风险评估技术的研究与应用

风险评估技术的研究与应用作者：刘华学位授予单位：国防科学技术大学研究生院参考文献(70条)1.TC260N0001《信息技术安全技术信息系统安全保障等级评估准则第一部分:简介和一般模型》2.DepartmentofDefenseDoD5200-1928-STD.TrustedComputerSystemEvaluationCriteria19853.赵战生信息安全风险评估20044.刘芳.戴葵.王志英.吴丹信息系统安全性评估研究综述[期刊论文]-计算机工程与科学2004(10)5.刘芳.戴葵.王志英.任江春.刘华信息系统多维安全属性的定量评估模型研究[会议论文]20046.左晓栋信息安全产品与系统的测评与标准研究[学位论文]硕士20027.UseoftheCommonCriteriaforSystemLevelCertification20018.屈微AS/NZS4360:风险管理指南与信息安全风险管理19999.TheFederalInformationTechnology(IT)SecurityAssessmentFramework200010.Self-AssessmentGuideforInformationTechnologySystem,Draft,NIST200111.ISO/IEC17799:InformationTechnology-CodeofPracticeforInformationSecurityManagement200012.TheInternationalOrganizationforStandardizationCommonCriteriaforInformationTechnologySecurityEvaluation13.NSTISSI1000,NationalInformationAssuranceCertificationandAccreditationProcess(NIACAP)200014.NISTSP800-1926.SecuritySelf-AssessmentGuideforInformationTechnologySystems200115.NISTSP800-1933.UnderlyingTechnicalModelsforInformationTechnologySecurity200116.NISTSP800-1930.RiskManagementGuideforInformationTechnologySystems200217.FederalInformationSecurityManagementAct,2002(FISMA)200218.INFOSECAssessmentCapabilityMaturityModel(IA-CMM)Version2.1200219.NISTSP800-1937.GuidelinesfortheSecurityCertificationandAccreditationofFederalITSystems200320.InformationSecurityManagementSystems-Specificationwithguidanceforuse.BS7799-2200221.ISO/IECTR133351-1996.Informationtechnology-GuidelinesforthemanagementofITSecurity22.C&ASystemsSecurity:TheCOBRARiskConsultantMethodologyTM199923.CCRARiskAnalysisandManagementMethod(CRAMM)198524.NIST:AutomatedSecuritySelf-EvaluationTool(ASSET)25.InternationalSecurityTechnologyIncCost-of-RiskAnalysis(CORA)26.KetilStφlenModel-basedriskassessment-theCORASapproach200227.中华人民共和国计算机信息系统安全保护条例.中华人民共和国国务院令147号199428.GB17859-1999.中华人民共和国国家标准199929.全国信息安全标准化技术委员会查看详情30.GB/T18336.信息安全技术评估准则31.AlbertsChristopherJ.BehrensSandraG.PethiaRichardD.Wilson,WilliamROperationallyCriticalThreat,Asset,andVulnerabilityEvaluationsM(OCTAVE)Framework1.0(CMU/SEI-99-TR-017)199932.郭红芳.曾向阳风险分析方法研究[期刊论文]-计算机工程2001(3)33.王毅刚.吴昌伦BS7799-2:2002及风险评估2002(10)34.Siv-HildeHoumb.FolkerdenBraber.MassSoldalLundKetilStφlen:TowardsaUMLprofileformodel-basedriskassessment35.TheoDimitrakos.JuanBicarregui.KetilStφlenCORAS-aframe36.AmitYoran.LanceJHoffmanRole-BasedRiskAnalysis37.ChristopherAlberts.AudreyDorofeeManagingInformationSecurityRisk:TheOCTAVESMApproach200338.GrayStoneburner.HighAssurance.MoreSecureFirstWorkshoponInformationSecuritySystemRatingandRanking(ACSA)200139.StoneburnerG.AGoguenRiskManagementGuideforInformationTechnologySystems200140.左军多目标决策分析199141.ShawnAButlerSecurityAttributeEvaluationMethod200242.SystemSafetyEngineering:ReptonTestOperationProcedure43.1986-0935509-L.SidewinderTMVersion5.2.1CommonCriteriaEvaluatedConfigurationGuideCommonCriteriaEvaluatedConfigurationGuide198644.JohnMcHughQuantitativeMeasuresofAssurance:Prophecy,Process,orPipedream45.ErlandJonssonAQuantitativeModeloftheSecurityIntrusionProcessBasedonAttackerBehavior[外文期刊]1997(04)46.ROrtalo.YDeswarte.MKaanicheExperimentingwithquantitativeevaluationtoolsformonitoringoperationalsecurity199847.AnthonyH.WChan.MichaelRLyuSecurityModelingandEvaluationfortheMobileCodeParadigm48.徐中伟.吴芳美基于测试的安全软件的安全性评估[期刊论文]-计算机工程与科学2001(5)49.杨芙清.陈钟.章远阻面向对象程序设计199250.袁晓东.陈家骏.郑国梁面向对象方法中的类型概念[期刊论文]-计算机研究与发展1997(10)51.王辉.谭海平Delphi从入门到精通199852.严隽薇.严隽永计算机实时控制软件设计导论199053.王弼周易注199454.DepartmentofDefenseDoD5200-1928-STD.TrustedComputerSystemEvaluationCriteria198555.ISO7498-1992.InternationalOrganizationforStandardization(ISO)InformationProcessingSystem-OpenSystemInterconnectBasicReferenceModel-Part2:SecurityArchitecture198956.冯登国国内外信息安全研究现状及发展趋势200157.NationalSecurityAgencyInformationAssuranceTechnicalFramework(IATF),Version3.0200058.ISO/IEC15408-1999.TheInternationalOrganizationforStandardizationCommonCriteriaforInformationTechnologySecurityEvaluation199959.沈昌祥用信息安全工程理论规范信息安全建设200160.NSAMultilevelInformationSystemSecurityInitiative(MISSI)199561.DefenseInformationSystemAgencyCenterforStandardsDepartmentofDefenseGoalSecurityArchitecture(DGSA),Version3.0,Volume6of[TAFIM]199662.胡道元信息网络安全模型与安全平台63.SSE-CMMModelDescriptionDocumentVersion2.0199964.BSI/DISCCommitteeBDD/2BS7799CodeofPracticeforInformationSecurityManagement199965.ISO/IEC17799-2000.InternationalOrganizationforStandardizationCodeofPracticeforInformationSecurityManagement200066.ISO/IECTR13335.GuidelinesfortheManagementofITSecurity(GMITS)InternationalOrganizationforStandardization200167.潘柱廷信息安全管理指南ISO13335200168.信息技术安全标准目录200069.AndreasFuchsbergerGSS-API1998(04)70.CCToolboxUser'sManualVersion6.02002本文链接：