| Information security is a new subject that is developing rapidly. Along with the development of the information technology, it becomes more and more important and brings to the widespread attention. Information security management metrics is a crucial foundation of information security.In the actual work of information security management metrics, experts'comments and judgments make up of the foundation that brings the metrics result. How to combine the opinions from different experts becomes a significant problem. The difficulty comes from three aspects: the uncertainty of information, the qualitative feature of experts'minds and expression, and the uncertainty of experts'judges. Other, the choice of the weight and the method of attributes'synthesis are also two important problems that influence the result directly.Aiming at these instances, the thesis presents a method of information security management metrics based on evidence theory. Qualitative attributes are appraised by evidences'combination of experts'opinions in the defined comments frame. Quantitative attributes are calculated by subsection normalization, making full use of the direct information in the information security management metrics. And then, by classification and comprehensive weight plus grade, the comprehensive evaluation result is given by qualitative and quantitative ways, with weight determined by analytic hierarchy process combined with synthesis of experts'opinions.The realization arithmetic is designed for this method, and simulation results are compared with those by the majority criteria method, which is commonly used to solve the synthesis of different experts'opinions. The comparison proves the new method's superiority on accuracy and robustness, especially in the uncertain circs. The main contribution of this thesis is that sets up a method of the information security management metrics with the evidence theory. Because of the information security management metrics is a new subject, people haven't done this thing before. So discussing on this aspect could do some basal work for the information security domain in our country. |
PDF Full Text Request