摘要
提出了一种信息系统的综合风险评估模型。首先采用AHP(analytic hierarchy process)与模糊逻辑法相结合的方法进行风险评估,并根据信息系统风险评估的实际情况对2种方法进行了改造。应用模糊逻辑法对各个风险因素从概率方面、影响方面、不可控制性方面分别评价其重要度,利用AHP求出各个风险因素的风险值,通过比较各个因素的风险值,指出哪些风险需要采取措施加以控制。其次通过引进信息熵,求出各个风险因素在系统风险评估中所占的比例,可以计算整个系统的风险度,由此决定系统的总体风险水平。通过实例分析可知,该模型可以方便地用于信息系统风险评估,实验结果符合实际。
A model of risk assessment was introduced to the estimation of the information system. The method, which combined AHP and fuzzy logical method, was applied to the risk assessment. AHP and fuzzy logical method were altered according to the actual condition of the risk assessment of information system. Applying fuzzy logical method, the im- portant degree of each factor was judged in the aspects of the probability, the impact severity and uncontrollability, not judged immediately. Finally, the risk value of each factor was calculated. By comparing the risk value of each factor, it is known that which risk can take measures to control. By introducing entropy, the proportion of each risk factor in the whole risk assessment system was calculated. Next the risk degree of the whole system was calculated. Then the risk level of the whole system can be determined. The study of the case shows that the model can be easily used to the risk assessment of the information system security. The results are in accord with the reality.
出处
《通信学报》
EI
CSCD
北大核心
2007年第4期51-56,64,共7页
Journal on Communications
基金
国家自然科学基金资助项目(60573036)
河北省科学技术攻关计划(042135127)~~
关键词
信息安全
风险评估
模型
AHP
模糊逻辑法
熵
information security
risk assessment
model
analytic hierarchy process
fuzzy logical method
entropy