信息安全研究2024,Vol.10Issue(5):474-480,7.DOI:10.12379/j.issn.2096-1057.2024.05.12
基于TOPSIS和GRA的信息安全风险评估
Information Security Risk Assessment Based on TOPSIS and GRA
马冬青 1崔涛1
作者信息
- 1. 中国电子科技集团公司第十五研究所 北京 100083
- 折叠
摘要
Abstract
Information security risk assessment is very important in information security assurance.On the basis of information security standards,a risk assessment index can be made by analyzing asset-threat-vulnerability factors.A feasible method is to refer to Baseline for Classified Protection of Cybersecurity version 2.0.A risk assessment method is proposed based on TOPSIS and GRA,using entropy weight.By case analysis,the entropy weight method reduces the subjective factor to some degree by setting the weights of the indicators according to the information entropy.The method based on TOPSIS and GRA takes into account both overall and internal factors and integrates multiple risk indicators into a single score,which facilitates the ranking and selection of information security risks.关键词
信息安全/风险评估/优劣解距离法/灰色关联分析/等级保护Key words
information security/risk assessment/technique for order preference by similarity to ideal solution(TOPSIS)/grey relational analysis(GRA)/classified protection分类
信息技术与安全科学引用本文复制引用
马冬青,崔涛..基于TOPSIS和GRA的信息安全风险评估[J].信息安全研究,2024,10(5):474-480,7.
