计算机工程与应用 ›› 2010, Vol. 46 ›› Issue (5): 93-95.DOI: 10.3778/j.issn.1002-8331.2010.05.028

• 网络、通信、安全 • 上一篇    下一篇

一种基于风险矩阵法的信息安全风险评估模型

张 弢,慕德俊,任 帅,姚 磊   

  1. 西北工业大学 自动化学院,西安 710072
  • 收稿日期:2008-08-25 修回日期:2008-10-23 出版日期:2010-02-11 发布日期:2010-02-11
  • 通讯作者: 张 弢

Risk assessment model of information security based on risk matrix

ZHANG Tao,MU De-jun,REN Shuai,YAO Lei   

  1. School of Automation,Northwestern Polytechnical University,Xi’an 710072,China
  • Received:2008-08-25 Revised:2008-10-23 Online:2010-02-11 Published:2010-02-11
  • Contact: ZHANG Tao

摘要: 信息安全风险等级的评定在信息安全风险管理中至关重要,量化风险数值依旧是当前评估领域的热点。将风险矩阵法引入信息安全风险评估,构建了以专家二维矩阵、Borda排序和层次分析法为评估流程的风险评估模型,将定性的过程定量化,提高了评估的客观性。最后以校控制与网络实验室为评估对象进行实例计算。

关键词: 信息安全风险评估, 风险矩阵, Borda序值, 层次分析法

Abstract: The assessment of information security risk rank is vital in information security risk management.Quantities risk rank is still a hot spot in assessment field.The risk matrix method is brought into assessment.It conceives an assessment model processed by expert 2-dimension matrix,Borda sequence and gray analytical hierarchy process.The qualitative process is quantized.It increases the objectivity of the result.Last,the control and network lab in the school is used as a study case,and its risk rank is calculated.

Key words: information security assessment, risk-matrix, Borda count, analytical hierarchy process

中图分类号: