CN101727627A - Information system security risk assessment model based on combined evaluation method - Google Patents
Information system security risk assessment model based on combined evaluation method Download PDFInfo
- Publication number
- CN101727627A CN101727627A CN200910311620A CN200910311620A CN101727627A CN 101727627 A CN101727627 A CN 101727627A CN 200910311620 A CN200910311620 A CN 200910311620A CN 200910311620 A CN200910311620 A CN 200910311620A CN 101727627 A CN101727627 A CN 101727627A
- Authority
- CN
- China
- Prior art keywords
- evaluation
- index
- assessment
- risk assessment
- dea
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to an information system security risk assessment model based on a combined assessment method. The model integrates the advantages of qualitative analysis and quantitative analysis, defines a reasonable index hierarchical structure and an algorithm flow and has a core idea of collecting current risk assessment methods into a method base. In assessment, data envelopment analysis (DEA) based on fuzzy comprehensive evaluation is firstly used to screen out a plurality of methods aiming at the highest performance value of an assessment system, and then the assessment results of the screened methods are combined according to fuzzy analytic hierarchy process (FAHP) to solve the problem of inconsistent result of assessment by a plurality of methods and achieve the goal of more scientific and reasonable assessment for information system risk grade.
Description
Technical field
The present invention relates to a kind of information system security risk assessment models, especially a kind of information system security risk assessment models based on the combined evaluation method.
Background technology
Information security risk evaluation is to strengthen the key link that the security assurance information system is built and managed, information security risk evaluation is starting point and the basis that information security is built, by carrying out information security risk evaluation work, can find subject matter and contradiction that information security exists, find the way that solves many key issues.
Through years of development, domestic and international existing methods of risk assessment is a lot, and its common target all is to find out risk and the influence thereof that institutional infosystem faces, and the gap between present security level and the organizational structure's demand for security.But the selection of appraisal procedure will directly have influence on each link in the evaluation process, in addition can about final assessment result, the tissue or the key of enterprise's risk of selection appraisal procedure are to select suitable methods of risk assessment as the case may be.We are divided into methods of risk assessment qualitatively, quantitative methods of risk assessment with the angle of digitizing reflection assessment result with methods of risk assessment and with the comprehensive methods of risk assessment of qualitative and quantitative combination.Quantitative test is exactly a kind of method of attempting security risk to be carried out on the numeral analysis and evaluation, its advantage is that risk and result thereof are based upon on independent objectively method and the criterion fully, meaningful statistical study is provided, has made more science, tighter, more deep of result of study; Its shortcoming is, usually in order to quantize, the things of original more complicated oversimplified, obfuscation, also may be misread and twist after the risk factors that have are quantized.Way of qualitative analysis is mainly according to non-quantification data such as the knowledge of assessment experts, experience, historical lessons, policy trend and particular variant, the system risk situation is made the process of judgement, its advantage is simple to operate and easy to understand and enforcement, can find out the key areas and the selective analysis of system risk rapidly, can also excavate some and contain very dark thought, the conclusion that makes assessment more comprehensively, more deep; Shortcoming is too subjectivity of analysis result, is difficult to reflect safe reality fully, and higher to evaluator's oneself requirement.In the system risk evaluation process of reality, the factor of need considering is a lot, and some assessment key element can be expressed with the form that quantizes, and is very difficult or even impossible to the quantification of some key element.So, do not advocate in the risk assessment process, to pursue simply quantification, do not think that all are that the risk assessment process that quantizes is a science, accurately yet.Qualitative assessment is inseparable with the relation of qualitative evaluation, and qualitative evaluation is the basic premise of qualitative assessment, and the purpose of qualitative assessment is qualitative more accurately, makes qualitative evaluation science, accurate more, and the two is unified and mutual replenishing.
Because various methods of risk assessments respectively have quality, therefore can adopt several different methods that an infosystem is assessed unavoidably.Yet the mechanism difference of the whole bag of tricks, the attribute hierarchies of method are different, and its scope of application is also different, thereby cause in application between the method assessment result also variant.On the other hand, evaluation object also has own different characteristic, and not all method all is suitable for certain specific evaluation object.
Summary of the invention
The object of the present invention is to provide a kind of information system security risk assessment models based on the combined evaluation method, thereby solve the nonuniformity problem of multi-method assessment result, promptly conclusion there are differences when using multiple distinct methods to estimate respectively to the same target with definite property value, is difficult to obtain the consistance evaluation that conforms to objective reality.
In order to reach above-mentioned target, the present invention is to all kinds of evaluation criterias, appraisal procedure, assessment models, assessment tool is analysed in depth, on the basis of research, propose and realized a kind of information system security risk assessment models based on the combined evaluation method, the step of combined evaluation method is: present appraisal procedure is collected in the method base, at the beginning of each evaluation work is carried out, at first at the characteristics of infosystem and the feature of method, employing filters out from method base based on the DEA method (DEA) of fuzzy comprehensive evoluation and is directed to the highest several method of institute's evaluating system performance value, according to Fuzzy AHP (FAHP) each method that filters out is composed power again.Next, according to typical risk assessment flow process, adopt each appraisal procedure that filters out that infosystem is carried out risk assessment respectively.At last, according to the weights of each method, make up the assessment result of each method, draw Risk Assessment Report to whole infosystem, thereby solve the nonuniformity problem of multi-method assessment result, to reach science and rational purpose of infosystem being carried out the risk class assessment more.
