Abstract: With respect to the ranking of information security risk assessment value that information security risk assessment weights and decision makers’ weights are both unknown, an information security risk assessment method based on the compromise rate method is proposed. It puts forward a new weight-calculate method based on distance measure to determine the index weight. By decision makers’ evaluation to each other and group consistency, a subjective and objective comprehensive empowerment model is constructed to obtain the decision makers’ weights. It applies compromise rate method for ranking information security risk. Case analysis and comparative analysis show the validity and feasibility of the method.

Key words: information security risk assessment, subjective and objective comprehensive empowerment, compromise rate method

摘要： 针对信息安全风险评估指标及决策者权重均未知的信息安全风险评估值排序问题，提出一种基于妥协率法的信息安全风险评估方法。提出一种新的根据距离测度求权重的方法来确定指标权重；构建了基于决策者相互评价和群体意见一致性下的主客观综合赋权模型确定决策者权重；运用妥协率法对信息安全风险进行排序。案例分析及对比分析说明该方法的有效可行性。

关键词: 信息安全风险评估, 主客观综合赋权, 妥协率法