摘要
信息系统安全等级定级由业务信息安全和系统服务安全组成,业务信息安全和系统服务安全的评价指标又由受侵害的客体、对客体的侵害程度、抵抗能力和恢复能力等组成。因此,信息系统安全等级定级是一个多层评价模型。针对以上指标评价难以量化、准确度不高的问题,运用模糊综合评价方法,建立模糊综合评价模型对信息系统进行安全等级定级,基于我国现行的信息系统安全等级定级采用五级的规定,模型选定评判等级为{一级,二级,三级,四级,五级},采用模糊层次分析法确定信息系统安全等级指标体系中的各级指标权重关系,引进一致性指标检验判断矩阵的有效性。通过学生综合信息管理系统对模型进行实证分析,结果表明,应用模糊综合评价方法在因子的定量化和定级方面更加准确和可靠。
Information systems security level classification consists of business information security and system security services, bus- iness information security and system services security are aggrieved by the infringement object, the degree of violation to the object, resistance and resilience, etc. , therefore, the information system security is a multivariate and multi-level classification evalua- tion model. Aiming at the problem of the difficult to quantify and low accuracy on classifying the security level of information sys- tem, this paper established fuzzy comprehensive evaluation model to classify the security level of information system with the method of fuzzy mathematics. In this model, based on the fact that using five levels to classify the information systems security level, the judges grade is { levell,level2 ,level3,level4,level5 }, using fuzzy analytic hierarchy process (FAHP) to determine the weight of the relationship between the indicator system, by introducing the consistency index test the effectiveness of the judgment matrix. The model is empirically analyzed by general information management system, and the fuzzy comprehensive evaluation method is adopted to classify the security level. It shows that it is more accurate and reliable in quantitative and grading of factor by fuzzy comprehen- sive evaluation.
出处
《重庆师范大学学报(自然科学版)》
CAS
CSCD
北大核心
2014年第5期89-94,共6页
Journal of Chongqing Normal University:Natural Science
关键词
模糊综合评价
安全等级
隶属度
权重
fuzzy comprehensive evaluation
security level
membership degree
weight