Fuzzy comprehensive evoluation is in conjunction with qualitative and quantitative comprehensive analysis method, and it is abstract to adopt qualitatively method to carry out on quantitative basis, is adopting quantitative methods to carry out analysis integrated on the basis qualitatively.Needed to set up rational level index structure before the employing fuzzy comprehensive evoluation is analyzed, this index structure one side requirement can depict each attribute of method by different level, and requirement can accurately and comprehensively reflect the factor of influence of method on the other hand.
DEA is a method of handling the multiobjectives decision problem of a plurality of inputs and a plurality of outputs, and aspect efficiency evaluation, the DEA method is handled many inputs, and particularly the ability of the problem of many outputs has absolute predominance.Therefore, we introduce the screening that DEA carries out method in combined evaluation, thereby improve the accuracy and the rationality of the evaluation of method validity greatly, reduce the error that subjective factor brings, and make last assessment result have science more.
The present invention uses the multiple assessment method that infosystem is assessed, overcome that traditional evaluating system adopts single appraisal procedure and the one-sidedness and the limitation that cause, each evaluation module is finished evaluation process automatically, reduce subjectivity and the assessed cost in the evaluation process, improved the efficient and the accuracy of assessment.
Description of drawings
Fig. 1: based on the information system security risk model overall construction drawing of combined evaluation method
Fig. 2: method screening layer hierarchical structure chart
Fig. 3: weight calculation hierarchy Model figure
Fig. 4: weight calculation hierarchical chart
Embodiment
To be described in detail specific embodiments of the present invention with reference to accompanying drawing.
Fig. 1 is the complete information system security risk model general structure based on the combined evaluation method.The flow process of combined evaluation is as follows: for the m kind method in the method base, principle according to fuzzy comprehensive evaluation method, carry out expert opinion from the science and rationality two broad aspect of method, the evaluation of estimate that calculates each method by Fuzzy AHP then, with the first class index of appraisal procedure output-index as DEA method (DEA), to blur the combination evaluation secondary and assess resulting result as desired value, use the DEA method and estimate the relative effectiveness of different appraisal procedures, and then from method base, select one or more higher appraisal procedures of assessment validity, respectively evaluated application system is assessed.Use Fuzzy AHP (FAHP) to set up model then and calculate the method screen with respect to top objective weight vector, next according to method weight combined result, promptly obtain the system risk grade of combined evaluation at last by the risk class value weighted sum of every kind of method.
1.1 risk assessment assessment models based on combined method
Information system security risk assessment assessment models based on the combined evaluation method mainly comprises two parts: method screening and the combination of method assessment result.They are closely continuous, inseparable entities, and the method screening is the prerequisite of method assessment result combination, and its rationality will directly influence final risk evaluation result.And the combination of method assessment result is applied to the risk assessment of system with the method that filters out with the array mode of the best, thereby has reduced the deviation that single method brings institute's evaluating system test and appraisal.
1.1.1 method screening
At first suppose in method base, to have existed multiple alternative appraisal procedure, these methods can be used for separately certain system is carried out risk assessment, because mechanism difference, the method attribute hierarchies of the whole bag of tricks are different, its usable range is also different, thus in application between the method assessment result also have inconsistency; And, evaluated infosystem also has own characteristic in application, safety, structure etc., not every appraisal procedure all is applicable to the evaluation object that this is specific, so before carrying out concrete assessment, need at first carry out the screening of method, promptly select for the highest several method of institute's evaluating system validity by corresponding algorithm Automatic sieve in method base.
Method is screened the DEA method of employing based on fuzzy comprehensive evoluation, fuzzy comprehensive evoluation need be set up rational level index structure (seeing accompanying drawing 2) for the screening of method, this index structure one side requirement can depict each attribute of method by different level, and requirement can accurately and comprehensively reflect the factor of influence of method on the other hand.After using Fuzzy AHP that each evaluation index of method is calculated, we will obtain the relative weighting of each lower floor's index with respect to final evaluation.On this basis, the satisfaction degree according to method can obtain by the comprehensive evaluation value of evaluation method each index evaluation.
In order to describe the calculation procedure of method weight in detail, set up as attached hierarchy Model, and use R
i, R
IjAnd R
IjkThe element of representing each layer, for example R
iI element of expression ground floor; And R
IjIn the expression second layer, be subordinated to R
iJ element.Calculating can be divided into 3 steps substantially:
1) structure judgment matrix
According to weight calculation hierarchy Model figure (seeing accompanying drawing 3) expression, the relation of levels is determined.Suppose last layer element R
iWith the element R in next level
I1, R
I2..., R
InBe related, then the fuzzy consensus judgment matrix can be expressed as:
A has following character:
r
ii=0.5,i=1,2,...,n;
r
ij=1-r
ji,i,j=1,2,...,n;
r
ij=r
ik-r
jk,i,j,k=1,2,...,n.
