摘要
在信息系统的风险分析中,由于诸多风险影响因素具有较强的模糊性,很难通过有效的数据累计计算系统风险,实现风险决策的量化分析。通过分析信息系统的风险,构建风险事件发生概率及其造成损失的层次化结构,运用层次分析法确定层次结构中风险影响因素的权重系数,同时采用模糊综合评判的方法实现了系统风险的量化,并改进了评判方法和评价准则,最后通过应用实例说明算法的应用。通过这种方法,不但量化了系统风险,而且将其运用于评估可行性方案集的风险估计上,还能有效地实现风险控制策略的选择,实现系统风险的有效控制。
In the risk analysis of information system, it's very difficult to effectively quantify the risk with only collecting and counting data because lots of risk factors are very fuzzy. This article attempts to set up a comprehensive model to quantify the risk. At first, the hierarchy model for the probability of risk events and the severity of adverse effects are constructed. And then the Analytic Hierarchy Process (AHP) and Fuzzy Comprehensive Evaluation (FCE) method are applied to measure the weight coefficients and quantify the risk factors in the hierarchy model. The FCE method and its quantification of evaluation criteria are discussed. At last a calculation example is illustrated. It is believed that the method can not only quantify the risk of information system, but also can effectively choose the strategy for risk management.
出处
《四川大学学报(工程科学版)》
EI
CAS
CSCD
2004年第5期98-102,共5页
Journal of Sichuan University (Engineering Science Edition)
基金
国家863高技术研究发展计划资助项目(2001AA142171)
