基于AHP的信息供应商安全水平评价算法  被引量：3

作　　者：马嘉阳 黄伟[2,3] 姜海涛 刘健良 李斌 MA Jiayang;HUANG Wei;JIANG Haitao;LIU Jianliang;LI Bin(Energy Research Institute,Nanjing Institute of Technology,Nanjing 211167,China;Jiangsu Electric Power Research Institute Corporation Limited,Nanjing 211103,China;State Grid Jiangsu Electric Power Co.,Ltd.,Research Institute,Nanjing 211103,China)

机构地区：[1]南京工程学院能源研究院,江苏南京211167 [2]江苏省电力试验研究院有限公司,江苏南京211103 [3]国网江苏省电力有限公司电力科学研究院,江苏南京211103

出　　处：《电力信息与通信技术》2021年第5期103-109,共7页Electric Power Information and Communication Technology

摘　　要：电力信息系统上线运行前和运行时,均需要进行信息安全测试,以降低漏洞带来的安全风险。电力信息系统供应商在安全方面的水平参差不齐,客观有效地评价供应商的安全水平,并针对性地进行培训和指导,是提高电力信息系统安全水平的有效途径之一。在评价电力信息系统供应商的安全水平时,如果仅根据高、中、低危漏洞数目等客观指标,会因为某供应商仅上线了几个简单的信息系统而得到较高评价。文章针对现有的电力信息系统供应商入网检测数据,在改造层次分析算法的基础上提出一种基于客观数据的量化评价算法,把原本需要专家主观经验形成的判断矩阵改进为通过评价数据构成的客观数据矩阵。算法在评价电力信息系统供应商时,无需进行主观方面的评价即可完成评价且评价效果符合生产实际需要。Before the power information system being online and operating,information security testing is required to reduce the security risks caused by vulnerabilities.The security level of power information system suppliers is uneven.Evaluate the security level of suppliers and conduct targeted training and guidance objectively and effectively,which is one of the effective ways to improve the security level of power information system.When evaluating the security level of a power information system supplier,if only based on objective indicators such as the number of high,medium and low-risk vulnerabilities,it would be highly evaluated because a certain supplier has only launched a few simple information systems.Based on the network access detection data of the existing power information system suppliers,this paper proposed a quantitative evaluation algorithm based on objective data on the basis of the transformation of the analytic hierarchy algorithm.The judgment matrix that originally required the subjective experience of experts is improved to be composed of evaluation data.When the algorithm evaluates power information system suppliers,the evaluation can be completed without subjective evaluation and the evaluation effect meets the actual needs of production.

关 键 词：电力信息系统 信息安全 层次分析法 安全水平 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]