| 注册
首页|期刊导航|重庆大学学报|基于层次分析法的信息安全风险评估要素量化方法

基于层次分析法的信息安全风险评估要素量化方法

柴继文 王胜 梁晖辉 胡兵 向宏

重庆大学学报2017,Vol.40Issue(4):44-53,10.
重庆大学学报2017,Vol.40Issue(4):44-53,10.DOI:10.11835/j.issn.1000-582X.2017.04.006

基于层次分析法的信息安全风险评估要素量化方法

An AHP-based quantified method of information security risk assessment elements

柴继文 1王胜 1梁晖辉 1胡兵 2向宏2

作者信息

  • 1. 国网四川省电力公司电力科学研究院,成都610072
  • 2. 重庆大学 信息物理社会可信服务计算教育部重点实验室,重庆400044
  • 折叠

摘要

Abstract

Information security risk assessment is an important foundation work for security protection of information systems,but the assessment results of the existing risk assessment criteria and related research models and calculation methods cannot effectively reflect different security needs and risks of the confidentiality,the integrity and the availability of information system assets.In this paper,we used analytic hierarchy process (AHP) to establish a risk assessment analytic hierarchy process model first,then improved vulnerability factor quantitative methods based on the common vulnerability scoring system evaluation index system,and finally used the model's deviator judgment matrix to compute "security incident loss","security event possibility" and "value-at-risk".Experiment results show the proposed method can more intuitively reflect different risks of the confidentiality,the integrity and the availability of assets than conventional methods,and it can provide more accurate and reasonable recommendations for the development of risk control measures.

关键词

风险评估/层次分析法/脆弱性/偏量判断矩阵

Key words

risk assessment/analytic hierarchy process/vulnerability/deviator judgment matrix

分类

信息技术与安全科学

引用本文复制引用

柴继文,王胜,梁晖辉,胡兵,向宏..基于层次分析法的信息安全风险评估要素量化方法[J].重庆大学学报,2017,40(4):44-53,10.

基金项目

国网四川省电力公司科技项目(5219991351VR) (5219991351VR)

国家自然科学基金资助项目(61472054).Supported by Science and Technology Project of State Gid Sichuan Electric Power Research Institute (5219991351VR) and National Natural Science Foundation of China(61472054). (61472054)

重庆大学学报

OA北大核心CSCDCSTPCD

1000-582X

访问量0
|
下载量0
段落导航相关论文