CN101727627A

CN101727627A - Information system security risk assessment model based on combined evaluation method

Info

Publication number: CN101727627A
Application number: CN200910311620A
Authority: CN
Inventors: 罗衡峰; 杨晓明
Original assignee: Fifth Electronics Research Institute of Ministry of Industry and Information Technology
Current assignee: Fifth Electronics Research Institute of Ministry of Industry and Information Technology
Priority date: 2009-12-16
Filing date: 2009-12-16
Publication date: 2010-06-09

Abstract

The invention relates to an information system security risk assessment model based on a combined assessment method. The model integrates the advantages of qualitative analysis and quantitative analysis, defines a reasonable index hierarchical structure and an algorithm flow and has a core idea of collecting current risk assessment methods into a method base. In assessment, data envelopment analysis (DEA) based on fuzzy comprehensive evaluation is firstly used to screen out a plurality of methods aiming at the highest performance value of an assessment system, and then the assessment results of the screened methods are combined according to fuzzy analytic hierarchy process (FAHP) to solve the problem of inconsistent result of assessment by a plurality of methods and achieve the goal of more scientific and reasonable assessment for information system risk grade.

Description

A kind of information system security risk assessment models based on the combined evaluation method

Technical field

The present invention relates to a kind of information system security risk assessment models, especially a kind of information system security risk assessment models based on the combined evaluation method.

Background technology

Information security risk evaluation is to strengthen the key link that the security assurance information system is built and managed, information security risk evaluation is starting point and the basis that information security is built, by carrying out information security risk evaluation work, can find subject matter and contradiction that information security exists, find the way that solves many key issues.

Through years of development, domestic and international existing methods of risk assessment is a lot, and its common target all is to find out risk and the influence thereof that institutional infosystem faces, and the gap between present security level and the organizational structure's demand for security.But the selection of appraisal procedure will directly have influence on each link in the evaluation process, in addition can about final assessment result, the tissue or the key of enterprise's risk of selection appraisal procedure are to select suitable methods of risk assessment as the case may be.We are divided into methods of risk assessment qualitatively, quantitative methods of risk assessment with the angle of digitizing reflection assessment result with methods of risk assessment and with the comprehensive methods of risk assessment of qualitative and quantitative combination.Quantitative test is exactly a kind of method of attempting security risk to be carried out on the numeral analysis and evaluation, its advantage is that risk and result thereof are based upon on independent objectively method and the criterion fully, meaningful statistical study is provided, has made more science, tighter, more deep of result of study; Its shortcoming is, usually in order to quantize, the things of original more complicated oversimplified, obfuscation, also may be misread and twist after the risk factors that have are quantized.Way of qualitative analysis is mainly according to non-quantification data such as the knowledge of assessment experts, experience, historical lessons, policy trend and particular variant, the system risk situation is made the process of judgement, its advantage is simple to operate and easy to understand and enforcement, can find out the key areas and the selective analysis of system risk rapidly, can also excavate some and contain very dark thought, the conclusion that makes assessment more comprehensively, more deep; Shortcoming is too subjectivity of analysis result, is difficult to reflect safe reality fully, and higher to evaluator's oneself requirement.In the system risk evaluation process of reality, the factor of need considering is a lot, and some assessment key element can be expressed with the form that quantizes, and is very difficult or even impossible to the quantification of some key element.So, do not advocate in the risk assessment process, to pursue simply quantification, do not think that all are that the risk assessment process that quantizes is a science, accurately yet.Qualitative assessment is inseparable with the relation of qualitative evaluation, and qualitative evaluation is the basic premise of qualitative assessment, and the purpose of qualitative assessment is qualitative more accurately, makes qualitative evaluation science, accurate more, and the two is unified and mutual replenishing.

Because various methods of risk assessments respectively have quality, therefore can adopt several different methods that an infosystem is assessed unavoidably.Yet the mechanism difference of the whole bag of tricks, the attribute hierarchies of method are different, and its scope of application is also different, thereby cause in application between the method assessment result also variant.On the other hand, evaluation object also has own different characteristic, and not all method all is suitable for certain specific evaluation object.

Summary of the invention

The object of the present invention is to provide a kind of information system security risk assessment models based on the combined evaluation method, thereby solve the nonuniformity problem of multi-method assessment result, promptly conclusion there are differences when using multiple distinct methods to estimate respectively to the same target with definite property value, is difficult to obtain the consistance evaluation that conforms to objective reality.

In order to reach above-mentioned target, the present invention is to all kinds of evaluation criterias, appraisal procedure, assessment models, assessment tool is analysed in depth, on the basis of research, propose and realized a kind of information system security risk assessment models based on the combined evaluation method, the step of combined evaluation method is: present appraisal procedure is collected in the method base, at the beginning of each evaluation work is carried out, at first at the characteristics of infosystem and the feature of method, employing filters out from method base based on the DEA method (DEA) of fuzzy comprehensive evoluation and is directed to the highest several method of institute's evaluating system performance value, according to Fuzzy AHP (FAHP) each method that filters out is composed power again.Next, according to typical risk assessment flow process, adopt each appraisal procedure that filters out that infosystem is carried out risk assessment respectively.At last, according to the weights of each method, make up the assessment result of each method, draw Risk Assessment Report to whole infosystem, thereby solve the nonuniformity problem of multi-method assessment result, to reach science and rational purpose of infosystem being carried out the risk class assessment more.

Fuzzy comprehensive evoluation is in conjunction with qualitative and quantitative comprehensive analysis method, and it is abstract to adopt qualitatively method to carry out on quantitative basis, is adopting quantitative methods to carry out analysis integrated on the basis qualitatively.Needed to set up rational level index structure before the employing fuzzy comprehensive evoluation is analyzed, this index structure one side requirement can depict each attribute of method by different level, and requirement can accurately and comprehensively reflect the factor of influence of method on the other hand.

DEA is a method of handling the multiobjectives decision problem of a plurality of inputs and a plurality of outputs, and aspect efficiency evaluation, the DEA method is handled many inputs, and particularly the ability of the problem of many outputs has absolute predominance.Therefore, we introduce the screening that DEA carries out method in combined evaluation, thereby improve the accuracy and the rationality of the evaluation of method validity greatly, reduce the error that subjective factor brings, and make last assessment result have science more.

The present invention uses the multiple assessment method that infosystem is assessed, overcome that traditional evaluating system adopts single appraisal procedure and the one-sidedness and the limitation that cause, each evaluation module is finished evaluation process automatically, reduce subjectivity and the assessed cost in the evaluation process, improved the efficient and the accuracy of assessment.

Description of drawings

Fig. 1: based on the information system security risk model overall construction drawing of combined evaluation method

Fig. 2: method screening layer hierarchical structure chart

Fig. 3: weight calculation hierarchy Model figure

Fig. 4: weight calculation hierarchical chart

Embodiment

To be described in detail specific embodiments of the present invention with reference to accompanying drawing.

Fig. 1 is the complete information system security risk model general structure based on the combined evaluation method.The flow process of combined evaluation is as follows: for the m kind method in the method base, principle according to fuzzy comprehensive evaluation method, carry out expert opinion from the science and rationality two broad aspect of method, the evaluation of estimate that calculates each method by Fuzzy AHP then, with the first class index of appraisal procedure output-index as DEA method (DEA), to blur the combination evaluation secondary and assess resulting result as desired value, use the DEA method and estimate the relative effectiveness of different appraisal procedures, and then from method base, select one or more higher appraisal procedures of assessment validity, respectively evaluated application system is assessed.Use Fuzzy AHP (FAHP) to set up model then and calculate the method screen with respect to top objective weight vector, next according to method weight combined result, promptly obtain the system risk grade of combined evaluation at last by the risk class value weighted sum of every kind of method.

1.1 risk assessment assessment models based on combined method

Information system security risk assessment assessment models based on the combined evaluation method mainly comprises two parts: method screening and the combination of method assessment result.They are closely continuous, inseparable entities, and the method screening is the prerequisite of method assessment result combination, and its rationality will directly influence final risk evaluation result.And the combination of method assessment result is applied to the risk assessment of system with the method that filters out with the array mode of the best, thereby has reduced the deviation that single method brings institute's evaluating system test and appraisal.

