文献类型： 会议论文

第一作者： Meng MENG

作者： Meng MENG ¹ ;

作者机构： 1.Institute of Scientific and Technical Information CATAS

关键词： AHP;PDCA;Information Security;Risk Evaluation;Risk Management

会议名称： International Conference on Information Management, Innovation Management and Industrial Engineering

主办单位：

页码： 379-383

摘要： In order to realize the transformation of information security risk evaluation from qualitative analysis to quantitative analysis to achieve an information security risk management of dynamic cycle. In this paper, Professor Saaty's (T.L.Saaty) AHP (Analytic Hierarchy Process, AHP) method was used for information security risk evaluation to realize the transformation from qualitative analysis to quantitative analysis getting the weight of risk factors. After sorting in accordance with weight of risk factors, Dr. Deming's (W.Edwards.Deming) PDCA (Plan-Do-Check-Action, PDCA) cycle method was used for risk management of these risk factors, which was applied to the S company for an empirical research. The results show that the method can be effectively applied to information security risk evaluation and management, which also can afford experience and references for information security risk evaluation and management of domestic and foreign small and medium enterprises.

分类号： G20-53