摘要
在系统分析信息安全风险要素的基础上,针对评估过程中威胁发生的可能性及信息资产的价值难以量化处理的问题,引入了模糊影响图算法.根据定性分析绘制了信息安全风险影响图,应用模糊影响图评价算法计算出信息安全风险发生的概率,得出了信息安全风险评估结论.结论表明,应用模糊影响图评价信息安全风险关键在于确定结点状态与频率之间以及结点之间的模糊关系,该方法是一种定性与定量结合,既简便又实用的评估算法,为信息安全风险评估提供了一种新思路.
Based on the analysis of the factors of information security risk systematicly, this paper applyed a method named fuzzy influence diagram in assessing process, aimming at the diffcuhy of handling the uncertainty information. The author made an influence diagram by qualitative analysis, and calculated the probability of se- curity risk applying the theory, then drew a conclusion. The conclusion demonstrates that the key to applying the method is to comfirm the fuzzy relation. The method combining qualitative analysis and quantitative analysis is reasonable and convenient,which can reflect the circumstance of information security risk, so it provides a new method for information security risk assessment.
出处
《郑州大学学报(工学版)》
CAS
2008年第1期35-38,共4页
Journal of Zhengzhou University(Engineering Science)
基金
军事科研"十五"计划课题(05QJ109-010)
关键词
模糊影响图
信息安全
风险评估
fuzzy influence diagram
information security
risk assessment