摘要
论文提出了一种包含管理因素在内的模糊风险评估模型。采用了ISO17799国际标准作为风险的分类标准,以多层分析的模糊逻辑为模型,同时考虑到安全因素间的相互影响,引入了关系矩阵,实现了安全评估综合决策。通过使用三层结构将复杂关系分解为由局部简单关系构成的递增层次结构关系,同时,考虑到评判打分的主观性,制定了七种评判准则及其到评判集元素间的映射关系,增加了评判的客观性。总之,所提出的模糊风险评估模型是有效而实用的。
A fuzzy comprehensive evaluation model involved management factors is proposed in this paper.The model takes international standard ISO17799as classification rules for risk evaluation,and use hierarchy analytics fuzzy logic in model.Moreover,considering inter-relationships among security elements,relationship matrix is introduced to achieve security evaluation intelligent decision.The model uses3layer structures to decompose complexity relationship into local simple relationships,and then constitutes an increase hierarchy relationship.Furthermore,considering subjectivity of securi-ty grade,7evaluation criterions and mapping relationship between evaluating elements are considered,which increase e-valuation objectivity.In conclusion,the proposed fuzzy risk evaluation model presented in this paper is effective and prac-ticable.
出处
《计算机工程与应用》
CSCD
北大核心
2004年第6期40-43,共4页
Computer Engineering and Applications
基金
国家高技术研究发展计划(编号:2002AA142151)
关键词
模糊模型
风险评估
关系矩阵层级结构评估准则
Fuzzy model,security evaluation,elation matrix,hierarchy structure,evaluation criterion