基于模糊影响图理论的信息安全风险评估-《郑州大学学报(工学版)》

文章信息/Info

Title:: Information security risk assessment based on fuzzy influence diagram theory

作者:: 张锟; 葛磊; 王春新; 等.; 解放军信息工程大学,信息工程学院,河南,郑州450002, 解放军信息工程大学,信息工程学院,河南,郑州450002, 解放军信息工程大学,信息工程学院,河南,郑州450002, 解放军信息工程大学,信息工程学院,河南,郑州450002

摘要:: 在系统分析信息安全风险要素的基础上,针对评估过程中威胁发生的可能性及信息资产的价值难以量化处理的问题,引入了模糊影响图算法.根据定性分析绘制了信息安全风险影响图,应用模糊影响图评价算法计算出信息安全风险发生的概率,得出了信息安全风险评估结论.结论表明,应用模糊影响图评价信息安全风险关键在于确定结点状态与频率之间以及结点之间的模糊关系,该方法是一种定性与定量结合,既简便又实用的评估算法,为信息安全风险评估提供了一种新思路.

Abstract:: Based on the systematic analysis of information security risk elements, a fuzzy influence diagram algorithm is introduced to solve the problem that the probability of threats in the assessment process and the value of information assets are difficult to quantify. According to the qualitative analysis, the information security risk impact map is drawn, and the fuzzy impact map evaluation algorithm is used to calculate the probability of information security risk, and the information security risk assessment conclusion is obtained. The conclusion shows that the key to applying fuzzy influence diagram to evaluate information security risk is to determine the fuzzy relationship between node status and frequency and between nodes, which is a simple and practical evaluation algorithm combining qualitative and quantitative, which provides a new idea for information security risk assessment.