Abstract: A model of risk assessment based on Fuzzy-AHP(FAHP) is introduced to the estimation of the information security. The important degree of each risk factor is judged in the aspects of the subjective assessment and tools inspection. By utilizing fuzzy preference programming method, the risk value of each factor is calculated. Next the quantitative risk degree of the target system is calculated, and the veracity of risk assessment is improved. The study case of the assets value shows that the model can be easily used to the risk assessment of the information security, and the results are in accord with the reality.

Key words: risk assessment, Fuzzy-AHP(FAHP), information security

摘要： 提出基于模糊层次分析法的信息安全风险综合评估模型，从主观评测和工具检测两方面对各个风险因素分别评价其重要程度。利用模糊偏好法求出各个风险因素在系统风险评估中的优先级排序，给出目标系统在不同安全侧面上的量化风险，增强评估准确性。实例分析表明，该模型可方便地应用于信息安全风险评估，具有实用性。

关键词: 风险评估, 模糊层次分析法, 信息安全

CLC Number: 

• TP309