |
