摘要
信息安全风险评估所涉及的4个基本要素是信息资产、信息资产的脆弱性、信息资产面临的威胁和信息资产存在的可能风险。风险评估的一个关键问题就是风险因素之间的权重分配。本文以某企业为实证,运用层次分析法进行风险因素权重的计算,并按照风险因素权重大小进行排序,可以直观地掌握各类风险的危害程度,筛选出权重相对较大的风险因素进行管理,为该企业的信息安全风险管理决策提供科学依据。
The risk assessment of information security is a scientific process of estimating the existing frangibility, the encountering menace and the possible risk in information capital. The basic factors involved in risk assessment include information capital, frangibility of information capital, menace of information capital, and possible risk arising from information capital. The key problem for risk assessment relies on allocation of weight among risk factors. The method of AHP(Analytic Hierarchy Process)developed by T. L. Saaty was used to estimate the information security risk by taking an enterprise as an example. The risk factors were listed in order based on the factor weight to give a clear view of harmfulness of various risks. Factors of heavier weight were then selected for risk assessment management.
出处
《热带农业工程》
2009年第1期36-41,共6页
Tropical Agricultural Engineering
关键词
层次分析
信息安全
风险评估
Analytic Hierarchy Process
information security
risk assessment