Abstract: After introducing the BS7799 standard, analyzing its merits and shortage, and modeling the framework, this paper brings forward an evaluation method that applies the BS7799 standard to make information security management risk assessment —— integrating the analytical hierarchy process with fault tree analysis process. Finally, the paper offers a complete computation course.

Key words: BS7799 standard; Risk assessment; Analytical hierarchy process(AHP); Fault tree analysis(FTA)

摘要： 介绍了BS7799 国际标准的内容，对标准的组织结构进行了建模，并分析了BS7799 标准的不足。在此基础上，提出了应用BS7799管理标准对组织进行信息安全管理风险评估的评估方法，即将层次分析法和失效树法相结合的综合评估方法，并给出了完整的计算过程。

关键词: BS7799 标准；风险评估；层次分析法；失效树分析法