首页 | 本学科首页   官方微博 | 高级检索  
相似文献
 共查询到20条相似文献,搜索用时 62 毫秒
1.
针对信息系统安全风险因素的灰色性和模糊性,以及信息安全风险评估过程中存在的主观性,将灰色统计评估法、模糊综合评判法和层次分析法结合,建立一种信息系统安全风险的灰色模糊综合评估模型.通过灰色统计法建立模糊隶属度矩阵,层次分析法确定风险因素权重,以此来评估量化系统风险,该方法能较好地量化评估信息系统安全风险.  相似文献   

2.
FAHP在用户行为信任评价中的研究   总被引:1,自引:0,他引:1       下载免费PDF全文
针对层次分析法(AHP)的缺点,提出了一种基于三角模糊数的模糊层次分析法,该评估方法通过使用模糊数来反映专家评判的模糊性,弱化了单纯使用AHP方法存在的主观性,并对网络用户行为各属性的权重进行量化计算,使评判结果更加客观,通过实例说明如何在实际中应用该方法。评价结果为基于动态信任的安全控制提供量化分析基础,为服务提供者采取更加安全的策略来响应用户请求提供量化依据。  相似文献   

3.
《工矿自动化》2013,(11):98-102
针对煤矿安全生产预警评价指标多,且各指标受很多因素影响的问题,构建了基于模糊层次分析法的煤矿安全生产预警系统。该系统将层次分析法与模糊综合评判相结合,利用层次分析法确定各评价指标的权重,通过模糊评判矩阵进行模糊综合评判,最后将评价指标权重与模糊综合评判结果进行合成运算,从而确定煤矿安全等级和预警结果。实际应用结果验证了该系统的可行性和有效性。  相似文献   

4.
杨宏宇  李勇  陈创希 《计算机工程》2007,33(16):44-46,4
针对信息系统安全评估提出了基于模糊理论的风险计算方法。在风险计算函数因子分析基础上,通过层次分析法和模糊综合评估模型解决风险因子的权重分配问题,提出了量化风险计算的方法、流程和计算实例。  相似文献   

5.
基于熵权系数法的信息安全模糊风险评估   总被引:4,自引:0,他引:4  
罗佳  杨世平 《计算机技术与发展》2009,19(10):177-180,188
信息安全风险分析中存在大量模糊、不确定性影响因素,以往的信息安全风险综合分析方法如PRA分析法需要收集到精确全面的评估数据,通过故障树分析信息系统被攻击的原因,建立风险计算模型定量计算系统风险,此方法过于繁琐,不易对信息系统风险进行准确的量化.针对此问题,文中通过对信息系统风险影响因素的识别与分析,构建反映信息安全风险影响因素及它们相互关系的风险评估指标体系,并应用多级模糊综合评判法对风险评估指标进行多层量化评估,同时利用信息熵定量计算各风险影响因素的权重,克服了直接赋值的主观性.该方法能较好地量化评估信息系统风险,方便计算出信息系统总的风险值.  相似文献   

6.
航天测控系统容灾能力评估是建设航天测控容灾系统的关键环节.通过对航天测控系统容灾能力评估因素进行深入分析,建立评价指标体系,利用层次分析法(AHP)确定各指标的组合权重;利用模糊评判方法建立模糊评判模型,计算容灾能力的综合评判值并做出决策.按照以上方法评估,航天测控系统的总体容灾能力等级是“较强”,但在灾难恢复管理、灾难恢复规划及灾难恢复技术措施等方面还需提高.结果表明,通过将层次分析法和模糊评判方法相结合对容灾能力进行评估,可以为容灾建设提供合理参考依据.  相似文献   

7.
FAHP方法在信息安全风险评估中的研究   总被引:6,自引:0,他引:6       下载免费PDF全文
本文在分析影响信息安全风险的因素的基础上构建了信息安全风险分析的层次结构模型,提出了采用模糊层次分析法(Fuzzy-AHP)对风险进行量化分析的方法。该方法采用三角模糊数来表示基于群组决策的信息安全风险各因素的判断矩阵,并用层次分析法来对专家判断结果进行处理,为决策提供了更合理的数据。  相似文献   

8.
高新技术企业风险投资及投资风险评价   总被引:7,自引:0,他引:7  
本文研究了风险投资的含义和基本特点,并且在全面分析风险投资特点的基础上 ,提出了高科技产业开发投资风险综合评判体系. 文中利用层次分析法和聚类分析法相结合的形式确定权数,以主观概率来描述风险, 从而建立了高科技产业开发投资风险的多因素层次模糊综合评判模型,采用模糊数学工具对高新技术项目的投资风险进行综合评价.进行了实证运算,实现了高新技术产业开发投资风险较为科学的评判与判断.  相似文献   

