摘要
信息系统面临着大量的威胁,各种威胁发生的可能性是不一样的。为了对信息系统采取有效的安全策略和安全措施,就要对信息系统进行风险评估,就要对威胁发生的可能性做评价。本文首先对信息系统受到威胁的指标体系作了介绍,然后提出一种综合运用层次分析法和模糊综合评判法来对信息安全风险评估中威胁发生可能性作定量分析的方法。本文最后以一个应用实例来阐述该方法在实践中的应用。
There are a lot of threats to the information system, but the threat probability is various .To make security policy and security measures more effective, the information system risk assessment and the threat probability assessment are essential .This paper introduces the indictors of threat probability firstly, then presents a quantitative analysis method of threat probability using AHP and Fuzzy Comprehensive Evaluation in information security risk assessment. At last, this paper gives a sample to illustrate the use in practice.
出处
《微计算机信息》
北大核心
2007年第27期73-74,12,共3页
Control & Automation
基金
国信办"国家电子政务等级保护试点工作"(项目编号:200402008)
关键词
风险评估
定量分析
层次分析法
模糊综合评判
Risk Assessment, Quantitative Analysis, AHP, Fuzzy Comprehensive Evaluation
