[1] CVSS Special Interest Group. Common Vulnerability Scoring System[EB/OL]. (2019-6-30)[2022.12.01]. https://www.first.org/cvss/.
[2] ANSI/ISA. Technical Security Requirements for IACS Components: IEC 62443-4-2[S]. Genève: International Electrotechnical Commission, 2019.
[3] ANSI/ISA. Terminology, Concepts and Models: IEC 62443-1-1[S]. Genève: International Electrotechnical Commission, 2009.
[4] Sánchez-García I D,Mejía J,San Feliu Gilabert T.Cybersecurity Risk Assessment:a Systematic Mapping Review,Proposal,and Validation[J].Applied Sciences,2022,13(1):395.
[5] Wang Jiali,Neil M,Fenton N.A Bayesian Network Approach for Cybersecurity Risk Assessment Implementing and Extending the FAIR Model[J].Computers & Security, 2020(89):101659.
[6] Goel R,Kumar A,Haddow J.PRISM:a Strategic Decision Framework for Cybersecurity Risk Assessment[J].Information & Computer Security,2020,28(4):591-625.
[7] Praerit Garg, Loren Kohnfelder. The STRIDE Threat Model[EB/OL]. (2009-12-11) [2022-12-01]. https://learn.microsoft.com/en-us.
[8]李鹤田,刘云,何德全.信息系统安全风险评估研究综述[J].中国安全科学学报,2006,16(1):108-113.
Li Hetian, Liu Yun, He Dequan. Review on Study of Risk Evaluation for IT System Security[J]. China Safety Science Journal(CSSJ), 2006, 16(1): 108-113.
[9]赵小军,黄天天,马金鑫.列控系统信息安全风险分析与防护技术探讨[J].铁路通信信号工程技术,2022,19(9):46-50.
Zhao Xiaojun, Huang Tiantian, Ma Jinxin.Information Security Risk Analysis and Protection Technology of Chinese Train Control System[J]. Railway Signalling & Communication Engineering, 2022, 19(9): 46-50.
[10]宋绍华.铁路信号系统区域边界信息安全风险评估[J].铁路通信信号工程技术,2022,19(4):38-42.
Song Shaohua. Risk Assessment of Regional Boundary Information Security of Railway Signal Systems[J]. Railway Signalling & Communication Engineering, 2022, 19(4): 38-42.
[11]王锋.CBTC信号系统信息安全问题分析[J].铁路通信信号工程技术,2023,20(1):95-98,109.
Wang Feng. Information Security Analysis of CBTC Signal System[J]. Railway Signalling& Communication Engineering, 2023, 20(1): 95-98, 109.
[12]张利,姚轶崭,彭建芬,等.基于决策树的智能信息安全风险评估方法[J].清华大学学报(自然科学版),2011,51(10):1236-1239.
Zhang Li, Yao Yizhan, Peng Jianfen, et al. Intelligent Information Security Risk Assessment Based on a Decision Tree Algorithm[J]. Journal of Tsinghua University (Science and Technology), 2011, 51(10): 1236-1239.
[13]邝香琦.CBTC系统信息安全风险评估方法研究[D].北京:北京交通大学,2018.
[14]迟蒙超.城市轨道交通列控系统信息安全态势评估方法研究[D].北京:北京交通大学,2021.
[15]许辉.铁路综合视频监控系统网络安全建设的研究[J].铁路通信信号工程技术,2023,20(5):39-43.
Xu Hui. Research on Cyber-security of Railway Integrated Video Monitoring System[J]. Railway Signalling & Communication Engineering, 2023, 20(5): 39-43.
[16]Von Solms R, Van Niekerk J.From Information Security to Cyber Security[J].Computers and Security, 2013(38):97-102.
[17]Shameli-Sendi A, Aghababaei-Barzegar R, Cheriet M.Taxonomy of Information Security Risk Assessment (ISRA)[J].Computers and Security, 2016, 57(C):14-30.
[18]Susanto H, Almunawar M, Tuan Y.Information Security Management System Standards:a Comparative Study of the Big Five[J].International Journal of Electrical Computer Sciences IJECS-IJENS, 2011, 11(5):23-29.
[19]Northern B, Burks T, Hatcher M, et al.VERCASM-CPS:Vulnerability Analysis and Cyber Risk Assessment for Cyber-Physical Systems[J].Information, 2021, 12(10):408.
[20] Petersen K, Vakkalanka S, Kuzniarz L.Guidelines for Conducting Systematic Mapping Studies in Software Engineering:an Update[J].Information and Software Technology, 2015(64):1-18.
[21]Lee C K.Introduction of a Cyber Security Risk Analysis and Assessment System for Digital I & C Systems in Nuclear Power Plants[J].IFAC Proceedings Volumes, 2013, 46(9):2140-2144.
[22]Cayirci E, Garaga A, De Oliveira A S, et al.A Risk Assessment Model for Selecting Cloud Service Providers[J].Journal of Cloud Computing:Advances,Systems and Applications, 2016, 5(1):64.
[23]Roldán-Molina G, Almache-Cueva M, Silva-Rabadão C, et al.A Comparison of Cybersecurity Risk Analysis Tools[J].Procedia Computer Science, 2017(121):568-575.
[24]Hayes D R,Cappa F.Open-Source Intelligence for Risk Assessment[J].Business Horizons, 2018, 61(5):689-697.
|