摘要
信息安全风险评估是组织信息安全的基础和前提,是信息安全领域的前沿课题之一。本文参考国内外相关评价标准,从多层次、多角度构建一套全面反映信息安全风险的评价指标体系。文中分别用层次分析法确定风险评价指标权重,用不确定性推理方法D-S证据理论融合各专家的评价意见,整合后得出综合评价结果。本研究所提供的应用实例可供各组织信息安全风险评价实践参考。
Information security risk assessment is the foundation and the precondition of information security of organization, and is one of the front subjects in information security field. In this paper, with the research of world and domestic standards, we develop a multi-hierarchy and multi-attribute index system of information security risk evalu-ation. The fundamental concepts we have adopted include the analytic hierarchy process (AHP) and D-S Evidence theory. The AHP method is used to assess the preference rating of index. Through the D - S evidence uncertain reasoning method, we obtain the final score using the information fusion of different experts. This paper takes an application example, to provide organization the best practice of information seeurity risk evaluation.
出处
《现代情报》
北大核心
2008年第5期65-69,共5页
Journal of Modern Information
关键词
信息安全
评价指标体系
层次分析法
D-S证据理论
information security
evaluation index system
analytic hierarchy process
D - S evidence theory
作者简介
程建华(1968-),女,公务员,研究方向:情报学理论,发表论文3篇。
靖继鹏(1942-),男,教授,博士生导师,研究方向:情报理论与应用。
