基于电力系统的信息安全风险评估机制研究  被引量：27

作　　者：梁智强 林丹生 

机构地区：[1]广东电网有限责任公司电力科学研究院,广东广州510080

出　　处：《信息网络安全》2017年第4期86-90,共5页Netinfo Security

摘　　要：针对传统电力系统中信息安全风险评估机制精确度较差、完善性欠缺与效率值较低等不足,文章依据电力系统的特定应用情况,将层次分析法(AHP)引入到风险评估机制中,并在风险计算过程中采取模糊数学知识,设计出一种新型的信息安全风险评估模型,即AF-RA模型,并对此模型进行详细阐述与分析。该模型首先构造脆弱性评估层次结构,评估威胁强制利用系统脆弱点的发生概率,并通过专家学者对其评估对象进行赋分;其次通过资产、威胁及脆弱性三类风险计算基本点的安全价值,综合风险参数与计算结果,从而计算得到被评估目标的整体风险;最后通过风险计算对总体数据信息以及核心资产安全风险重要程度排序,依据电力系统的安全应用特征,做出与安全风险级别相对应的安全处理方式,达到减少相关系统脆弱点的目的。This paper is dedicated to design a brand new information security risk assessment model, aka AF-RA model, based on AHP analysis algorithm utilized in risk assessment system and methods from fiissy mathematics under the specific application condition of electricity power system, to address the problems of relatively low accuracy, low efficiency and inadequate optimization of information risk assessment mechanism in classical electricity power system. This model wi l l be explained and analyzed in depth in this paper. In this models the probability of the system vulnerabilities being exploited is estimated through a hierarchical structure of vulnerabilities assessment subsystem, and then a threatening level mark is given from the expertise. The security value of primal points is calculated according to risk level of the asset, threatening and vulnerability and the overall risk of Hie subject under assessment can be concluded based on this calculation result and synthesized risk parameters. At the output side of this model, security measures to eliminate the vulnerability of correlated systems can be arranged according to tiie security risk level concluded and the measures is prioritized by the significance of the total data information and core asset security, in accordance of the specific characteristics of electricity power system security.

关 键 词：风险评估 电力系统 层次分析法 模糊数学 AF-RA 

分 类 号：TM73[电气工程—电力系统及自动化] TP309[自动化与计算机技术—计算机系统结构]