Element r in the following formula
IjThe associated element R of expression element the same one deck element Ri
I1, R
I2..., R
InIn, R
IiAnd R
IjHave fuzzy relation " ... the ratio ... much important " degree of membership.In general, obtain quantitative description about the relative significance level of certain criterion, can adopt 1~9 scale to give the quantity scale for making any two schemes.Determine r in the judgment matrix
IjValue, can adopt the expert given, also can adopt other models to determine.Here, we will adopt the Delphi method afford to determine.
2) test matrix consistance
In the actual analysis decision analysis, because being familiar with, the complex nature of the problem studied and people go up issuable one-sidedness, make the judgment matrix that constructs often not have consistance.The consistency detection condition is that the difference of the corresponding elements of appointment two row arbitrarily is a constant, that is to say the r that satisfies condition
Ik-r
Jk=r
Ij-0.5.At this moment can adjust with the following method:
The first step is determined the safe element of judgement that the importance with all the other elements is compared and drawn, and, supposes that the decision maker thinks to judging r here
11, r
12..., r
1nMore sure.
Second step deducted the second row corresponding element with first row element of R, was constant as if n difference of gained, did not then need to adjust second row element.Otherwise, adjust second row element.Till the difference of corresponding element that first row element subtracts second row is constant.
The 3rd step deducted the third line corresponding element with first row element of R, was constant as if n difference of gained, did not then need to adjust the third line element.Otherwise, adjust second row element.Till the difference that subtracts the corresponding element of the third line up to first row element is constant.
Above-mentioned steps so continues, till the difference that first row element deducts the capable corresponding element of n is constant.
3) calculate weight
At last, suppose R
I1, R
I2..., R
InWeighted value be w
I1, w
I2..., w
In, the group of solving an equation
Can try to achieve weight to w
i=[w
I1, w
I2..., w
In]
TWeight wherein is to w
IjFor
Wherein, 0<a<0.5, a is a kind of tolerance of people to the difference degree of institute's perceptive object, but relevant with difference degree with the evaluation object number.When getting parameter a<(n-1)/2, can not guarantee the nonnegativity of weight, when a 〉=(n-1)/2, along with increase, the weight limit value is reducing in the element, the difference of weight is also reducing.So generally speaking, we get a=(n-1)/2, then the computing formula of weight is
The weight of the evaluation index of method need be carried out the judge of concrete grammar to each index satisfaction degree after determining.Because estimating the score value of collection is the numeral of a relative stiffness, and the people is when estimating, not necessarily can fix on evaluation on some values, so we adopt the mode of fuzzy mathematics that evaluation index is marked, and introduce analytical hierarchy process on this basis, finally obtain a definite evaluation of estimate.Suppose that the evaluation of estimate that we obtain method i is V
i, by with evaluation of estimate be V
jMethod j relatively, can intuitively obtain good and bad relatively result.If differing of evaluation of estimate is bigger, illustrate that promptly the lower method of evaluation of estimate is inadvisable.
Evaluation of estimate in the hope of single method is an example below, and the detailed step of asking the evaluation of estimate of single method with fuzzy comprehensive evaluation method is described:
1) makes up the index evaluation system
Analysis and judgement principle according to methods of risk assessment is set up hierarchical structure, sets up factor of evaluation set U=[u
1, u
2, u
m], u wherein
i(i=1,2 ..., m) represent each influence factor respectively.Simultaneously, obtain each evaluation index corresponding weights coefficient by analytical hierarchy process.In addition, method evaluation collection V is defined as 5 grades: V={v
1, v
2, v
3, v
4, v
5}:
2) determine to estimate the degree of membership matrix
Determining the degree of membership d of risk assessment factor to the risk assessment collection
IjThe time, for more objective and reasonable, please some experts be the evaluation group, according to the Delphi method satisfaction of Medium Counter is estimated, thereby made people's subjective estimation have more objectivity.If estimate collection V={v
1, v
2, v
3, v
4, v
5For factor of evaluation u
iV is arranged
IjIndividual comment j=1,2 ..., 5, u then
iDegree of membership vector d for comment collection V
i=[d
I1, d
I2..., d
I5], wherein
Obtain the degree of membership vector d of each satisfaction evaluation index of bottom thus to middle layer risk assessment index
Ij, and degree of membership matrix D=(d
Ij)
M * 5
3) elementary fuzzy comprehensive evoluation
Gained respectively is subordinate to matrix D
iWith relevant evaluating index weight sets A
iDo fuzzy compose operation, obtain the evaluation result vector B of Medium Counter
i=A
iOD
iWherein " o " is fuzzy composite operator.For the influence of taking all factors into consideration each factor of evaluation and the full detail that keeps single factor evaluation, the method evaluation is adopted
Operator.Promptly
When weight sets and degree of membership all have normalizing,
Be common matrix multiplication operation, at this moment the evaluation result in middle layer vector B=[b
1, b
2..., b
k] also be normalized, promptly
4) secondary fuzzy comprehensive evoluation
On the basis of one-level fuzzy overall evaluation, constitute the evaluation matrix D of secondary fuzzy comprehensive evoluation with the evaluation result vector of elementary fuzzy comprehensive evoluation, as factor of evaluation U to the degree of membership matrix of estimating among the collection V, do fuzzy compose operation with the weight vectors A of Medium Counter, fuzzy composite operator is still selected for use
Can obtain the evaluation result vector of destination layer.
