摘要
基于ISO/IEC17799标准建立了一个综合的信息系统风险分析框架,并运用模糊多准则决策(FMCDM)方法计算信息安全风险,根据风险等级矩阵(RLM)对信息资产风险进行级别划分,最终建立评估信息资产相关风险的完整模型。
This research addresses the aspects of confidentiality, integrity and availability of information security and consolidates the opinions of security experts and ISO/IEC 17799 on information risks, in order to construct an integrated framework for risk analysis. The Fuzzy Multi-Criteria Decision Making (FMCDM) method is applied to calculate the information security risks. Then the risk level matrix (RLM) is used to categorize the risk management measures and to create a complete model for the assessment of information assets related risks.
出处
《信息安全与通信保密》
2006年第7期23-25,共3页
Information Security and Communications Privacy
关键词
信息安全
风险评估
信息资产
模糊多准则决策
information security risk assessment information assets fuzzy multi-criteria decision making
