Fuzzy analytical hierarchy process-based ICS information safety assessment method

Abstract

The invention discloses a fuzzy analytical hierarchy process-based ICS information safety assessment method. The method comprises the following steps of assessment model determination, scoring grade determination, assessment factor weight ratio determination, expert assessment and result analysis. The method has the beneficial effects that determined assessment factor weight ratios are combined with a gray fuzzy theory to construct each assessment factor risk grade matrix so that a risk grade membership of each assessment factor can be judged and the assessment of experts is facilitated; the assessment factors are quantified by the determined assessment factor weight ratios and then compared in pairs; the assessment factors are quantified by numbers 1-9, and according to the different numbers, the comparison results can be same, slightly strong, relatively strong, obviously strong and absolutely strong, so that the comparison is facilitated; and safety protection capability grades of industrial control systems are obtained through a scoring matrix and the assessment factor weight ratios, so that subjective influences, on assessment results, of assessment experts are avoided to a certain extent, and the objectivity and effectiveness of the assessment results are improved.

Description

technical field [0001] The invention relates to an assessment method, in particular to an ICS information security assessment method based on fuzzy analytic hierarchy process, and belongs to the technical field of information security risk assessment in industrial industries. Background technique [0002] The information security risk assessment method based on the Bayesian network is a method that combines expert knowledge with probability to describe each assessment factor, which can assess the overall risk of the system and single-factor risk. The reasoning mode of human beings can describe the process quantitatively. Combined with expert knowledge, it can describe each evaluation factor with a probability method, and can evaluate the overall risk of the system and single-factor risk. The information security evaluation method based on the analytic hierarchy process can better deal with various The weight relationship between various evaluation factors, but the subjectivi...

AI Technical Summary

Problems solved by technology

[0002] The information security risk assessment method based on the Bayesian network is a method that combines expert knowledge with probability to describe each assessment factor, which can assess the overall risk of the system and single-factor risk. The reasoning mode of human beings can describe the process quantitatively. Combined with expert knowledge, it can describe each evaluation factor with a probability method, and can evaluate the overall risk of the system and single-factor risk. The information security evaluation method based on the analytic hierarchy process can better deal with various The weight relationship between various evaluation factors, but the subjectivity of experts in the evaluation results is strong, and the weight relationship between various evaluation factors is not easy to handle

Images