西安电子科技大学学报 ›› 2021, Vol. 48 ›› Issue (4): 184-191.doi: 10.19665/j.issn1001-2400.2021.04.024

• 计算机科学与技术&网络空间安全 • 上一篇    下一篇

一种信息系统业务波及影响评估方法

谢丽霞(),白宇()   

  1. 中国民航大学 计算机科学与技术学院,天津 300300
  • 收稿日期:2020-03-02 出版日期:2021-08-30 发布日期:2021-08-31
  • 作者简介:谢丽霞(1974—),女,教授,博士,E-mail: lxxie@126.com|白 宇(1995—),女,硕士,E-mail: galararaby@163.com
  • 基金资助:
    国家自然科学基金民航联合研究项目(U1833107)

Information system business affecting impact evaluation method

XIE Lixia(),BAI Yu()   

  1. School of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China
  • Received:2020-03-02 Online:2021-08-30 Published:2021-08-31

摘要:

为有效地评估业务连续中断对信息系统造成的影响,提出一种信息系统业务波及影响评估方法。首先,识别系统主要业务并量化其脆弱性;然后,以业务为网络拓扑节点并基于业务重要性值对节点赋权,以业务间有序关联为边并基于资产-业务关联对边赋权;最后,根据有向加权网络结构熵方法评估业务中断至恢复时间段内信息系统受影响的程度。实验结果表明,这种方法在评估准确性方面与其他方法相比有明显优越性,在保障信息系统安全方面具有一定应用价值。

关键词: 脆弱性, 波及影响, 业务流程, 网络拓扑, 网络结构熵

Abstract:

To effectively analyze the impact of continuous business interruption on the information system,an information system business affecting impact evaluation method (IBAIE) is proposed.First,we identify the main businesses of the system and quantify their vulnerability.Then,we take the businesses as the nodes of network topology and weight nodes based on the business significance.The orderly association between businesses is taken as the edges which are weighted based on the association between asset and business,and the directed weighted business network topology is obtained.Finally,the method of directed weighted network structure entropy is used to evaluate the change of system business network structure during the period from business interruption to recovery.Experiments show that this method has obvious advantages in evaluating accuracy compared to other methods,and can be applied in ensuring information system security.

Key words: vulnerability, affecting impact, business process, network topology, network structural entropy

中图分类号: 

  • TP309