| Along with development of the military information construction, the military intranets are built with many security equipments and different security policies. However, since the separations between the policy design and execution,"secondary risk"may exist in the policy implementation procedure. It is a key issue that how to measure the implementation risk of the security policy, adjust the security policy, get the whole network security state and enhance the decision-making and users'confidence.The execution risk measurement of the military intranet's security policy is discussed in this thesis. First of all, the connotation and process are analysed in the execution risk measurement of security policy. The basic problems of the implementation risk measurement are elaborated with the measurement goal, object, method and result.Secondly, a GQM goal-oriented analysis model is introduced. Then, the measurement design model is built based on GQM. The information in-out control and accessing control policies are selected for the operation risk analysis. By analyzing the vulnerability and security threaten, the"secondary risk"is concluded from the policy operating process. According to the security risk, the information demands are summarized for the security policy operation risk measurement.Then the mapping relationship, which is between the information demand and the measurement index, is constructed in the operation risk measurement of information in-out control policy. The indexes of policy operation risk are devised, and a measurement set is composed with the indexes. The measurement methods and results are validated by using the institute's scientific research network.At last the metrics indexs are designed according to the measurement information demand in the operation risk measurement of the terminal's access and control policy. Combining with the characteristic of policy operation, we design measurement method and evaluate the method comprehensively. |
PDF Full Text Request