摘要
针对信息系统的安全风险评估问题,提出一种基于模糊层次分析法(FAHP)的信息系统安全风险评估方法。在该方法中,引入模糊一致矩阵来表示信息系统各层次风险因素的相对重要性,以求得各安全风险因素的权重。在此基础上运用模糊综合评判法对信息系统的安全风险进行综合评估,由此得出模糊综合评判结果。实例分析表明,该方法针对性强且具备良好的可行性和有效性,对于设计实现信息系统安全风险评估支持系统有着较强的指导意义。
This article proposed an information system security risk assessment methodology based on the fuzzy analytic hierarchy process (FAHP) for the problem of information systems security risk assessment. In this method, fuzzy consistent matrix is introduced to represent the relative importance of the information system at all levels and risk factors, in order to obtain the weight of the security risk factors. On this basis, use fuzzy comprehensive evaluation method to conduct a comprehensive assessment of information systems security risks, and resulting fuzzy comprehensive evaluation results. The case study shows that this method is highly targeted and with a good feasibility and effectiveness, it also has a strong guiding significance for the design of information systems security risk assessment support system.
出处
《情报学报》
CSSCI
北大核心
2012年第10期1105-1109,共5页
Journal of the China Society for Scientific and Technical Information
基金
湖南省科技厅科技计划项目(2011TP4002-2)