9.
基于模糊理论的信息系统风险计算   总被引:3,自引:0,他引:3       下载免费PDF全文
杨宏宇  李勇  陈创希 《计算机工程》2007,33(16):44-46,49
针对信息系统安全评估提出了基于模糊理论的风险计算方法.在风险计算函数因子分析基础上,通过层次分析法和模糊综合评估模型解决风险因子的权重分配问题,提出了量化风险计算的方法、流程和计算实例.  相似文献   

10.
针对工业控制系统漏洞风险评估角度较为单一且与工控环境联系不紧密问题,提出了面向工业控制系统漏洞的多维属性评估方法。首先,建立了漏洞有效性、风险类别属性判别模板,同时定义漏洞风险程度多维评价指标。其次,提出基于ernieCat的风险程度预测模型,使用漏洞文本描述及漏洞内在评价属性作为融合特征预测漏洞的严重性、危害性以及可利用性等级。结合工业控制系统设备层级关键信息与漏洞风险等级情况,建立多维度量化指标,对工业控制系统漏洞的危害程度进行量化评估。最后,通过实验验证ernieCat模型应用在漏洞风险程度预测方面的优越性。  相似文献   

11.
风险分析方法研究   总被引:10,自引:0,他引:10  
郭红芳  曾向阳 《计算机工程》2001,27(3):131-132,186
风险分析是信息系统风险管理的重要组成部分,是建立信息系统安全管理体系的重要前提。试图探讨一套可用于定性及定量风险分析的模型,即用风险树分析法对信息系统安全事件发生概率以及导致安全事件的必要条件--风险模式进行分析,进而用风险模式,影响及危害度分析法对风险模式的危害度及风险损失进行分析,最后用风险矩阵对风险作出最后的评估与决策。  相似文献   

12.
基于VaR模型的金融市场风险评估系统与软件研究   总被引:2,自引:0,他引:2  
该文首先对VaR风险价值模型的基本概念进行了阐述;接着阐述了存款性金融机构建立金融市场风险评估分析系统的必要性以及VaR模型用于该系统的可行性;提出该评估分析系统的逻辑与软件结构,分析其功能、技术难点与相关的解决思路;最后介绍该系统的实证应用情况并讨论需进一步研究、解决和完善的问题。  相似文献   

13.
基于投影寻踪和支持向量机的模式识别方法*   总被引:1,自引:0,他引:1  
由于支持向量机(SVM)在处理小样本、高维数及泛化性能强等方面的优势,提出了一种基于投影寻踪(PP)和支持向量机的模式分类方法.利用PP方法把高维数据转换到低维子空间,同时用加速遗传算法获得最佳投影方向和投影值,揭示了高维数据的结构特征,然后在低维空间中用SVM对特征向量进行分类识别,并将其应用到银行信贷风险评估中.选用2005年度80家贷款申请企业的数据样本,对该模型进行验证,通过与神经网络模型的比较,证实了该方法用于模式识别的有效性及优越性.  相似文献   

14.
软件风险管理及优化控制   总被引:3,自引:0,他引:3  
描述并分析了基于CMM的软件风险管理特点,给出一个软件风险优化控制模型及优化控制策略,并设计一个动态规划的软件风险优化控制算法.最后给出使用上述方法解决问题的一个例子.该文的研究为有效地管理和定量地控制软件风险,提高软件项目的成功率提供了有力支持,因而可广泛应用于基于CMM的软件项目风险管理.  相似文献   

15.
基于结构风险最小化的加权偏最小二乘法   总被引:1,自引:0,他引:1  
为了在偏最小二乘法(PLS)建模过程中实现结构风险最小化(SRM),提出基于结构风险最小化的加权偏最小二乘法(WPLS)。WPLS先提取训练样本中的主元,然后使用支持向量机(SVM)训练算法计算训练样本权值,最后计算原始论域中的回归模型。该算法保留了PLS能有效地提取对系统解释性最强的信息的优点,并通过样本权值提高模型的泛化能力,从而实现SRM准则,所建立的模型具有可解释性。仿真计算证明了模型的有效性。  相似文献   

16.
ContextOrganizations combine agile approach and Distributed Software Development (DSD) in order to develop better quality software solutions in lesser time and cost. It helps to reap the benefits of both agile and distributed development but pose significant challenges and risks. Relatively scanty evidence of research on the risks prevailing in distributed agile development (DAD) has motivated this study.ObjectiveThis paper aims at creating a comprehensive set of risk factors that affect the performance of distributed agile development projects and identifies the risk management methods which are frequently used in practice for controlling those risks.MethodThe study is an exploration of practitioners’ experience using constant comparison method for analyzing in-depth interviews of thirteen practitioners and work documents of twenty-eight projects from thirteen different information technology (IT) organizations. The field experience was supported by extensive research literature on risk management in traditional, agile and distributed development.ResultsAnalysis of qualitative data from interviews and project work documents resulted into categorization of forty-five DAD risk factors grouped under five core risk categories. The risk categories were mapped to Leavitt’s model of organizational change for facilitating the implementation of results in real world. The risk factors could be attributed to the conflicting properties of DSD and agile development. Besides that, some new risk factors have been experienced by practitioners and need further exploration as their understanding will help the practitioners to act on time.ConclusionOrganizations are adopting DAD for developing solutions that caters to the changing business needs, while utilizing the global talent. Conflicting properties of DSD and agile approach pose several risks for DAD. This study gives a comprehensive categorization of the risks faced by the practitioners in managing DAD projects and presents frequently used methods to reduce their impact. The work fills the yawning research void in this field.  相似文献   

