摘要
网络安全风险评估是信息安全管理体系流程的重要组成部分。文中提出了一种用于信息安全风险评估的实用模型。该模型基于多准则决策(MCDM)同时应用了模糊逻辑。根据ISO/IEC 27005标准的定性方法,模型考虑了主要目标和业务流程,并在管理和运营级别进行了风险评估。实际应用结果表明,该模型在供应链管理公司的网络信息技术部分中完全执行效率和可靠性较高,可为大型国有企业网络安全管理提供借鉴。
Network security risk assessment is an important part of information security management system process.A practical model for information security risk assessment is proposed.The model is based on multi criteria decision making(MCDM)and applies fuzzy logic at the same time.According to the qualitative method of ISO/IEC 27005 standard,the main objectives and business processes are consider-ed in the model,and risk assessment is carried out at the management and operation level.The practical application results show that the model has high efficiency and reliability in the network information technology part of the supply chain management company,which can provide reference for the network security management of large state-owned enterprises.
作者
刘东伟
LIU Dong-wei(Hebei Zhongyan Industry Co.,Ltd.,Shijiazhuang 050051,China)
出处
《信息技术》
2020年第10期82-86,共5页
Information Technology
基金
河北省科技厅科学技术研究与发展计划(1020580)。
关键词
网络安全
多准则决策
模糊逻辑
风险评估
network security
multi criteria decision making
fuzzy logic
risk assessment
