To address the issue of the deficiency in aspects of association and objectivity in current available researches , considering the association influence among risk assessment elements and the uncertainty produced in the process of evalua -tion ,a hybrid information security risk assessment model based on the combination methods of DEMATE-ANP(referred as decision making trial and evaluation laboratory combine analytic network process ) and D-S evidential theory is proposed .Ac-cording to practical running conditions of the system being assessed ,by the proposed approach ,first the network model is constructed ,and DEMATEL-ANP quantization is used to analyze the relevance in the model .Then ,D-S evidential theory is used to dispose data those are subjective and uncertainty .Finally ,we use the model to compute risk level credibility ,and find necessary improved controls ,which will reduce risk in controllable range .Contrastive analyses with other risk assessment examples demonstrate effective of the proposed method for evaluation .The method not only weighs up the association influ-ence between the various evaluation factors in practical evaluation system ,reduces the subjective evaluation ,but also effec-tively reduces the uncertainty of expert evaluation .%针对现有研究成果在关联性、客观性等方面的不足,考虑到风险评估要素之间的关联影响及评估过程中所产生的不确定性,提出了基于决策试验和评价实验室网络分析法(DEMATEL-ANP),并结合 D-S 证据理论的混合信息安全风险评价模型。根据待评估系统的实际运行情况,构建网络结构模型,运用 DEMATEL-ANP 方法对该模型中的关联关系进行量化分析。对于评价数据的主观性及不确定性,结合 D-S 证据理论进行数据融合处理,得出风险等级可信度,找出需要完善的相关控制措施,最终将风险降低在可接受范围内。通过与相关风险评估模型的实例对比分析表明,该模型不仅权衡到实际评估系统中各评估要素之间的关联影响,降低评价主观性;而且能够有效减少专家评估的不确定性,是一种有效的评估方法。
展开▼
