摘要
以GB/T20274信息系统安全保障评估框架为基础,介绍了信息系统安全保障模型及其评估指标体系,给出了评估方法的形式化描述和评估流程,提出了一种基于粗糙集(rough set,RS)和未确知测度(unascertained measure,UM)理论的信息安全评估模型。在标准处理阶段,模型采用粗糙集理论获取关键指标,简化评估指标体系;在综合评估阶段,采用未确知测度模型分析客观数据,实现了对信息系统安全保障能力的定量化综合评价。
Based on the information system security assurance evaluation framework(GB/T20274),the information system security assurance model and evaluation index system are introduced,and the formalization evaluation method and flow are presented.An information security evaluation model is proposed by applying rough set(RS) and unascertained measure(UM) theory.At the criterion pre-process period,rough set theory is used to obtain the key evaluation indexes and construct the reduced index set to simplify the original complex index system.At the evaluation period,unascertained measure model is adopted to analyze the evaluation data to implement a quantitative integration evaluation on the information system security assurance ability.
出处
《重庆大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2012年第6期147-154,共8页
Journal of Chongqing University
基金
国家自然科学基金资助项目(60773094)
杭州电子商务与信息安全重点实验室开放基金资助项目(HZEB201009)
关键词
安全测评
信息系统安全保障评估模型
粗糙集
未确知测度
security evaluation
information system security assurance evaluation model
rough set
unascertained measure
