摘要
文章针对信息系统风险评估易受主观因素的影响,存在模糊性和不确定性等问题,提出了一个新的风险评估模型。通过建立基于等级保护的层次化评估体系,并运用基于层次分析法的评估方法处理评估中存在的模糊值,最终量化评估结果。实证结果表明,该模型能够减小风险评估中的模糊性和不确定性,可以较好地解决信息系统风险评估的实际困难和问题。
This article in view of the information system risk assessment are susceptible to the influence of subjective factors, some problems such as vagueness and uncertainty, a new risk assessment model is put forward. By establishing hierarchical evaluation system based on the level of protection, and using the evaluation method based on analytic hierarchy process (AHP) that exist in the process evaluation fuzzy value, finally quantitative evaluation results. The empirical results show that the model can reduce the fuzziness and uncertainty in risk assessment can better solve practical difficulties and problems of information system risk assessment.
基金
适用于重要信息系统的产品安全性检验平台项目(编号:C13383)支持
关键词
信息安全
等级保护
风险评估
层次分析法
information security
grade protection
risk evaluation
analytic hierarchy process
