摘 要:在对风险评估理论研究的基础上,提出了基于改进层次分析法的 SCADA 系统信息安全风险评估方法。首先建立了 ACADA 系统信息安全风险评估层次结构模型,分为管理和技术两大类。然后针对传统层次分析法中通过两两比较法构造判断矩阵难以符合一致性要求的问题,进行了一定的改进,提出通过排序赋值法构造判断矩阵,通过改进层次分析法和熵权法计算出各评价指标权值。最后将以上方法用于对自来水厂 SCADA 系统信息安全风险评估。
关键词:SCADA 系统;信息安全风险评估;层次分析法
DOI:10.19850/j.cnki.2096-4706.2021.13.034
中图分类号:TP309 文献标识码:A 文章编号:2096-4706(2021)13-0133-03
Research and Application of SCADA System Information Security Risk Assessment
LI Dan
(Hubei University of Technology, Wuhan 430068, China)
Abstract: Based on the research of risk assessment theory, an information security risk assessment method of SCADA system based on improved analytic hierarchy process is proposed. Firstly, the hierarchical structure model of information security risk assessment of ACADA system is established, which is divided into two categories of management and technology. Then, aimming at the problem that the judgment matrix constructed by paired comparison method in the traditional analytic hierarchy process is difficult to meet the consistency requirements, some improvements are made. The construction of judgment matrix by sorting assignment method is proposed, and the weight of each evaluation index is calculated by improved analytic hierarchy process and the entropy weight method. Finally, the above methods are used to evaluate the information security risk of SCADA system in waterworks.
Keywords: SCADA system; information security risk assessment; analytic hierarchy process
参考文献:
[1] 郭昊,何小芸,孙学洁,等 . 国家电网边缘计算应用安 全风险评估研究 [J],计算机工程与科学,2020,42(9):1563- 1571.
[2] 张炳,任家东,王苧 . 网络安全风险评估分析方法研究综 述 [J]. 燕山大学学报,2020, 44(3):290-305.
[3] 王姣,范科峰,莫玮 . 基于模糊集和 DS 证据理论的信息 安全风险评估方法 [J]. 计算机应用研究,2017,34(11):3432- 3436.
[4] 许硕,唐作其,王鑫 . 基于 D-AHP 与灰色理论的信息安 全风险评估 [J]. 计算机工程,2019,45(7):194-202.
[5] 梁智强,林丹生.基于电力系统的信息安全风险评估机制 研究 [J]. 信息网络安全,2017(4):86-90.
作者简介:李丹(1993—),女,汉族,湖北孝感人,在读硕 士研究生,研究方向:信息安全。