【作者】 李波；

【导师】 潘雪增；

【作者基本信息】 浙江大学 ， 计算机应用技术， 2009， 硕士

【摘要】 随着信息技术的高速发展,信息系统和网络的应用逐渐渗透到社会生活的各个角落。但是由于信息系统和网络自身的特点及局限性决定了信息系统的应用和发展经常会受到病毒、木马、故障和人为破坏等方面的威胁。如何保护信息系统的安全已经成为人们关注和研究的热点。通过采用科学有效的方法对信息系统进行全面评估,掌握信息系统的安全状况,分析各种潜在威胁,采取应对措施,才能提高整体的安全水平,建立可靠的信息安全管理体系,这些就是信息安全风险评估需要完成的工作。本文在研究了当前已有的一些安全评估技术的基础上,提出了一个基于灰色系统理论的安全评估方法,具体工作如下:1)系统地分析当前已有的一些评估方法,深入了解每种评估方法的特点,为设计提供了可靠的理论指导;2)通过分析安全事件及其构成要素,建立了一个信息安全风险评估的指标体系。3)应用层次分析法(AHP)分析确定风险评估指标的权重,应用灰色评估方法建立了信息系统的灰色评估模型。4)针对实例数据应用灰色评估方法进行分析计算。本文的重点在于将灰色评估方法应用在风险评估模型建立上,建立三角白化权函数,结合实例计算灰色评估系数和权向量,最终得出综合评估值。结果表明,该模型能够比较充分地利用评估指标所包含的信息,具有良好的操作性,对实际工作有一定的参考价值。更多还原

【Abstract】 With the rapid development of information technology, the application of information technology pervades at every corner in the society. However, the applications of information system are frequently threatened by virus, Trojan house, malfunction, sabotage and so forth due to the characteristics and limitations of information and network system. The researches of ensuring information security have being considered as a central issue. In order to promote security controlling level and establish reliable information security management system, some measures, i.e. making the complete assessment of information system with scientific and effective methods, mastering safety conditions of systems, analyzing potential threaten and adopting the necessary measures, are needed. Those are the tasks of information security risk assessment.In this paper, after the study of existing security assessment technology, a security assessment method was presented. The thesis includes the following main pursuit:1) The existing assessment methods were analyzed systematically, which provided reliable theoretical instruction;2) An information security risk assessment index system was established through analyzing security events and their constitute elements;3) The weights of index were determined by AHP method, and the information security risk assessment model based on grey system theory was established;4) Gray evaluation method was applied on the analysis and calculation of a concrete data.This paper concentrates on the topic of applying grey assessment on establishing information security risk assessment. The final comprehensive assessment value was derived by establishing triangle albino function and calculating grey evaluation coefficients with examples. The results indicated that the established model can sufficiently utilize the information contained in evaluation index, and has good operability also. The model is helpful for practical work.更多还原