5) evaluation result
For the weighted mean principle, if the evaluation result that obtains vector is B=[b
1, b
2..., b
k], estimate collection and be V={v
1, v
2, v
3, v
4, v
5, then obtain net result
After so every kind of methods of risk assessment being estimated, the mark height just can be made the selection of appraisal procedure.
1.1.2 the method assessment result is composed the power combination
The combination of method assessment result is that the assessment result that every kind of methods of risk assessment draws is separately composed the power combination, and the infosystem risk is made comprehensive evaluation, composes the power algorithm and adopts Fuzzy AHP to determine weight.
The result combinations assessment will be passed through three phases:
1) sets up hierarchy Model
The screening of method and the result combinations of method are in the different phase of evaluation process.Before screening was in and assesses, reasonably screening was the effective prerequisite of assessment, concern be that model that whether method is suitable for evaluated system, method rationalizes cycle of degree, assessment and cost or the like; Result combinations is in the later stage of evaluation process, be make in all sorts of ways assess after, what result's combination should be considered is the effect of method, considers whether the process bear results reasonable, such as the coverage rate of index, artificial factor or the like.Therefore, it is different screening with the evaluation index that makes up the reference of these two operation institutes.
In order to reach preferable combined evaluation result, we will set up as level, the evaluation index of advising, and calculate the weight of each method by the principle of Fuzzy AHP makes up by the method weight in order to last result.
The process of method is mainly formed according to index with based on the algorithm of index, and the weight of the whole bag of tricks is carried out analytical calculation according to index and algorithm two parts index.In index and these two big classes of algorithm, we segment index and algorithm again.Index comprises index again related rationally, the coverage rate of index, the degree of refinement and artificial factor four parts of index, preceding two parts merge the reflection degree of index to system that be; Algorithm comprises the estimation degree in the algorithm, the science of comprehensive means and means and the method that qualitative analysis quantizes.
2) calculate weight with fuzzy stratification
After setting up the level index model, need the relative weighting of each layer element in the computation layer aggregated(particle) structure, this relative weighting refers to the weight of lower floor's index with respect to the upper strata index.At first need to construct the comparator matrix of the appraisal procedure of each three grades of index correspondence, six three grades of indexs are arranged here, therefore need construct six method comparator matrixs, respectively these matrixes are carried out consistency desired result, as the matrix that constructs does not meet consistency desired result, verification once more after it is adjusted, up to by after just can carry out next step.Next be the comparator matrix in twos of three grades of indexs of structure, building method is that the significance level of each three grades of index with respect to two-level index compared in twos, and the comparator matrix that constructs simultaneously also needs to pass through consistency desired result.Be structure two-level index comparator matrix in twos then, building method is basic identical with the comparator matrix in twos of three grades of indexs of structure.After comparator matrix structure is finished, calculate the comparator matrix eigenwert, obtain the eigenvalue of maximum of matrix, simultaneously with the normalized vector of eigenvalue of maximum correspondence weight vectors as each key element.Calculate each method successively with respect to the weight of three grades of indexs, each the three grades of index weight with respect to two-level index, each two-level index is with respect to the weight of first class index, and here, we suppose the relative last layer element of method k R
IjWeighted value be w
Ijk, R
IjWith respect to R
iWeight be w
Ij, last, R
iWeight with respect to target O is w
iThen the weight of method k is that the method is at indicator layer element R
IiThe aspect with respect to the weight of target 0 is
W
r k=w
i*w
ij*w
ijk
3) result combinations
After the weight of method of having determined to filter out with respect to the ground floor index, multiply by the system risk grade point that each method is calculated with each side's method weight, then the result calculated linear, additive is promptly obtained comprehensive evaluation value to system risk.
In risk assessment practical activity, there are 5 kinds of methods of risk assessments to select for the assessment participants.The science and the rationality of risk assessment expert major concern methods of risk assessment assessment effect.Owing to judge that the index of risk assessment effect is a lot, at first adopt fuzzy synthetic appraisement method that the science and the rationality of risk assessment effect are carried out preliminary assessment here.Utilizing this assessment result to use the DEA method then screens methods of risk assessment.
