计算机工程与应用 ›› 2010, Vol. 46 ›› Issue (22): 103-106.DOI: 10.3778/j.issn.1002-8331.2010.22.031

• 网络、通信、安全 • 上一篇    下一篇

信息安全风险控制的PROMETHEE决策方法研究

吕俊杰1,董 红2   

  1. 1.北京工商大学 商学院,北京 100037
    2.中国核电工程有限公司 项目管理部,北京 100840
  • 收稿日期:2010-04-14 修回日期:2010-06-01 出版日期:2010-08-01 发布日期:2010-08-01
  • 通讯作者: 吕俊杰

Information security risk control model based on PROMETHEE method

LV Jun-jie1,DONG Hong2   

  1. 1.Beijing Technology and Business University,School of Business,Beijing 100037,China
    2.Project Management Department,China Nuclear Power Engineering Co.,Ltd,Beijing 100840,China
  • Received:2010-04-14 Revised:2010-06-01 Online:2010-08-01 Published:2010-08-01
  • Contact: LV Jun-jie

摘要: 在成本效益分析的基础上,引入“级别高于关系”的PROMETHEE多属性偏好指数,提出了基于PROMETHEE方法的信息安全风险控制模型。该模型利用决策者给出的偏好,设置偏好函数、准则值和准则权重,从方案优劣程度入手,计算备选方案的“优势流”和“劣势流”,得到方案集的部分或完全排序,并基于此对安全控制措施的备选方案进行有效地筛选。还对该模型的灵敏度进行了分析和验证,最后结合实例分析了该风险控制模型的有效性。

Abstract: Based on cost-benefit analysis and the “level higher than relation” PROMETHEE multi-criteria preference index,an information security risk control model is put forward.Given the preference function,the criteria values and criteria weights of decision-makers,“edge flow” and “inferior flow” of each preparation program is calculated to compare advantages and disadvantages of control measurements,then the partial or complete sequence is obtained.The sensitivity analysis and validation are conducted further.Finally,an example is given to illustrate the application of the proposed method.

中图分类号: