摘要
信息系统风险评估的数据不够充分,传统的风险评估方法难以采纳。为评估信息系统风险,通过分析风险与安全事件的关系,以安全事件的组成元素构建信息系统风险的评估指标,并依据标准进行风险的分级量化。在此基础上,运用灰色评估方法,建立信息系统风险多层灰色评估模型,描述了信息系统的风险灰色综合评估过程,并进行了实例计算。该方法是信息系统风险评估的一种有效方法。
In the risk evaluation of information 'system, it was very difficult to effectively quantify the risk with only collecting and counting data, because lots of risk factors were very fuzzy and correlated. To solve the problem, at first, this paper built the evaluation index system for information system risk. And then, used the multilevel grey comprehensive evaluation method to quantify the risk. It gave an instance to show the usage of grey method to evaluate risk. Finally, it evaluates and leads the results to the conclusion that evaluating information risk by grey method is feasible and efficient.
出处
《计算机应用研究》
CSCD
北大核心
2008年第8期2477-2479,共3页
Application Research of Computers
关键词
信息系统风险评估
灰色聚类
白化函数
information system risk evaluation
grey cluster
whiting function