To deal with the complexity and uncertainty among assets, threat and vulnerability of the information system, an risk assessment method based on the assests with improved gray correlation degree is proposed. With assets as core, threat-the vulnerability is identified and quantified based on the aeeet-related. Finally, the risk of information system is analyzed using the improved method,which included of compatibility matrix to calculate weight. The practical application on a certain web system of Tax Guizhou Province proves that can directly and effiectibely assess the system, and the assessment results are to actual with higher degree. It can provide reliable basis for decision-making and implementation of security measures to protect information systems.%为解决信息系统风险评估中资产、威胁、脆弱之间的复杂和不确定性关系,提出一种基于资产的改进灰色关联度的风险评估方法.该方法以资产为核心,以关联资产为基础识别、量化威胁-脆弱性对,再运用结合相容矩阵法计算权重的改进算法对信息系统进行风险分析.对某税务局网站系统的实际应用结果表明,该方法能直观、有效地评估系统,评估结果与实际符合程度较高,为决策和实施保障信息系统的安全措施提供可靠的依据.
展开▼
