信息安全研究 ›› 2024, Vol. 10 ›› Issue (5): 474-.

• 技术应用 • 上一篇    下一篇

基于TOPSIS和GRA的信息安全风险评估

马冬青崔涛   

  1. (中国电子科技集团公司第十五研究所北京100083)
  • 出版日期:2024-05-20 发布日期:2024-05-15
  • 通讯作者: 马冬青 硕士,研究员级高级工程师.主要研究方向为信息系统安全.
  • 作者简介:马冬青 硕士,研究员级高级工程师.主要研究方向为信息系统安全. 崔涛 硕士,高级工程师. 主要研究方向为信息系统安全.

Information Security Risk Assessment Based on TOPSIS and GRA

Ma Dongqing and Cui Tao   

  1. (The 15th Research Institute of China Electronics Technology Group Corporation, Beijing 100083)
  • Online:2024-05-20 Published:2024-05-15

摘要: 信息安全风险评估是一项非常重要的信息安全保障活动.依据信息安全相关标准,可从资产、威胁和脆弱性3方面识别出重要的风险因素,并确定相应的信息安全风险评估指标.参考等保2.0确定风险评估指标是一种可行的方法.在进行信息安全风险评估时,采用熵权法进行客观的指标赋权,并结合优劣解距离法(technique for order preference by similarity to ideal solution, TOPSIS)和灰色关联分析(grey relational analysis, GRA)进行综合评估.实例分析表明,依据信息熵进行客观赋权相对减少了主观因素的影响;基于TOPSIS和GRA进行信息安全风险评估,综合被评价对象整体因素和内部因素,较有效地将多项信息安全风险评估指标综合成单一评分,便于对多个被评对象进行信息安全风险的择优与排序.


关键词: 信息安全, 风险评估, 优劣解距离法, 灰色关联分析, 等级保护

Abstract: Information security risk assessment is very important in information security assurance. On the basis of information security standards, a risk assessment index can be made by analyzing assetthreatvulnerability factors. A feasible method is to refer to Baseline for Classified Protection of Cybersecurity version 2.0. A risk assessment method is proposed based on TOPSIS and GRA, using entropy weight. By case analysis, the entropy weight method reduces the subjective factor to some degree by setting the weights of the indicators according to the information entropy. The method based on TOPSIS and GRA takes into account both overall and internal factors and integrates multiple risk indicators into a single score, which facilitates the ranking and selection of information security risks.


Key words: information security, risk assessment, technique for order preference by similarity to ideal solution(TOPSIS), grey relational analysis(GRA), level protection

中图分类号: