摘要
信息系统风险评估包括识别风险和量化风险.量化风险时,需要明确量化的因素和量化的方法.通过分析风险与安全事件的关系,提出风险的影响因素指标体系框架,举例描述了风险大小的各种影响因素.
The quantitative assessment method of network information risks is an important and basic study in the information security. In the risk analysis of information system, it is very difficult to effectively quantify the risks, because lots of risk factors are very vague to us. What these factors are and how they influence the risks are the problems. This paper provides a framework of the basic evaluation index system for the risks to solve these problems. With the index system, the results of risk evaluation will be consistent, comparable, and objective.
出处
《四川大学学报(自然科学版)》
CAS
CSCD
北大核心
2006年第5期1048-1052,共5页
Journal of Sichuan University(Natural Science Edition)
基金
国家863高技术研究发展计划项目(863-104-01-03
2001AA142171)
关键词
信息系统风险评估
影响因素
评估指标体系
层次分析法
多级模糊综合评判
risk evaluation
influencing factors
evaluation index system
analytic hierarchy process
multilevel fuzzy comprehensive evaluation