摘要： 随着人们对信息系统安全的关注，各种评估方法开始逐渐应用于安全评估领域，其中也包括了“加权平均评估法”这一常见的综合评估算法。文章对该算法在信息安全评估领域的应用情况进行了深入研究，发现它难以体现信息安全领域普遍适用的“木桶原理”。因此，文章随后对该算法作了适当的改进，使之融入了木桶原理，从而使其更适用于对信息系统安全的评估。

关键词: 层次分析法(AHP), 安全评估, 加权平均, 木桶原理

Abstract: Along with the increasing attention to the security of information systems, various methods of assessment and evaluation, including the “weighted average assessment”, which is a common method of synthetic assessment, start to play role in the field of information security. This paper studies the application of the “weighted average assessment” within the field of information security assessment and finds out that it is not compatible with the “cask theory” which is universally obeyed in the field of information security. Therefore, this paper improves the “weighted average assessment” with cask theory, so as to make it agree more with the matter of fact and to fit better for the application.

Key words: Analytic hierarchy process(AHP), Security assessment, Weighted average, Cask theory