1.1.1 method screening

At first suppose in method base, to have existed multiple alternative appraisal procedure, these methods can be used for separately certain system is carried out risk assessment, because mechanism difference, the method attribute hierarchies of the whole bag of tricks are different, its usable range is also different, thus in application between the method assessment result also have inconsistency; And, evaluated infosystem also has own characteristic in application, safety, structure etc., not every appraisal procedure all is applicable to the evaluation object that this is specific, so before carrying out concrete assessment, need at first carry out the screening of method, promptly select for the highest several method of institute's evaluating system validity by corresponding algorithm Automatic sieve in method base.

Method is screened the DEA method of employing based on fuzzy comprehensive evoluation, fuzzy comprehensive evoluation need be set up rational level index structure (seeing accompanying drawing 2) for the screening of method, this index structure one side requirement can depict each attribute of method by different level, and requirement can accurately and comprehensively reflect the factor of influence of method on the other hand.After using Fuzzy AHP that each evaluation index of method is calculated, we will obtain the relative weighting of each lower floor's index with respect to final evaluation.On this basis, the satisfaction degree according to method can obtain by the comprehensive evaluation value of evaluation method each index evaluation.

In order to describe the calculation procedure of method weight in detail, set up as attached hierarchy Model, and use R _i, R _IjAnd R _IjkThe element of representing each layer, for example R _iI element of expression ground floor; And R _IjIn the expression second layer, be subordinated to R _iJ element.Calculating can be divided into 3 steps substantially:

1) structure judgment matrix

According to weight calculation hierarchy Model figure (seeing accompanying drawing 3) expression, the relation of levels is determined.Suppose last layer element R _iWith the element R in next level _I1, R _I2..., R _InBe related, then the fuzzy consensus judgment matrix can be expressed as:

A = [\begin{matrix} r_{11} & r_{12} & \cdot \cdot \cdot & r_{1 n} \\ r_{21} & r_{22} & \cdot \cdot \cdot & r_{2 n} \\ r_{n 1} & r_{n 2} & \cdot \cdot \cdot & r_{nn} \end{matrix}]

A has following character:

r _ii＝0.5，i＝1，2，...，n；

r _ij＝1-r _ji，i，j＝1，2，...，n；

r _ij＝r _ik-r _jk，i，j，k＝1，2，...，n.

Element r in the following formula _IjThe associated element R of expression element the same one deck element Ri _I1, R _I2..., R _InIn, R _IiAnd R _IjHave fuzzy relation " ... the ratio ... much important " degree of membership.In general, obtain quantitative description about the relative significance level of certain criterion, can adopt 1～9 scale to give the quantity scale for making any two schemes.Determine r in the judgment matrix _IjValue, can adopt the expert given, also can adopt other models to determine.Here, we will adopt the Delphi method afford to determine.

2) test matrix consistance

In the actual analysis decision analysis, because being familiar with, the complex nature of the problem studied and people go up issuable one-sidedness, make the judgment matrix that constructs often not have consistance.The consistency detection condition is that the difference of the corresponding elements of appointment two row arbitrarily is a constant, that is to say the r that satisfies condition _Ik-r _Jk=r _Ij-0.5.At this moment can adjust with the following method:

The first step is determined the safe element of judgement that the importance with all the other elements is compared and drawn, and, supposes that the decision maker thinks to judging r here ₁₁, r ₁₂..., r _1nMore sure.

Second step deducted the second row corresponding element with first row element of R, was constant as if n difference of gained, did not then need to adjust second row element.Otherwise, adjust second row element.Till the difference of corresponding element that first row element subtracts second row is constant.

The 3rd step deducted the third line corresponding element with first row element of R, was constant as if n difference of gained, did not then need to adjust the third line element.Otherwise, adjust second row element.Till the difference that subtracts the corresponding element of the third line up to first row element is constant.

Above-mentioned steps so continues, till the difference that first row element deducts the capable corresponding element of n is constant.

