In the information security engineering,risk assessment plays an important part. It is the basis of the information system security systems.An approach for the information systems security assessment based on an improved multiple attribute group decision-marking theory is proposed to solve the problem of obtaining the risk grade. Then it uses OWGA(Order Weighting Geometry Average) and CWGA(Combination Weighting Geometry Average) method, which can make the results of the assessment more accurate and more objective,to calculate the risk value of the target system risk and to reduce the influence of the subjective factors in some degree. Finally,an illustrative instance is given to demonstrate its rationality and feasibility. Thus it may provide a new way for assessing information systems security. This approach is valuable for guiding the security engineering practice and developing the tool of security risk assessment.%信息安全风险评估是信息系统安全工程的重要组成部分,是建立信息系统安全体系的基础和前提.针对信息系统安全评估中风险值计算难以量化、主观因素影响大的问题,提出了一种基于多属性群决策理论OWGA(有序加权几何平均)算子和CWGA(组合加权几何平均)算子的评估方法.采用该方法,解决了风险评估中评估要素属性的权重赋值问题,同时群决策理论的引入提高了风险评估的准确性和客观性.实例分析表明,该方法合理有效,可为信息系统安全风险评估提供新思路.另外,该方法比较适合于指导安全工程实践与评估软件系统的开发.
展开▼