重庆大学学报2017,Vol.40Issue(4):44-53,10.DOI:10.11835/j.issn.1000-582X.2017.04.006
基于层次分析法的信息安全风险评估要素量化方法
An AHP-based quantified method of information security risk assessment elements
摘要
Abstract
Information security risk assessment is an important foundation work for security protection of information systems,but the assessment results of the existing risk assessment criteria and related research models and calculation methods cannot effectively reflect different security needs and risks of the confidentiality,the integrity and the availability of information system assets.In this paper,we used analytic hierarchy process (AHP) to establish a risk assessment analytic hierarchy process model first,then improved vulnerability factor quantitative methods based on the common vulnerability scoring system evaluation index system,and finally used the model's deviator judgment matrix to compute "security incident loss","security event possibility" and "value-at-risk".Experiment results show the proposed method can more intuitively reflect different risks of the confidentiality,the integrity and the availability of assets than conventional methods,and it can provide more accurate and reasonable recommendations for the development of risk control measures.关键词
风险评估/层次分析法/脆弱性/偏量判断矩阵Key words
risk assessment/analytic hierarchy process/vulnerability/deviator judgment matrix分类
信息技术与安全科学引用本文复制引用
柴继文,王胜,梁晖辉,胡兵,向宏..基于层次分析法的信息安全风险评估要素量化方法[J].重庆大学学报,2017,40(4):44-53,10.基金项目
国网四川省电力公司科技项目(5219991351VR) (5219991351VR)
国家自然科学基金资助项目(61472054).Supported by Science and Technology Project of State Gid Sichuan Electric Power Research Institute (5219991351VR) and National Natural Science Foundation of China(61472054). (61472054)
