This article proposed an information system security risk assessment methodology based on the fuzzyrnanalytic hierarchy process ( FAHP) for the problem of information systems security risk assessment. In this method, fuzzy consistent matrix is introduced to represent the relative importance of the information system at all levels and risk factors, in order to obtain the weight of the security risk factors. On this basis, use fuzzy comprehensive evaluation method to conduct a comprehensive assessment of information systems security risks, and resulting fuzzy comprehensive evaluation results. The case study shows that this method is highly targeted and with a good feasibility and effectiveness, it also has a strong guiding significance for the design of information systems security risk assessment support system.%针对信息系统的安全风险评估问题,提出一种基于模糊层次分析法(FAHP)的信息系统安全风险评估方法.在该方法中,引入模糊一致矩阵来表示信息系统各层次风险因素的相对重要性,以求得各安全风险因素的权重.在此基础上运用模糊综合评判法对信息系统的安全风险进行综合评估,由此得出模糊综合评判结果.实例分析表明,该方法针对性强且具备良好的可行性和有效性,对于设计实现信息系统安全风险评估支持系统有着较强的指导意义.
展开▼