17.
BS7799风险评估的评估方法设计   总被引:4,自引:0,他引:4  
介绍了BS7799国际标准的内容,对标准的组织结构进行了建模,并分析了BS7799标准的不足。在此基础上,提出了应用BS7799管理标准对组织进行信息安全管理风险评估的评估方法,即将层次分析法和失效树法相结合的综合评估方法,并给出了完整的计算过程。  相似文献   

18.
We present a methodology for managing outsourcing projects from the vendor's perspective, designed to maximize the value to both the vendor and its clients. The methodology is applicable across the outsourcing lifecycle, providing the capability to select and target new clients, manage the existing client portfolio and quantify the realized benefits to the client resulting from the outsourcing agreement. Specifically, we develop a statistical analysis framework to model client behavior at each stage of the outsourcing lifecycle, including: (1) a predictive model and tool for white space client targeting and selection—opportunity identification (2) a model and tool for client risk assessment and project portfolio management—client tracking, and (3) a systematic analysis of outsourcing results, impact analysis, to gain insights into potential benefits of IT outsourcing as a part of a successful management strategy. Our analysis is formulated in a logistic regression framework, modified to allow for non-linear input–output relationships, auxiliary variables, and small sample sizes. We provide examples to illustrate how the methodology has been successfully implemented for targeting, tracking, and assessing outsourcing clients within IBM global services division.Scope and purposeThe predominant literature on IT outsourcing often examines various aspects of vendor–client relationship, strategies for successful outsourcing from the client perspective, and key sources of risk to the client, generally ignoring the risk to the vendor. However, in the rapidly changing market, a significant share of risks and responsibilities falls on vendor, as outsourcing contracts are often renegotiated, providers replaced, or services brought back in house. With the transformation of outsourcing engagements, the risk on the vendor's side has increased substantially, driving the vendor's financial and business performance and eventually impacting the value delivery to the client. As a result, only well-ran vendor firms with robust processes and tools that allow identification and active management of risk at all stages of the outsourcing lifecycle are able to deliver value to the client. This paper presents a framework and methodology for managing a portfolio of outsourcing projects from the vendor's perspective, throughout the entire outsourcing lifecycle. We address three key stages of the outsourcing process: (1) opportunity identification and qualification (i.e. selection of the most likely new clients), (2) client portfolio risk management during engagement and delivery, and (3) quantification of benefits to the client throughout the life of the deal.  相似文献   

19.
基于小波神经网络的污水处理厂出水水质预测   总被引:1,自引:0,他引:1       下载免费PDF全文
在分析传统污水处理厂出水水质预测方法的基础上,提出一种核主元分析和小波神经网洛相结合的预测新方法。首先利用核主元分析实现输入变量的降维和去相关,然后运用小波神经网络建立预测模型。采用统计学理论的中的结构风险最小化原则为目标来训练网络的结构,采用自适应正交最小二乘法来训练网络权值,该方法最大限度地保证了网络的泛化能力。实验结果表明,该预测模型具有预测精度高,使用方便等优点。  相似文献   

20.
The aim of this paper was to evaluate the risk level for both intra-organizational cultures and for different industries in implementing an enterprise resource planning (ERP) system. This study adopts the Fuzzy Analytic Network Process (FANP) method to assess ERP implementation risks, which were categorized into four dimensions: management and execution, software system, users, and technology planning. An empirical survey was conducted that utilized the collected survey data of 20 ERP experts in Taiwan to assess, rank, and improve the critical risks of ERP implementation via the FANP method. Based on the results of the FANP method, a follow-up survey of ERP end-users in different departments of three industries was conducted to assess how intra-organizational cultures and cross-industries affect users’ perceived risks a real world scenario. Our research results demonstrated that “lack of management support and assistance” is vital risk for a successful ERP implementation. Top management support and involvement are crucial and essential factors to the success of a firm's ERP implementation. “Ineffective communication with users” was found to be the second highest risk factor. The benefits of using the FANP method for evaluating the risk factors come from the clear priority weights between alternatives. Finally, this study provides suggestions to help enterprises decrease ERP risks, and enhance the chances of success of ERP implementations among intra-organizational cultures and across-industries.  相似文献   

设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号