计算机工程与应用 ›› 2010, Vol. 46 ›› Issue (12): 17-20.DOI: 10.3778/j.issn.1002-8331.2010.12.005

• 博士论坛 • 上一篇    下一篇

信息安全风险模糊群决策评估方法

吕俊杰1,王元卓2   

  1. 1.北京工商大学 商学院,北京 100048
    2.中国科学院 计算技术研究所,北京 100190
  • 收稿日期:2010-01-15 修回日期:2010-03-09 出版日期:2010-04-21 发布日期:2010-04-21
  • 通讯作者: 吕俊杰

Information security risk evaluation method based on fuzzy matrix and group decision

LV Jun-jie1,WANG Yuan-zhuo2   

  1. 1.School of Business,Beijing Technology and Business University,Beijing 100048,China
    2.Institute of Computing Technology,Chinese Academy of Sciences,Beijing 100190,China
  • Received:2010-01-15 Revised:2010-03-09 Online:2010-04-21 Published:2010-04-21
  • Contact: LV Jun-jie

摘要: 信息安全风险评估是对信息安全进行风险管理的最根本依据,信息安全风险评估的客观性和准确性对保障信息系统安全起着重要作用。针对信息安全风险数据难以获取、不确定性较多的特点,给出了一种基于模糊评价矩阵的信息安全风险群决策评估方法。首先将语言评价转化为定量的模糊评价,利用三角模糊数来建立信息安全风险的可能性矩阵和损失矩阵,然后通过对专家意见的集结,得到信息安全风险矩阵。其次给出了三角模糊数风险矩阵正理想解和负理想解的选取方法,以及风险严重程度的比较依据,对威胁的风险大小进行分析与评判。最后通过一个算例对该方法进行了说明。

关键词: 信息安全, 风险评估, 三角模糊数, 群决策

Abstract: Aiming at solving the difficulty of obtaining objective date on information security,this paper proposes an information security risk evaluation method based on fuzzy matrix and group decison.Firstly,the language estimates of risk probability and risk outcome are related to triangular fuzzy number.Secondly,a formulation for aggregating opinions and a method to select the positive and negative ideal solution are put forward.Then the threat severity about risk can be derived.Finally,an example is given to illustrate the application of the proposed method.

Key words: information security, risk evaluation, triangular fuzzy number, group decision

中图分类号: