摘要
针对信息系统风险评估中模糊性、不确定性的问题,提出了一种基于模糊评估的等级保护风险评估模型。依据等级保护标准,建立起层次化评估体系,规范风险因素的选取。同时,考虑到评估值可能出现模糊值、残缺值等情况,重新定义了模糊评语集合,使模型能够应对更复杂的风险评估问题。在此基础上,引入基于证据理论的模糊评估方法对各风险因素进行合成,减小不确定性并量化评估结果。通过实例表明该模型的有效性和广泛的应用价值。
A risk assessment model of classified protection based on fuzzy evaluation is put forward to objectively represent fuzziness and uncertainty in the information system risk assessment. Firstly, according to classified protection, the hierarchical evaluation system is proposed to normalize the selection of risk factors. Secondly, considering that the comment from experts might be uncertain or incomplete, the fuzzy comment set is defined so that the assessment model can deal with more complex situation. Moreover, the fuzzy evaluation method based on evidence theory is introduced to reduce the uncertainty and quantify the result of the assess ment. Finally, a case study is given and the result shows that the model is effective and is widely used.
出处
《计算机工程与设计》
CSCD
北大核心
2013年第2期452-457,共6页
Computer Engineering and Design
基金
国家自然科学基金项目(60979016)
关键词
风险评估模型
模糊评估
等级保护
层次化评估体系
证据理论
risk assesssment model
fuzzy evaluation
classified protection
hierarchical evaluation system~ evidence theory
