摘要
针对风险评估过程中存在专家权重难以合理设置,评估结果受专家主观性影响大等问题,提出一种基于自适应专家权重的信息系统风险评估模型SAEW-ISRA,给出一种细粒度专家权重自适应调整方法。首先,在评估过程中引入三角模糊数对风险指标属性评分;其次,根据专家评分模糊度描述专家知识量,结合与专家群体评分的距离构建后验权重,可使专家权重自适应调整,同时使用模糊层次分析法构建风险指标权重;然后,提出信息系统风险指标危险度量化方法,可计算风险值;最后,通过某信息系统的风险评估实例验证所提方法能达到更高的评估准确性,同时在一定程度上解决了评估过程中权重不合理问题。
Aiming to the problems that it is difficult to set the expert weight reasonably and the assessment result is greatly affected by the subjectivity of experts in the process of risk assessment,an information system risk assessment model SAEW-ISRA based on self-adaptive expert weight is proposed,and an adaptive adjustment method of fine-grained expert weight is presented.Firstly,triangular fuzzy number is introduced to score the attribute of risk indicators in the process of assessment.Secondly,the level of expert’s knowledge is described according to the fuzziness of expert score,and the posterior weight is constructed according to the distance from the average score of expert group,making the expert’s weight be adjusted adaptively;At the same time,the fuzzy analytic hierarchy process is used to construct the weight of risk indicators.Then,a risk quantification method of information system risk indicators is proposed,which can calculate the risk value.Finally,through an example of risk assessment of an information system,it is verified that the proposed method can achieve higher evaluation accuracy,and solve the problem of unreasonable weight in the evaluation process to a certain extent.
作者
卢赛
庄毅
LU Sai;ZHUANG Yi(College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 211106, China)
出处
《计算机与现代化》
2021年第8期85-93,共9页
Computer and Modernization
基金
国家自然科学基金资助项目(61572253)
江苏省软件新技术与产业化协同创新中心计划资助。
关键词
信息系统
风险评估
专家权重
三角模糊数
模糊层次分析法
information system
risk assessment
expert weight
triangular fuzzy number
fuzzy analytic hierarchy process