3) calculate weight

At last, suppose R _I1, R _I2..., R _InWeighted value be w _I1, w _I2..., w _In, the group of solving an equation

\{\begin{matrix} {2 a}^{2} (n - 1) w_{i 1} - {2 a}^{2} w_{i 2} - {2 a}^{2} w_{i 3} - . . . - {2 a}^{n} w_{in} + λ = a Σ_{j = 1}^{n} (r_{1 j} - r_{j 1}) \\ - 2 a^{2} w_{i 1} + {2 a}^{2} {(n - 1) w}_{i 2} - {2 a}^{2} w_{i 3} - . . . - {2 a}^{n} w_{in} + λ = a Σ_{j = 1}^{n} (r_{2 j} - r_{j 2}) \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ - 2 a^{2} w_{i 1} - 2 a^{2} w_{i 2} - 2 a^{2} w_{i 3} - . . . + 2 a^{n} (n - 1) w_{in} + λ = a Σ_{j = 1}^{n} (r_{nj} - r_{jn}) \\ \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \cdot \\ w_{i 1} + w_{i 2} + . . . + w_{in} = 1 \end{matrix}

Can try to achieve weight to w _i=[w _I1, w _I2..., w _In] ^TWeight wherein is to w _IjFor

w_{ij} = \frac{1}{n} - \frac{1}{2 a} + \frac{1}{na} Σ_{k = 1}^{n} r_{ik}

Wherein, 0＜a＜0.5, a is a kind of tolerance of people to the difference degree of institute's perceptive object, but relevant with difference degree with the evaluation object number.When getting parameter a＜(n-1)/2, can not guarantee the nonnegativity of weight, when a 〉=(n-1)/2, along with increase, the weight limit value is reducing in the element, the difference of weight is also reducing.So generally speaking, we get a=(n-1)/2, then the computing formula of weight is

w_{ij} = \frac{1}{n (n - 1)} Σ_{k = 1}^{n} r_{ik} - \frac{1}{n (n - 1)}, i = 1,2, . . ., n

The weight of the evaluation index of method need be carried out the judge of concrete grammar to each index satisfaction degree after determining.Because estimating the score value of collection is the numeral of a relative stiffness, and the people is when estimating, not necessarily can fix on evaluation on some values, so we adopt the mode of fuzzy mathematics that evaluation index is marked, and introduce analytical hierarchy process on this basis, finally obtain a definite evaluation of estimate.Suppose that the evaluation of estimate that we obtain method i is V _i, by with evaluation of estimate be V _jMethod j relatively, can intuitively obtain good and bad relatively result.If differing of evaluation of estimate is bigger, illustrate that promptly the lower method of evaluation of estimate is inadvisable.

Evaluation of estimate in the hope of single method is an example below, and the detailed step of asking the evaluation of estimate of single method with fuzzy comprehensive evaluation method is described:

1) makes up the index evaluation system

Analysis and judgement principle according to methods of risk assessment is set up hierarchical structure, sets up factor of evaluation set U=[u ₁, u ₂, u _m], u wherein _i(i=1,2 ..., m) represent each influence factor respectively.Simultaneously, obtain each evaluation index corresponding weights coefficient by analytical hierarchy process.In addition, method evaluation collection V is defined as 5 grades: V={v ₁, v ₂, v ₃, v ₄, v ₅}:

2) determine to estimate the degree of membership matrix

Determining the degree of membership d of risk assessment factor to the risk assessment collection _IjThe time, for more objective and reasonable, please some experts be the evaluation group, according to the Delphi method satisfaction of Medium Counter is estimated, thereby made people's subjective estimation have more objectivity.If estimate collection V={v ₁, v ₂, v ₃, v ₄, v ₅For factor of evaluation u _iV is arranged _IjIndividual comment j=1,2 ..., 5, u then _iDegree of membership vector d for comment collection V _i=[d _I1, d _I2..., d _I5], wherein

Obtain the degree of membership vector d of each satisfaction evaluation index of bottom thus to middle layer risk assessment index _Ij, and degree of membership matrix D=(d _Ij) _{M * 5}

