Computer Engineering and Applications ›› 2011, Vol. 47 ›› Issue (10): 75-77.

• 网络、通信、安全 • Previous Articles     Next Articles

Integrated evaluation method for information security management measurement

GUO Xiquan1,2,LUO Weiqi1,YAO Guoxiang1   

  1. 1.Jinan University,Guangzhou 510632,China
    2.Guangzhou Panyu Polytechnic,Guangzhou 511483,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-04-01 Published:2011-04-01

信息安全管理测量的集成综合评价方法

郭锡泉1,2,罗伟其1,姚国祥1   

  1. 1.暨南大学,广州 510632
    2.广州番禺职业技术学院,广州 511483

Abstract: This paper presents a model integrating Analytical Hierarchy Process(AHP) and Fuzzy Comprehensive Evaluation(FCE) through application of system evaluation methods to “Information Security Management Measures”(ISMM) following ISO/IEC27004.An two-level index system is built in the model.Practical application cases show that such a method is capable of converting experts’ subjective decision into quantitative results.Such a comprehensive evaluation method will prove effective and helpful under the current situation that ISO/IEC27004 has not yet provided a powerful operational measuring method.

Key words: Information Security Management System(ISMS), analytical hierarchy process, fuzzy comprehensive evaluation

摘要: 把系统评价方法应用到信息安全管理测量的领域,依据ISO/IEC27004《信息安全管理测量》标准,为信息安全管理体系的测量提出一种层次分析法与多级模糊综合评价的集成模型。实例应用表明,该方法能把专家的主观定性判断转化为客观性较好的定量评价结果。在目前ISO/IEC27004尚未提供可操作性强的测量方法的状况下,不失为一种有效的综合评价方法。

关键词: 信息安全管理体系, 层次分析法, 模糊综合评价