信息系统的风险分析

Risk Analysis for Information Systems

Journal of Information Technology · 1992
被引 19
ABS 4

中文导读

本文提出了一种针对信息系统的结构化风险分析方法,该方法基于Hyperion开发的SRA方法论,适用于商业组织的风险分析与管理。

Abstract

This paper presents an integrated approach to risk analysis for Information Systems (IS) using the Structured Risk Analysis (SRA) methodology developed at Hyperion. SRA has been used, very successfully, to perform risk analysis both for security-oriented risk analysis in the City and safety-oriented risk analysis for the European Space Agency. This paper develops and describes a particular instance of the SRA methodology for IS. Excluding safety-critical applications allows certain simplifications to the methodology in the case of IS. These simplifications make structured risk analysis for information systems (SRA-IS) a practical and cost-effective basis for risk analysis and risk management in commercial organizations.

风险管理信息系统计算机安全风险评估