3) elementary fuzzy comprehensive evoluation

Gained respectively is subordinate to matrix D _iWith relevant evaluating index weight sets A _iDo fuzzy compose operation, obtain the evaluation result vector B of Medium Counter _i=A _iOD _iWherein " o " is fuzzy composite operator.For the influence of taking all factors into consideration each factor of evaluation and the full detail that keeps single factor evaluation, the method evaluation is adopted

Operator.Promptly

b_{j} = Σ_{i = 1}^{m} (a_{i} \cdot d_{ij}) = \min {1, Σ_{i = 1}^{m} (a_{i} \cdot d_{ij})}, j = 1,2, . . ., k

When weight sets and degree of membership all have normalizing,

Be common matrix multiplication operation, at this moment the evaluation result in middle layer vector B=[b ₁, b ₂..., b _k] also be normalized, promptly

Σ_{j = 1}^{k} b_{j} = Σ_{i = 1}^{m} Σ_{j = 1}^{k} a_{i} d_{ij} = Σ_{i = 1}^{m} a_{i} Σ_{j = 1}^{k} d_{ij} = 1

Adopt

Blur composite operator, can obtain the evaluation result vector of Medium Counter.

4) secondary fuzzy comprehensive evoluation

On the basis of one-level fuzzy overall evaluation, constitute the evaluation matrix D of secondary fuzzy comprehensive evoluation with the evaluation result vector of elementary fuzzy comprehensive evoluation, as factor of evaluation U to the degree of membership matrix of estimating among the collection V, do fuzzy compose operation with the weight vectors A of Medium Counter, fuzzy composite operator is still selected for use

Can obtain the evaluation result vector of destination layer.

5) evaluation result

For the weighted mean principle, if the evaluation result that obtains vector is B=[b ₁, b ₂..., b _k], estimate collection and be V={v ₁, v ₂, v ₃, v ₄, v ₅, then obtain net result

R = \frac{Σ_{i = 1}^{n} b_{i} v_{i}}{Σ_{i = 1}^{n} b_{i}}

After so every kind of methods of risk assessment being estimated, the mark height just can be made the selection of appraisal procedure.

1.1.2 the method assessment result is composed the power combination

The combination of method assessment result is that the assessment result that every kind of methods of risk assessment draws is separately composed the power combination, and the infosystem risk is made comprehensive evaluation, composes the power algorithm and adopts Fuzzy AHP to determine weight.

The result combinations assessment will be passed through three phases:

1) sets up hierarchy Model

The screening of method and the result combinations of method are in the different phase of evaluation process.Before screening was in and assesses, reasonably screening was the effective prerequisite of assessment, concern be that model that whether method is suitable for evaluated system, method rationalizes cycle of degree, assessment and cost or the like; Result combinations is in the later stage of evaluation process, be make in all sorts of ways assess after, what result's combination should be considered is the effect of method, considers whether the process bear results reasonable, such as the coverage rate of index, artificial factor or the like.Therefore, it is different screening with the evaluation index that makes up the reference of these two operation institutes.

In order to reach preferable combined evaluation result, we will set up as level, the evaluation index of advising, and calculate the weight of each method by the principle of Fuzzy AHP makes up by the method weight in order to last result.

The process of method is mainly formed according to index with based on the algorithm of index, and the weight of the whole bag of tricks is carried out analytical calculation according to index and algorithm two parts index.In index and these two big classes of algorithm, we segment index and algorithm again.Index comprises index again related rationally, the coverage rate of index, the degree of refinement and artificial factor four parts of index, preceding two parts merge the reflection degree of index to system that be; Algorithm comprises the estimation degree in the algorithm, the science of comprehensive means and means and the method that qualitative analysis quantizes.

