摘要
针对信息系统安全风险评估问题,提出了一种基于改进FAHP的信息系统安全风险评估方法。建立了信息系统安全风险评估的层次结构模型,引入模糊一致判断矩阵来表示信息系统各层次风险因素的相对重要性,求得其权重系数,克服了传统AHP的不足;根据专家对系统各风险因素的安全性评价,得到模糊评判矩阵,进而采用模糊综合评判法对系统安全风险进行综合评估,得出最终评估结果。实例分析表明,该方法可行有效,为制定相应的安全风险控制策略提供了合理依据。
To solve the problem of security risk assessment of information systems,a security risk assessment method based on improved Fuzzy AHP is proposed.The hierarchy analysis model is established.To overcome the shortages of the traditional AHP,the fuzzy consistent judgment matrix is introduced to express the relative importance of the risk factors,and then the weight of each factor is obtained;according to the security opinion of each factor from experts,the fuzzy evaluation matrixes are obtained.Finally,the result of security risk assessment is calculated by means of fuzzy synthetic evaluation.A practical example indicates that the method is feasible and effective,and it provides reasonable warranty for constituting corresponding security risk control strategy.
出处
《火力与指挥控制》
CSCD
北大核心
2011年第4期33-36,共4页
Fire Control & Command Control
基金
国家自然科学基金资助项目(60774029)
关键词
模糊AHP
模糊一致矩阵
模糊综合评判
信息系统
风险评估
fuzzy AHP
fuzzy consistent matrix
fuzzy synthetic evaluation
information system
risk assessment
