摘要
随着信息化建设步伐的加快,信息安全面临的风险日益增加。为了对信息安全风险进行评估,提出一种基于模糊综合评判和AHP的信息系统安全风险评估方法,分析了系统面临的风险威胁,建立了评估指标体系,通过AHP确定指标权重,对某单位局域网信息系统安全进行了风险评估,确定了风险等级,指出了风险来源,结果表明,该方法能较好地量化评估信息系统安全风险。
With the speeding-up of IT construction,the risk faced by information security gradually grows.In order to assess the risk of information security,an evaluation method based on fuzzy comprehensiveness and AHP for information system security risk is proposed.The risk threat faced by the system is analyzed,the evalution index system established and the index weight also determined via AHP.With this method,the risk assessment on certain local information system is done,the risk level defined,and the risk source also pointed out.All these indicate that this method could fairly quantify and assess the security risk of various information systems.
出处
《信息安全与通信保密》
2014年第12期138-141,共4页
Information Security and Communications Privacy
关键词
信息化
模糊评价
信息安全
风险评估
information
fuzzy evaluation
information security
risk assessment
