| 基于风险因子的信息安全风险评估方法研究 |
| |
| 引用本文: | 孙庆波,姚国祥.基于风险因子的信息安全风险评估方法研究[J].计算机工程与设计,2012,33(1):83-87. |
| |
| 作者姓名: | 孙庆波 姚国祥 |
| |
| 作者单位: | 暨南大学信息科学技术学院,广东广州,510632 |
| |
| 基金项目: | 国家自然科学基金,广东省部产学研基金,广东省科技计划基金 |
| |
| 摘 要: | 为了减少主观性和客观性因素对于信息安全风险评估的影响,研究了信息安全风险评估的一些主流方法.参考风险评估的基本要素的定义,提出了风险因子的概念和基本要素.对风险因子的基本要素进行了定义和解释说明,设计了一种基于风险因子的风险评估模型.该模型将系统风险分解为若干风险因子,由专家对风险因子的基本要素进行评价,计算出风险因子的风险度.对风险度进行二次模糊化后构造隶属举证,并运用熵系数法求出各个风险因子的权重,进而计算出风险等级.最后给出一个实例证明了模型的科学性和合理性.
|
| 关 键 词: | 风险评估 风险因子 熵系数 风险度 二次模糊化 |
Research on information safety risk assessment method based on risk factors |
| |
| SUN Qing-bo
,
YAO Guo-xiang.Research on information safety risk assessment method based on risk factors[J].Computer Engineering and Design,2012,33(1):83-87. |
| |
| Authors: | SUN Qing-bo YAO Guo-xiang |
| |
| Affiliation: | (College of Information Science and Technology,Jinan University,Guangzhou 510632,China) |
| |
| Abstract: | In order to reduce subjective factors and objective factors for information safety risk assessment of influence,the information security risk assessment of some main methods are studied.The concept of risk factor and its basic elements are proposed,which accord to combine with the definition of basic factors of risk assessment.A mode of risk assessment based on risk factors is presented and the basic elements of risk factor are defined and explained.In this model,the system risks are decomposed into several risk factors.First,the basic elements of risk factors are evaluated by experts,then the degree of the risk factors is calculated.Secondly,the risk degree is put into secondary fuzzification,and then the membership matrix is constructed.Thirdly,using entropy coefficient method,the weight of every risk factors is obtained and risk level is calculated.Finally,it gives a practical example to demonstrate the scientificity and rationality of the model. |
| |
| Keywords: | risk assessment risk factor entropy coefficient risk degree second fuzzification |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