1.2 the index system of estimated risk appraisal procedure assessment effect
In certain risk assessment activity, there is N kind risk risk method available, in this risk assessment activity, we mainly pay close attention to science, the rationality of methods of risk assessment, through successively decomposing and furtheing investigate, set up methods of risk assessment assessment effect assessment index set such as table 1, for Weight Determination, adopt Delphi method during research, through investigation repeatedly, index weight such as table 1.
The index system of table 1 estimated risk appraisal procedure assessment effect
1.3 determine the level evaluation collection
Under the precondition that does not influence evaluation result, adopt the comment collection:
V=(V
1, V
2, V
3, V
4, V
5)=(is bad, and be poor, in, good, excellent)
Adopt the expert to mark for every performance branch index of risk assessment effect by centesimal system, more every score U is converted to the degree of membership on the fuzzy mathematics in conjunction with the methods of risk assessment standard.Score is according to its ownership of the interval judgement of grade of estimating collection V.
Every index score U is converted to the degree of membership that assessment is collected V, and it is carried out normalized:
1.4 carry out fuzzy overall evaluation step by step
Utilize above-mentioned equation,, try to achieve the science and the rational desired value of every kind of methods of risk assessment at last, just can select suitable methods of risk assessment to carry out actual risk assessment activity then from high to low through carrying out fuzzy overall evaluation step by step.
Claims (7)
1. information system security risk assessment models based on the combined evaluation method, it is characterized in that, its step is, in the information system security risk evaluation process, present methods of risk assessment is collected in the method base, at first adopt DEA method (DEA) based on fuzzy comprehensive evoluation from method base, to filter out during assessment and be directed to the highest several method of institute's evaluating system performance value, make up according to the assessment result of Fuzzy AHP (FAHP) again each method of filtering out.
2. a kind of information system security risk assessment models as claimed in claim 1 based on the combined evaluation method, it is characterized in that, defined level index system and algorithm flow that the combined evaluation method adopts, its core process mainly comprises based on DEA method (DEA) the method screening of fuzzy comprehensive evoluation with based on the methods and results combination of Fuzzy AHP (FAHP).
3. a kind of information system security risk assessment models as claimed in claim 1 based on the combined evaluation method, it is characterized in that, based on DEA method (DEA) the method screening of fuzzy comprehensive evoluation, the algorithm flow of method screening is successively: adopt fuzzy comprehensive evaluation method to calculate the weight vectors of each method; Adopt fuzzy comprehensive evaluation method to calculate the evaluation of estimate of each method, promptly method is to the judge of each index satisfaction degree; Substitution DEA model carries out comprehensive evaluation.
4. as claim 1 or 3 described a kind of information system security risk assessment models based on the combined evaluation method, it is characterized in that, the weight vectors of computing method may further comprise the steps: the structure judgment matrix, and judgment matrix is relatively to get in twos by the relative importance to each layer index in the level index system; There is deviation in the test matrix consistance during owing to the structure judgment matrix, therefore need carry out consistency desired result to the judgment matrix of structure, if verification is not passed through, then must re-construct judgment matrix; By judgment matrix computing method weight vectors.
5. as claim 1 or 3 described a kind of information system security risk assessment models, it is characterized in that the evaluation of estimate of calculating each method may further comprise the steps: make up the index evaluation system based on the combined evaluation method, analysis and judgement principle according to methods of risk assessment is set up hierarchical structure, sets up factor of evaluation set U=[u1, u2, um], ui (i=1,2 wherein,, m) representing each influence factor respectively, V is defined as 5 grades with method evaluation collection: V={v1, v2, v3, v4, v5}; Determine to estimate the degree of membership matrix, establish and estimate collection V={v1, v2, v3, v4, v5} has vij comment j=1 for factor of evaluation ui, and 2 ..., 5, then ui is for the degree of membership of comment collection V vector di=[di1, di2 ..., di5], wherein
Obtain the degree of membership vector dij of each satisfaction evaluation index of bottom thus to middle layer risk assessment index, and degree of membership matrix D=(d
Ij) m * 5; Elementary fuzzy comprehensive evoluation; The secondary fuzzy comprehensive evoluation; Evaluation result, according to the weighted mean principle, if the evaluation result that obtains vector is B=[b1, b2 ..., bk], estimate collection and be V={v1, v2, v3, v4, v5} then obtains net result
6. as claim 1 or 3 described a kind of information system security risk assessment models based on the combined evaluation method, it is characterized in that, the DEA model is regarded each appraisal procedure as a general certain " input " and is converted into the necessarily decision package of " output ", its needed manpower, material resources drop into the input as decision package, the science that it is made infosystem, rational risk assessment is as the output of decision package, with the first class index of appraisal procedure output-index as DEA, the fuzzy overall evaluation secondary is assessed resulting result as desired value, like this, just can use the relative effectiveness that the DEA method is estimated different appraisal procedures, and then select one or more higher appraisal procedures of assessment validity.
