论文部分内容阅读
【目的/意义】学术信息系统的安全问题是制约其信息服务质量的重要因素,对系统中资源存储与传递也有重大影响,但目前缺乏与之相应的风险识别方法。针对这一问题,本文提出一种基于综合赋权法的学术信息系统风险识别方法。【方法/过程】在全面分析学术信息系统安全风险要素的基础上,确定影响重要资产的威胁要素,融合功能赋权法和差异赋权法对威胁进行重要性识别。【结果/结论】以湖北省某高校数字图书馆为案例进行实证研究,识别方法的结论与该系统的专家认知较为一致,结果表明本文方法适合用于学术信息系统风险识别。
[Purpose / Significance] The security of academic information system is an important factor restricting the quality of its information service. It also has a significant impact on the storage and transmission of resources in the system. However, there is no corresponding risk identification method at present. In response to this problem, this paper proposes a method of risk identification of academic information system based on comprehensive weighting. 【Method / Process】 On the basis of a comprehensive analysis of the elements of the security risks of academic information systems, the threat elements that affect important assets are identified, and the importance of the threats is identified by the method of functional empowerment and differential empowerment. 【Result】 The conclusion is based on a case study of a university digital library in Hubei Province. The conclusion of the recognition method is consistent with the expert cognition of the system. The results show that the method is suitable for the risk identification of academic information system.