信息系统的模糊风险评估模型

提出了一种信息系统的综合风险评估模型。首先采用AHP（analytic hierarchy process）与模糊逻辑法相结合的方法进行风险评估，并根据信息系统风险评估的实际情况对2种方法进行了改造。应用模糊逻辑法对各个风险因素从概率方面、影响方面、不可控制性方面分别评价其重要度，利用AHP求出各个风险因素的风险值，通过比较各个因素的风险值，指出哪些风险需要采取措施加以控制。其次通过引进信息熵，求出各个风险因素在系统风险评估中所占的比例，可以计算整个系统的风险度，由此决定系统的总体风险水平。通过实例分析可知，该模型可以方便地用于信息系统风险评估，实验结果符合实际。

Model of fuzzy risk assessment of the information system

A model of risk assessment was introduced to the estimation of the information system. The method, which combined AHP and fuzzy logical method, was applied to the risk assessment. AHP and fuzzy logical method were altered according to the actual condition of the risk assessment of information system. Applying fuzzy logical method, the im- portant degree of each factor was judged in the aspects of the probability, the impact severity and uncontrollability, not judged immediately. Finally, the risk value of each factor was calculated. By comparing the risk value of each factor, it is known that which risk can take measures to control. By introducing entropy, the proportion of each risk factor in the whole risk assessment system was calculated. Next the risk degree of the whole system was calculated. Then the risk level of the whole system can be determined. The study of the case shows that the model can be easily used to the risk assessment of the information system security. The results are in accord with the reality.