7. a kind of information system security risk assessment models as claimed in claim 1 based on the combined evaluation method, it is characterized in that, methods and results combination based on Fuzzy AHP (FAHP), the methods of risk assessment of selecting by method screening module carries out the risk class evaluation to infosystem, then the result who estimates is carried out science and reasonably combination, the assessment result combination needs the experience three phases: set up the level index system, the method that filters out is as the final stage index; Calculate the relative weighting of each method with Fuzzy AHP with respect to top index, the at first calculative relative weighting that is lower floor's index with respect to the upper strata index, we suppose that the weighted value of the relative last layer element of method k Rij is wijk, Rij is wij with respect to the weight of Ri, at last, Ri is wi with respect to the weight of target O, and then the weight of method k is that the method is in the weight with respect to target O aspect the indicator layer element Rij:
R represents r index in the orlop index, and method k with respect to objective weight is exactly
The weight vectors combined result that calculates by previous step at last.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910311620A CN101727627A (en) | 2009-12-16 | 2009-12-16 | Information system security risk assessment model based on combined evaluation method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910311620A CN101727627A (en) | 2009-12-16 | 2009-12-16 | Information system security risk assessment model based on combined evaluation method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101727627A true CN101727627A (en) | 2010-06-09 |
Family
ID=42448491
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200910311620A Pending CN101727627A (en) | 2009-12-16 | 2009-12-16 | Information system security risk assessment model based on combined evaluation method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101727627A (en) |
Cited By (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102622668A (en) * | 2012-02-13 | 2012-08-01 | 中国科学院科技政策与管理科学研究所 | Risk early warning method based on technological processes |
CN102663503A (en) * | 2012-04-05 | 2012-09-12 | 北京联海信息系统有限公司 | Information security assessment method |
CN102915510A (en) * | 2012-09-21 | 2013-02-06 | 国家电网公司 | Power project network post-evaluation system based on multilevel fuzzy integrative evaluation model |
CN103377253A (en) * | 2012-04-28 | 2013-10-30 | 成刚 | Data envelopment analysis model based on space scanning method |
CN103400027A (en) * | 2013-07-09 | 2013-11-20 | 贵州大学 | Risk assessment algorithm for information system |
CN104112181A (en) * | 2014-06-12 | 2014-10-22 | 西北工业大学 | Analytical hierarchy process-based information security Bayesian network evaluation method |
WO2015018266A1 (en) * | 2013-08-07 | 2015-02-12 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for determining health state of information system |
CN104794361A (en) * | 2015-05-05 | 2015-07-22 | 中国石油大学(华东) | Comprehensive evaluation method for water flooding oil reservoir development effect |
CN105117820A (en) * | 2015-07-29 | 2015-12-02 | 江苏大学 | Grain storage green degree evaluating method based on DEA-AHP |
CN105205327A (en) * | 2015-09-28 | 2015-12-30 | 大连理工大学 | Method for ethylene production energy efficiency dynamic evaluation based on working conditions |
CN105701708A (en) * | 2014-11-25 | 2016-06-22 | 航天信息股份有限公司 | Risk management method and risk management system |
CN106713233A (en) * | 2015-11-13 | 2017-05-24 | 国网智能电网研究院 | Method for judging and protecting network security state |
CN107944745A (en) * | 2017-12-08 | 2018-04-20 | 重庆誉存大数据科技有限公司 | A kind of risk information appraisal procedure and system |
CN108460544A (en) * | 2018-04-08 | 2018-08-28 | 苏州英瀚时信息科技有限公司 | A kind of general evaluation system of enterprises environmental risk and method |
CN108596727A (en) * | 2018-04-26 | 2018-09-28 | 重庆邮电大学 | A kind of management of shared bicycle and decision-making technique |
CN108764481A (en) * | 2018-05-04 | 2018-11-06 | 国家计算机网络与信息安全管理中心 | A kind of information security ability evaluating method and system based on mobile terminal behavior |
CN109034580A (en) * | 2018-07-16 | 2018-12-18 | 三门核电有限公司 | A kind of information system holistic health degree appraisal procedure based on big data analysis |
CN109034619A (en) * | 2018-07-26 | 2018-12-18 | 长江勘测规划设计研究有限责任公司 | A kind of Dumping Sites safe evaluation method based on fuzzy synthesis step analysis |
CN109242283A (en) * | 2018-08-24 | 2019-01-18 | 同济大学 | Super high-rise building fire dynamic risk appraisal procedure based on Fuzzy AHP |
CN109377083A (en) * | 2018-11-14 | 2019-02-22 | 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) | Methods of risk assessment, device, equipment and storage medium |
