摘要
随着信息化进程的快速发展,保障信息系统的安全性和降低信息系统潜在的风险,一直是国内外学者关注的焦点,而风险评估正是解决该问题的有效方法之一,但是在风险评估过程中存在评估指标难以量化、风险值难以界定等困难,因此文章提出了一种基于灰色关联分析的信息安全风险评估方法,该方法首先建立了信息系统的风险评估指标体系,其次将评估的信息系统与最优信息系统进行关联度分析,最后得出信息系统风险的准确度量。该方法可以使信息系统的评估过程简单化,标准化。
With the rapid development of information process,how to guarantee the security and reduce the potential risks of the information systems has been the focus of Information Security researchers,and risk assessment is one of the effective ways to solve this problem.However,there are some difficulties in the process of risk assessment,such as evaluation indicators are difficult to be quantified,the risk values are difficult to be defined,and so on.Therefore,this article proposes a method of Information Security risk assessment based on the Gray Relational Analysis.It establishes risk assessment indicator system of the information system first,then the relational degrees of the evaluation information systems and the best information system are analyzed,and the accurate measurement of the information system risks are obtained finally.The method can be simplified and standardized in the evaluation process.
出处
《信息网络安全》
2012年第4期51-53,共3页
Netinfo Security
关键词
信息安全
灰色关联分析法
风险评估
information security
gray relational analysis
risk assessment
