摘要
信息系统安全风险本质上是动态、多目标、多属性的风险共存过程。为了真实、准确地反映信息系统安全的总体风险,降低分析判断中主观因素的影响。文章在AHP的基础上,根据多属性决策的理论与方法,对AHP中因素的非相关性进行修正,省略了规则层与因素层之间的权重关系,利用多属性影响因素之间相关性对信息系统安全进行风险评估分析与计算,实现了从对象族单一评价,关键因素的关联到系统整体的全局评价。
The security risk of information system is essentially a process coexisted with dynamic,multi-objective,and multi-attribute risks.In order to truly and accurately reflect overall risks of information system security and reduce the subjective factors influence in the analysis and judgments,under the theory and method of multiple attribute decision,the non-correlation of factors in the AHP method is amended while omitting the weight relationship between the rule layer and the factor level,and the risk assessment of information system security is analyzed and calculated according to the correlation between factors,realize overall situation appraise form unitary appraise of objects and be related of key factors to entirety.
基金
教育部信息安全类教育教学改革项目(NO:J ZW201011)
关键词
信息安全
AHP
多属性
风险评估
information security
AHP
multiple attribute
risk assessment method
