摘要
风险评估技术能够检测信息系统面临的风险,是实现信息系统等级保护的重要基础和依据。文中以信息安全管理标准ISO/IEC 27000系列为基础构建电力系统信息安全风险评估指标体系,建立电力系统风险评估模型,并且采用多层次模糊综合评判算法计算风险值。首先确定信息系统的保护级别,然后利用ISO/IEC 27005划分信息安全风险因素指标,构建多层次风险因素,设定不同权重和评判集,计算出风险值,并且给出了应用实例验证算法。
Risk assessment technology can detect potential security risks of information systems, which is important to achieve the requirement of information system classified protection. Based on the information security management standards ISO/IEC 27000, it set up a risk assessment index system on power system information security. Combined with classified security protection, propose a model of risk assessment, and use multi-level fuzzy algorithm to calculate the risk. First, confirm the classified protection level, then use the ISO/IEC 27005 to divide risk index, build multi-level risk factors, set different weight and judge sets, calculate the risk value, at last , give an application example.
出处
《电力科学与工程》
2010年第11期50-54,共5页
Electric Power Science and Engineering
关键词
电力信息安全
风险评估
模糊综合评判
模糊理论
power information security
risk assessment
fuzzy comprehensive evaluation
fuzzy theory
