学生论文
|
论文查询结果 |
返回搜索 |
|
|
|
| 论文编号: | 8414 | |
| 作者编号: | 2120142405 | |
| 上传时间: | 2016/6/11 9:48:59 | |
| 中文题目: | 基于AHP与模糊综合法的云服务信息安全风险评估模型研究 | |
| 英文题目: | Research on information security risk assessment model of cloud service based on AHP-fuzzy comprehensive method | |
| 指导老师: | 严建援 | |
| 中文关键字: | 云服务;AHP;模糊数学;信息安全;风险评估 | |
| 英文关键字: | cloud services; AHP; fuzzy mathematics; information security; risk assessment | |
| 中文摘要: | 随着我国信息技术的发展以及低碳经济的推行,信息化可以说是渗透到社会的每一个角落。Google公司的CEO Eric Emerson Schmidt自2006年提出云计算(Cloud Computing)以来,云计算成为学术界、政界和商界炙手可热的话题,取得了迅速的发展。云计算信息服务(以下称云服务)有着其他信息技术无法替代的优势,同时也带来了很多的问题。云环境、服务、服务中断和计划外的停机事件频繁发生,使得用户在青睐其带来了低成本的同时,也不得不因为云服务带来的信息安全问题所担忧。信息安全成为企业在采用云服务时不得不解决的一个问题。 从而对云服务所面临的信息安全问题开展评估,帮助我们分清云服务的好与坏,采取适当措施避免损失,扬长避短,为深化企业用户进一步的云服务应用进行相关探索。 本文试图对云计算服务过程中可能存在的信息风险以及相关评估的模型进行周密,严谨的分析设计。本文提出,在对云服务用户的信息安全中存在的风险评估时,将云服务商考虑进来。即先对云服务商目前的信息安全进行评估,之后结合云服务商的信息安全风险评估值,评估用户自身的信息安全风险。当进行评估的时候,先站在用户的角度,对云服务商的信息安全风险因素进行识别,提出一个云服务商的信息安全风险评估指标体系,建立一种定量的评估方法,之后将云服务商的风险评估模型纳入到自身的评估模型之中。 首先,分析了本论文的写作背景以及本论文的写作意义。其次,分析了云服务信息安全的学术现况,在进一步研究云服务的特点和借鉴之前学术成果的基础上,厘清基于用户角度的云服务商信息风险因子,建立了基于用户角度的云服务商信息风险评价体系。接着,层次分析法和模糊综合分析方法构建了一个定量的云服务信息安全风险评估模型,通过层次分析法和模糊综合降低了整个过程中的人为因素,让整个过程更令人信服。通过实地访问企业和专家打分分析出各个指标之间的权重以及风险值,最后通过该模型评估云服务商的信息安全风险。最后,建立一个对用户本身的信息风险进行评估的模型。通过对企业的资产、威胁和脆弱性进行识别和赋值,结合前文对云服务商信息安全风险的评估,评估出用户自身的信息安全风险。 综述,该文章较为详实的分析了云服务全过程,从而,理顺出该过程存在的信息风险因子,更进一步的提出安全风险评估模型,为云服务全程中信息风险的评估创造一种新路径,为云计算信息安全工程给予借鉴。 | |
| 英文摘要: | Along with the rapid development and popularization of the modern information technology, the information of society as a whole has penetrated into every corner, Google CEO Eric Schmidt first proposed cloud computing (Cloud Computing) since2006, cloud computing’s developing is a research hotspot in the field of information technology. Cloud computing services to the user to bring the cost reduction, management information convenience at the same time, its security issues have become increasingly prominent. Cloud environment, service attack, service interruption and unexpected downtime and other events occurred frequently. At present, security has become the biggest challenge facing cloud services, it is related to the user's confidence in the application of cloud computing. Therefore, to analyze the security threats and risks of cloud services, help to identify the advantages and disadvantages of cloud services, take advantage of its advantages, to further take appropriate measures to avoid losses. In this paper, the cloud service users made the information security risk assessment. That is, first, the cloud service providers to assess the current information security, combined with the cloud service provider of information security risk assessment, to assess the user's own information security risk. When to evaluate the first station in the user's point of view, cloud service providers of information security risk factors were identified, proposed a cloud service providers of information security risk assessment index system, to establish a quantitative method of evaluation. In order to deepen the application of enterprise cloud services related exploration. This thesis makes a detailed and systematic study on the model of cloud computing service process model, information security risk and risk assessment. First of all, this paper analyzes the background of the thesis and the significance of this thesis. Secondly, the analysis of the research status of the cloud service information security, deep mining cloud characteristics and previous research, to tease out the user point of view of the cloud service provider of information security risk factors and user point of view of the cloud service provider of information security risk evaluation index system is established. Then analytic hierarchy process and fuzzy comprehensive evaluation method constructed a quantitative cloud service information security risk assessment model by hierarchical analysis and fuzzy integrated to reduce the subjective influence the evaluation process, which makes the evaluation more objective and credible. Through the field visit enterprises and experts scoring analysis of the weight of each index and the value of the risk, and finally through the model to assess the information security risk of cloud service providers. Finally, a model of information security risk assessment is established. Through the identification and evaluation of assets, threats and vulnerabilities of the enterprise, combined with the previous information security risk assessment of cloud service providers, to assess the user's own information security risk. To sum up, in this paper, the detailed system of cloud computing service process, and then analyzes the information security risk factors exist in the process. Finally, it puts forward security risk assessment model, cloud computing service in the process of privacy and security risk assessment for cloud computing and information security is proposed. | |
| 查看全文: | 预览 下载(下载需要进行登录) |