发明名称 |
METHOD FOR RISK ANALYSIS USING INFORMATION ASSET MODELLING |
摘要 |
A method for risk analysis using information asset modeling. The method has the steps of: (a) identifying an information asset which uses or provides a network service; (b) identifying a threat on the information asset through a computer network; (c) identifying a vulnerability of the information asset; (d) calculating an AL (attack likelihood) by using a CVSS (Common Vulnerability Scoring System) score obtained by converting a severity caused by a success of an attack on the vulnerability into a standardized value; (e) computing the value of the information asset so as to calculate an IM (impact analysis); and (f) multiplying the calculated AL and IM so as to determine an RL (risk level) for the information asset.
|
申请公布号 |
US2009099885(A1) |
申请公布日期 |
2009.04.16 |
申请号 |
US20070941209 |
申请日期 |
2007.11.16 |
申请人 |
SUNG YUNE-GIE;SIM WON-TAE;KIM WOO-HAN |
发明人 |
SUNG YUNE-GIE;SIM WON-TAE;KIM WOO-HAN |
分类号 |
G06Q10/00 |
主分类号 |
G06Q10/00 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|