| 基于层次分析法的信息安全风险评估要素量化方法 |
| |
| 引用本文: | 柴继文,王胜,梁晖辉,胡兵,向宏.基于层次分析法的信息安全风险评估要素量化方法[J].重庆大学学报(自然科学版),2017,40(4):44-53. |
| |
| 作者姓名: | 柴继文 王胜 梁晖辉 胡兵 向宏 |
| |
| 作者单位: | 1. 国网四川省电力公司电力科学研究院,成都,610072;2. 重庆大学 信息物理社会可信服务计算教育部重点实验室,重庆,400044 |
| |
| 基金项目: | 国网四川省电力公司科技项目(5219991351VR);国家自然科学基金资助项目(61472054)。 |
| |
| 摘 要: | 信息安全风险评估是保障信息系统安全的重要基础性工作,但现有风险评估标准和相关研究提供的评估模型和计算方法的评估结果不能有效体现信息系统资产在保密性、完整性、可用性上的不同安全需求和面临的不同风险。利用层次分析法建立风险评估层次分析模型,在借鉴通用脆弱性评分系统指标评价体系基础上改进脆弱性要素量化方法,利用构建的层次分析模型偏量判断矩阵计算"安全事件损失""安全事件可能性"和"风险值"。通过实验验证,与现有方法相比,所提方法的评估结果能够直观体现资产在保密性、完整性和可用性上面临的不同风险,能为制定风险控制措施提供更加准确、合理的建议。
|
| 关 键 词: | 风险评估 层次分析法 脆弱性 偏量判断矩阵 |
| 收稿时间: | 2016/9/5 0:00:00 |
An AHP-based quantified method of information security risk assessment elements |
| |
| CHAI Jiwen,WANG Sheng,LIANG Huihui,HU Bing and XIANG Hong.An AHP-based quantified method of information security risk assessment elements[J].Journal of Chongqing University(Natural Science Edition),2017,40(4):44-53. |
| |
| Authors: | CHAI Jiwen WANG Sheng LIANG Huihui HU Bing and XIANG Hong |
| |
| Institution: | State Gid Sichuan Electric Power Research Institute,Chengdu 610072, P. R. China,State Gid Sichuan Electric Power Research Institute,Chengdu 610072, P. R. China,State Gid Sichuan Electric Power Research Institute,Chengdu 610072, P. R. China,Key Laboratory of Dependable Service Computing in Cyber Physical Society, Ministry of Education,Chongqing University, Chongqing 400044, P. R. China and Key Laboratory of Dependable Service Computing in Cyber Physical Society, Ministry of Education,Chongqing University, Chongqing 400044, P. R. China |
| |
| Abstract: | Information security risk assessment is an important foundation work for security protection of information systems,but the assessment results of the existing risk assessment criteria and related research models and calculation methods cannot effectively reflect different security needs and risks of the confidentiality,the integrity and the availability of information system assets.In this paper,we used analytic hierarchy process (AHP) to establish a risk assessment analytic hierarchy process model first,then improved vulnerability factor quantitative methods based on the common vulnerability scoring system evaluation index system,and finally used the model's deviator judgment matrix to compute "security incident loss","security event possibility" and "value-at-risk".Experiment results show the proposed method can more intuitively reflect different risks of the confidentiality,the integrity and the availability of assets than conventional methods,and it can provide more accurate and reasonable recommendations for the development of risk control measures. |
| |
| Keywords: | risk assessment analytic hierarchy process vulnerability deviator judgment matrix |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《重庆大学学报(自然科学版)》浏览原始摘要信息 |
| 点击此处可从《重庆大学学报(自然科学版)》下载免费的PDF全文 |
|
