A Quantitative Risk Assessment Approach Based on ISO 27001

作     者：Yan Wei JingYi Yan Electric Power Research Institute of Guangdong Power Grid Corporation Guangzhou China 

会议名称：《2011 IEEE International Conference on Information Theory and Information Security(ICITIS 2011)》

会议日期：2011年

学科分类：08[工学] 0839[工学-网络空间安全] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

关 键 词：ISO 27001 Analytical Hierarchy Process (AHP) Variable Precision Rough Set (VPRS) Fuzzy Comprehensive Evaluation 

摘      要：A risk analysis approach formed by the combination of the qualitative and quantitative methods,which can overcome the defects of a single assessment method,is designed on the basis of introducing as well as analyzing ISO 27001 *** the specific applications,Variable Precision Rough Set （VPRS） and Analytical Hierarchy Proceed （AHP） are used to determine the index and expert weight to reduce the influence of subjective factors in some degree,group decision-making theory and fuzzy comprehensive evaluation method making the results of the assessment more accurate and more objective are used to calculate the risk ***,it verifies the correctness of the algorithm by analyzing results of the information systems,and the results conform to the facts.