CN109934447A (en) * | 2018-10-31 | 2019-06-25 | 国网安徽省电力有限公司宿州供电公司 | A kind of Fuzzy Synthetic Evaluation of secondary equipment of intelligent converting station efficiency |
CN110020403A (en) * | 2017-11-23 | 2019-07-16 | 中国电力科学研究院有限公司 | A kind of power distribution automation equipment test synthesis evaluation method and system |
CN110414047A (en) * | 2019-06-24 | 2019-11-05 | 南方电网调峰调频发电有限公司信息通信分公司 | A method of it is evaluated for telecommunication transmission equipment health status |
CN111144950A (en) * | 2019-12-30 | 2020-05-12 | 北京顺丰同城科技有限公司 | Model screening method and device, electronic equipment and storage medium |
CN112258087A (en) * | 2020-11-13 | 2021-01-22 | 上汽大通汽车有限公司 | System and method for evaluating engineer ability |
CN112702366A (en) * | 2021-03-25 | 2021-04-23 | 浙江乾冠信息安全研究院有限公司 | Network system security evaluation method, device, electronic equipment and medium |
CN113850663A (en) * | 2021-08-24 | 2021-12-28 | 江苏中交车旺科技有限公司 | Data processing method, system, equipment and medium for new user recommendation |
CN116782332A (en) * | 2023-08-10 | 2023-09-19 | 张家港保税科技集团电子商务有限公司 | User data communication method in wireless communication system |
-
2009
- 2009-12-16 CN CN200910311620A patent/CN101727627A/en active Pending
Cited By (38)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102622668B (en) * | 2012-02-13 | 2016-03-16 | 中国科学院科技政策与管理科学研究所 | Aviation operation control system method for prewarning risk |
CN102622668A (en) * | 2012-02-13 | 2012-08-01 | 中国科学院科技政策与管理科学研究所 | Risk early warning method based on technological processes |
CN102663503A (en) * | 2012-04-05 | 2012-09-12 | 北京联海信息系统有限公司 | Information security assessment method |
CN103377253A (en) * | 2012-04-28 | 2013-10-30 | 成刚 | Data envelopment analysis model based on space scanning method |
CN102915510A (en) * | 2012-09-21 | 2013-02-06 | 国家电网公司 | Power project network post-evaluation system based on multilevel fuzzy integrative evaluation model |
CN102915510B (en) * | 2012-09-21 | 2016-09-21 | 国家电网公司 | Power Project network post evaluation system based on multi-hierarchical fuzzy comprehensive evaluation |
CN103400027A (en) * | 2013-07-09 | 2013-11-20 | 贵州大学 | Risk assessment algorithm for information system |
US10182067B2 (en) | 2013-08-07 | 2019-01-15 | Tencent Technology (Shenzhen) Company Limited | Method, device and storage medium for determining health state of information system |
WO2015018266A1 (en) * | 2013-08-07 | 2015-02-12 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for determining health state of information system |
US10303577B2 (en) | 2013-08-07 | 2019-05-28 | Tencent Technology (Shenzhen) Company Limited | Method, device and storage medium for determining health state of information system |
CN104112181A (en) * | 2014-06-12 | 2014-10-22 | 西北工业大学 | Analytical hierarchy process-based information security Bayesian network evaluation method |
CN105701708A (en) * | 2014-11-25 | 2016-06-22 | 航天信息股份有限公司 | Risk management method and risk management system |
CN104794361B (en) * | 2015-05-05 | 2018-01-16 | 中国石油大学(华东) | A kind of water-drive pool development effectiveness integrated evaluating method |
CN104794361A (en) * | 2015-05-05 | 2015-07-22 | 中国石油大学(华东) | Comprehensive evaluation method for water flooding oil reservoir development effect |
CN105117820A (en) * | 2015-07-29 | 2015-12-02 | 江苏大学 | Grain storage green degree evaluating method based on DEA-AHP |
CN105117820B (en) * | 2015-07-29 | 2018-11-06 | 江苏大学 | A kind of foodstuff preservation Green Degree Evaluation based on DEA-AHP |
CN105205327A (en) * | 2015-09-28 | 2015-12-30 | 大连理工大学 | Method for ethylene production energy efficiency dynamic evaluation based on working conditions |
CN105205327B (en) * | 2015-09-28 | 2018-01-26 | 大连理工大学 | A kind of ethylene production efficiency dynamic assessment method based on operating mode |
CN106713233A (en) * | 2015-11-13 | 2017-05-24 | 国网智能电网研究院 | Method for judging and protecting network security state |
CN106713233B (en) * | 2015-11-13 | 2020-04-14 | 国网智能电网研究院 | Network security state judging and protecting method |
CN110020403A (en) * | 2017-11-23 | 2019-07-16 | 中国电力科学研究院有限公司 | A kind of power distribution automation equipment test synthesis evaluation method and system |
CN107944745A (en) * | 2017-12-08 | 2018-04-20 | 重庆誉存大数据科技有限公司 | A kind of risk information appraisal procedure and system |
CN108460544A (en) * | 2018-04-08 | 2018-08-28 | 苏州英瀚时信息科技有限公司 | A kind of general evaluation system of enterprises environmental risk and method |
CN108596727A (en) * | 2018-04-26 | 2018-09-28 | 重庆邮电大学 | A kind of management of shared bicycle and decision-making technique |
CN108764481A (en) * | 2018-05-04 | 2018-11-06 | 国家计算机网络与信息安全管理中心 | A kind of information security ability evaluating method and system based on mobile terminal behavior |
CN109034580B (en) * | 2018-07-16 | 2020-09-11 | 三门核电有限公司 | Information system overall health degree evaluation method based on big data analysis |