2) calculate weight with fuzzy stratification

After setting up the level index model, need the relative weighting of each layer element in the computation layer aggregated(particle) structure, this relative weighting refers to the weight of lower floor's index with respect to the upper strata index.At first need to construct the comparator matrix of the appraisal procedure of each three grades of index correspondence, six three grades of indexs are arranged here, therefore need construct six method comparator matrixs, respectively these matrixes are carried out consistency desired result, as the matrix that constructs does not meet consistency desired result, verification once more after it is adjusted, up to by after just can carry out next step.Next be the comparator matrix in twos of three grades of indexs of structure, building method is that the significance level of each three grades of index with respect to two-level index compared in twos, and the comparator matrix that constructs simultaneously also needs to pass through consistency desired result.Be structure two-level index comparator matrix in twos then, building method is basic identical with the comparator matrix in twos of three grades of indexs of structure.After comparator matrix structure is finished, calculate the comparator matrix eigenwert, obtain the eigenvalue of maximum of matrix, simultaneously with the normalized vector of eigenvalue of maximum correspondence weight vectors as each key element.Calculate each method successively with respect to the weight of three grades of indexs, each the three grades of index weight with respect to two-level index, each two-level index is with respect to the weight of first class index, and here, we suppose the relative last layer element of method k R _IjWeighted value be w _Ijk, R _IjWith respect to R _iWeight be w _Ij, last, R _iWeight with respect to target O is w _iThen the weight of method k is that the method is at indicator layer element R _IiThe aspect with respect to the weight of target 0 is

W _r ^k＝w _i*w _ij*w _ijk

R represents r index in the orlop index.Method k with respect to objective weight is exactly

3) result combinations

After the weight of method of having determined to filter out with respect to the ground floor index, multiply by the system risk grade point that each method is calculated with each side's method weight, then the result calculated linear, additive is promptly obtained comprehensive evaluation value to system risk.

In risk assessment practical activity, there are 5 kinds of methods of risk assessments to select for the assessment participants.The science and the rationality of risk assessment expert major concern methods of risk assessment assessment effect.Owing to judge that the index of risk assessment effect is a lot, at first adopt fuzzy synthetic appraisement method that the science and the rationality of risk assessment effect are carried out preliminary assessment here.Utilizing this assessment result to use the DEA method then screens methods of risk assessment.

1.2 the index system of estimated risk appraisal procedure assessment effect

In certain risk assessment activity, there is N kind risk risk method available, in this risk assessment activity, we mainly pay close attention to science, the rationality of methods of risk assessment, through successively decomposing and furtheing investigate, set up methods of risk assessment assessment effect assessment index set such as table 1, for Weight Determination, adopt Delphi method during research, through investigation repeatedly, index weight such as table 1.

The index system of table 1 estimated risk appraisal procedure assessment effect

1.3 determine the level evaluation collection

Under the precondition that does not influence evaluation result, adopt the comment collection:

V=(V ₁, V ₂, V ₃, V ₄, V ₅)=(is bad, and be poor, in, good, excellent)

Adopt the expert to mark for every performance branch index of risk assessment effect by centesimal system, more every score U is converted to the degree of membership on the fuzzy mathematics in conjunction with the methods of risk assessment standard.Score is according to its ownership of the interval judgement of grade of estimating collection V.

Every index score U is converted to the degree of membership that assessment is collected V, and it is carried out normalized:

r_{jk}^{i} = \frac{c_{jk}^{i}}{Σ_{i = 1}^{n_{i}} c_{jk}^{i}} (k = 1,2,3,4,5)

Obtain d _IjThe assessment vector

1.4 carry out fuzzy overall evaluation step by step

Utilize above-mentioned equation,, try to achieve the science and the rational desired value of every kind of methods of risk assessment at last, just can select suitable methods of risk assessment to carry out actual risk assessment activity then from high to low through carrying out fuzzy overall evaluation step by step.

Claims

1. information system security risk assessment models based on the combined evaluation method, it is characterized in that, its step is, in the information system security risk evaluation process, present methods of risk assessment is collected in the method base, at first adopt DEA method (DEA) based on fuzzy comprehensive evoluation from method base, to filter out during assessment and be directed to the highest several method of institute's evaluating system performance value, make up according to the assessment result of Fuzzy AHP (FAHP) again each method of filtering out.

2. a kind of information system security risk assessment models as claimed in claim 1 based on the combined evaluation method, it is characterized in that, defined level index system and algorithm flow that the combined evaluation method adopts, its core process mainly comprises based on DEA method (DEA) the method screening of fuzzy comprehensive evoluation with based on the methods and results combination of Fuzzy AHP (FAHP).

