对信息安全人因风险研究国内外理论与应用现状进行了归纳总结和分析,对人因风险研究进展做出了综合评价。针对现有信息安全风险成因过于复杂、研究对象过于片面、人因风险测度尚不完善以及缺乏对人因风险全面整合的能力等缺陷,认为未来研究方向应该加强人因风险因素识别、数据采集和建模研究,从过程视角、人因风险评估等途径实现对人因风险的动态控制管理,并将人因风险和用户行为进行整合以激励用户自觉产生积极的信息安全行为,促进企业和组织构建更安全的信息环境。%Based on the information security risk and application research of human factors, a systematic review was made, and the weak-nesses of some researches were analyzed. The paper suggested that in order to motivate users to behave with high information security con-sciousness by integrating the human factor risks and user behaviors and thus promote businesses and organizations to build more secured messaging environment, future researches should enhance ergonomic risk factor identification, data collection and modeling studies, and a-chieve dynamic control of human risk management based on various means such as human risk assessment, user behavior, etc. .
展开▼
