摘要
论文基于信息保障技术框架(IATF)的核心思想,构建了定性指标与定量指标相结合的信息系统安全防护有效性评估指标体系。针对信息系统中部署实施安全防护措施的共性特征,基于模糊理论构建了信息系统安全防护有效性评估模型。最后,运用此模型对建设完成的信息系统进行了量化评估,验证了方法的可行性与实用性,为信息系统中安全措施部署实施方案的改进完善提供量化依据。
In this paper, the effectiveness assessment indexes system of controls taken in information system which combines with qualitative indexes and quantitative indexes was established properly according to the theory of Information Assurance Technical Framework. Aiming at the common key features of controls taken ininformation system, the evaluation model was built based on fuzzy theory. Finally, the model was used on the effectiveness assessment of controls taken in an information system. The feasibility and validity of the model was proved with the practical case. The method provided effec- tive evidence for the improvement of controls taken in information system.
出处
《计算机与数字工程》
2015年第4期661-665,683,共6页
Computer & Digital Engineering
关键词
安全措施有效性评估
指标体系
多级模糊评价
validity of security measures assessment, indexes system, multi-level fuzzy comprehensive evaluation