3. a kind of information system security risk assessment models as claimed in claim 1 based on the combined evaluation method, it is characterized in that, based on DEA method (DEA) the method screening of fuzzy comprehensive evoluation, the algorithm flow of method screening is successively: adopt fuzzy comprehensive evaluation method to calculate the weight vectors of each method; Adopt fuzzy comprehensive evaluation method to calculate the evaluation of estimate of each method, promptly method is to the judge of each index satisfaction degree; Substitution DEA model carries out comprehensive evaluation.

4. as claim 1 or 3 described a kind of information system security risk assessment models based on the combined evaluation method, it is characterized in that, the weight vectors of computing method may further comprise the steps: the structure judgment matrix, and judgment matrix is relatively to get in twos by the relative importance to each layer index in the level index system; There is deviation in the test matrix consistance during owing to the structure judgment matrix, therefore need carry out consistency desired result to the judgment matrix of structure, if verification is not passed through, then must re-construct judgment matrix; By judgment matrix computing method weight vectors.

5. as claim 1 or 3 described a kind of information system security risk assessment models, it is characterized in that the evaluation of estimate of calculating each method may further comprise the steps: make up the index evaluation system based on the combined evaluation method, analysis and judgement principle according to methods of risk assessment is set up hierarchical structure, sets up factor of evaluation set U=[u1, u2, um], ui (i=1,2 wherein,, m) representing each influence factor respectively, V is defined as 5 grades with method evaluation collection: V={v1, v2, v3, v4, v5}; Determine to estimate the degree of membership matrix, establish and estimate collection V={v1, v2, v3, v4, v5} has vij comment j=1 for factor of evaluation ui, and 2 ..., 5, then ui is for the degree of membership of comment collection V vector di=[di1, di2 ..., di5], wherein

d_{ij} = \frac{v_{ij}}{Σ_{j = 1}^{5} v_{ij}}

Obtain the degree of membership vector dij of each satisfaction evaluation index of bottom thus to middle layer risk assessment index, and degree of membership matrix D=(d _Ij) m * 5; Elementary fuzzy comprehensive evoluation; The secondary fuzzy comprehensive evoluation; Evaluation result, according to the weighted mean principle, if the evaluation result that obtains vector is B=[b1, b2 ..., bk], estimate collection and be V={v1, v2, v3, v4, v5} then obtains net result

R = \frac{Σ_{i = 1}^{n} b_{i} v_{i}}{Σ_{i = 1}^{n} b_{i}} .

6. as claim 1 or 3 described a kind of information system security risk assessment models based on the combined evaluation method, it is characterized in that, the DEA model is regarded each appraisal procedure as a general certain " input " and is converted into the necessarily decision package of " output ", its needed manpower, material resources drop into the input as decision package, the science that it is made infosystem, rational risk assessment is as the output of decision package, with the first class index of appraisal procedure output-index as DEA, the fuzzy overall evaluation secondary is assessed resulting result as desired value, like this, just can use the relative effectiveness that the DEA method is estimated different appraisal procedures, and then select one or more higher appraisal procedures of assessment validity.

7. a kind of information system security risk assessment models as claimed in claim 1 based on the combined evaluation method, it is characterized in that, methods and results combination based on Fuzzy AHP (FAHP), the methods of risk assessment of selecting by method screening module carries out the risk class evaluation to infosystem, then the result who estimates is carried out science and reasonably combination, the assessment result combination needs the experience three phases: set up the level index system, the method that filters out is as the final stage index; Calculate the relative weighting of each method with Fuzzy AHP with respect to top index, the at first calculative relative weighting that is lower floor's index with respect to the upper strata index, we suppose that the weighted value of the relative last layer element of method k Rij is wijk, Rij is wij with respect to the weight of Ri, at last, Ri is wi with respect to the weight of target O, and then the weight of method k is that the method is in the weight with respect to target O aspect the indicator layer element Rij:

{W_{r}}^{k} = w_{i} * w_{ij} * w_{ijk}

R represents r index in the orlop index, and method k with respect to objective weight is exactly

W^{k} = Σ_{r = 1}^{n} W_{r}^{k};

The weight vectors combined result that calculates by previous step at last.