CN109034580A (en) * | 2018-07-16 | 2018-12-18 | 三门核电有限公司 | A kind of information system holistic health degree appraisal procedure based on big data analysis |
CN109034619A (en) * | 2018-07-26 | 2018-12-18 | 长江勘测规划设计研究有限责任公司 | A kind of Dumping Sites safe evaluation method based on fuzzy synthesis step analysis |
CN109242283A (en) * | 2018-08-24 | 2019-01-18 | 同济大学 | Super high-rise building fire dynamic risk appraisal procedure based on Fuzzy AHP |
CN109934447A (en) * | 2018-10-31 | 2019-06-25 | 国网安徽省电力有限公司宿州供电公司 | A kind of Fuzzy Synthetic Evaluation of secondary equipment of intelligent converting station efficiency |
CN109377083A (en) * | 2018-11-14 | 2019-02-22 | 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) | Methods of risk assessment, device, equipment and storage medium |
CN110414047A (en) * | 2019-06-24 | 2019-11-05 | 南方电网调峰调频发电有限公司信息通信分公司 | A method of it is evaluated for telecommunication transmission equipment health status |
CN111144950A (en) * | 2019-12-30 | 2020-05-12 | 北京顺丰同城科技有限公司 | Model screening method and device, electronic equipment and storage medium |
CN112258087A (en) * | 2020-11-13 | 2021-01-22 | 上汽大通汽车有限公司 | System and method for evaluating engineer ability |
CN112702366A (en) * | 2021-03-25 | 2021-04-23 | 浙江乾冠信息安全研究院有限公司 | Network system security evaluation method, device, electronic equipment and medium |
CN113850663A (en) * | 2021-08-24 | 2021-12-28 | 江苏中交车旺科技有限公司 | Data processing method, system, equipment and medium for new user recommendation |
CN116782332A (en) * | 2023-08-10 | 2023-09-19 | 张家港保税科技集团电子商务有限公司 | User data communication method in wireless communication system |
CN116782332B (en) * | 2023-08-10 | 2023-11-14 | 张家港保税科技集团电子商务有限公司 | User data communication method in wireless communication system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101727627A (en) | Information system security risk assessment model based on combined evaluation method | |
CN108520357B (en) | Method and device for judging line loss abnormality reason and server | |
KR101705247B1 (en) | System for performance measurement of social infrastructure, and method for the same | |
CN111191906A (en) | Systematic implementation benefit evaluation method for technical standards of large and medium-sized enterprises | |
Wong et al. | Restricting weight flexibility in data envelopment analysis | |
CN102902882A (en) | Method for evaluating operation quality of information systems | |
CN106845777A (en) | Case workload evaluation method, judge's performance evaluation techniques, modeling method, computing device and computer-readable recording medium | |
CN106326473A (en) | Data mining method based on entropy weight algorithm and analytic hierarchy process and system thereof | |
CN104123680A (en) | Post-evaluation method for comprehensively evaluating power grid science and technology projects | |
CN110276556A (en) | One kind being based on shifty environmental carrying capacity index weights calculation method and device | |
CN101826183A (en) | Intelligent car evaluation method and system | |
Elwakil | Integrating analytical hierarchy process and regression for assessing construction organizations’ performance | |
CN105590283A (en) | Examination data analysis method on the basis of fuzzy synthetic evaluation model | |
CN103413020A (en) | Workshop-level manufacturing capability oriented dynamic comprehensive assessment method | |
CN105867341A (en) | Online equipment health state self-detection method and system for tobacco processing equipment | |
CN108805471A (en) | Evaluation method for water resources carrying capacity based on the analysis of hybrid system interactively | |
CN108959791A (en) | A kind of Phased Array Radar Resource Scheduling efficiency level passs rank appraisal procedure | |
Chou et al. | Evolutionary optimization of model specification searches between project management knowledge and construction engineering performance | |
Sainfort et al. | A first step in total quality management of nursing facility care: development of an empirical causal model of structure, process and outcome dimensions | |
CN104599062A (en) | Classification based value evaluation method and system for agricultural scientific and technological achievements | |
Goh | Towards an integrated approach for assessing triple bottom line in the built environment | |
DE112014006799T5 (en) | Method for measuring a user behavior consistency level based on a complex correspondence system | |
Lee et al. | Development of assessment model for demand-side management investment programs in Korea | |
Rus et al. | Systematically combining process simulation and empirical data in support of decision analysis in software development | |
CN103778498A (en) | Method for improving college innovation and entrepreneurial ability PDCA based on benchmarking management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20100609 |