Computer Engineering and Applications ›› 2011, Vol. 47 ›› Issue (15): 104-107.

• 网络、通信、安全 • Previous Articles     Next Articles

Research of information security risk assessment based on multiple attribute group decision-marking theory

TANG Zuoqi1,CHEN Xuanwen2,DAI Haitao1,GUO Feng2   

  1. 1.School of Computer Science & Information,Guizhou University,Guiyang 550025,China
    2.School of Management,Guizhou University,Guiyang 550025,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-05-21 Published:2011-05-21


唐作其1,陈选文2,戴海涛1,郭 峰2   

  1. 1.贵州大学 计算机科学与信息学院,贵阳 550025
    2.贵州大学 管理学院,贵阳 550025

Abstract: In the information security engineering,risk assessment plays an important part.It is the basis of the information system security systems.An approach for the information systems security assessment based on an improved multiple attribute group decision-marking theory is proposed to solve the problem of obtaining the risk grade.Then it uses OWGA(Order Weighting Geometry Average) and CWGA(Combination Weighting Geometry Average) method,which can make the results of the assessment more accurate and more objective,to calculate the risk value of the target system risk and to reduce the influence of the subjective factors in some degree.Finally,an illustrative instance is given to demonstrate its rationality and feasibility.Thus it may provide a new way for assessing information systems security.This approach is valuable for guiding the security engineering practice and developing the tool of security risk assessment.

Key words: information security, risk assessment, multiple attribute group decision-marking theory, Order Weighting Geometry Average(OWGA), Combination Weighting Geometry Average(CWGA)

摘要: 信息安全风险评估是信息系统安全工程的重要组成部分,是建立信息系统安全体系的基础和前提。针对信息系统安全评估中风险值计算难以量化、主观因素影响大的问题,提出了一种基于多属性群决策理论OWGA(有序加权几何平均)算子和CWGA(组合加权几何平均)算子的评估方法。采用该方法,解决了风险评估中评估要素属性的权重赋值问题,同时群决策理论的引入提高了风险评估的准确性和客观性。实例分析表明,该方法合理有效,可为信息系统安全风险评估提供新思路。另外,该方法比较适合于指导安全工程实践与评估软件系统的开发。

关键词: 信息安全, 风险评估, 多属性群决策理论, 有序加权几何平均, 组合加权几何平均