摘要
信息安全风险评估是信息安全风险管理的重要环节。对信息系统风险的评估不仅需要考虑其独立子系统的风险,还要考虑各个子系统之间相互作用所造成的风险。在层次分析理论的基础上,提出了一种结合熵权和三角模糊数的定量风险评估方法。它用三角模糊数表示信息安全专家判断信息,通过引入熵权减少了传统权值的主观性,并考虑到系统复杂性对风险发生概率的影响,使评估结果更合理。最后通过实例说明了该方法的应用。
Information security risk assessment is an important part of information security risk management.To assess the risk of an information system,not only the risks of its independent subsystems,but also the risks caused by the interactions among subsystems should be taken into consideration.Based on the analytic hierarchy process,a quantitative risk assessment method combining entropy weight with triangular fuzzy number is proposed.Triangular fuzzy numbers are used to describe the information that estimated by the information security experts,and the entropy weight is introduced to decrease the subjectivity of conventional weights.Moreover,the effect caused by the complexity of the system on risk occurrence probability is considered as well,that makes the assessment results more reasonable.An example based on Metro information systems is introduced to illustrate the application of the proposed method.
出处
《计算机应用与软件》
CSCD
2010年第6期263-267,共5页
Computer Applications and Software
关键词
风险评估
层次分析
三角模糊数
熵权
Risk assessment Analytic hierarchical process Triangular fuzzy number Entropy weight