基于电力系统的信息安全风险评估机制研究

n C t i n f o s e c u r it y

理论研究

2017年第4期 ______________________________________________________________________________________■d〇i ：10.3969/j.issn.1671-1122.2017.04.012

基于电力系统的信息安全风险评估

机制研究

----------------------------梁智强，林丹生------------------------------

(广东电网有限责任公司电力科学研究院，广东广州510080)

摘要：针对传统电力系统中信息安全风险评估机制精确度较差、完善性欠缺与效率值较低 等不足，文章依据电力系统的特定应用情况，将层次分析法（A H P)引入到风险评估机制中，并

在风险计算过程中采取模糊数学知识，设计出一种新型的信息安全风险评估模型，即AF-R A模

型，并对此模型进行详细阐述与分析。该模型首先构造脆弱性评估层次结构，评估威胁强制利用

系统脆弱点的发生概率，并通过专家学者对其评估对象进行赋分；其次通过资产、威胁及脆弱性

三类风险计算基本点的安全价值，综合风险参数与计算结果，从而计算得到被评估目标的整体风

险；最后通过风险计算对总体数据信息以及核心资产安全风险重要程度排序，依据电力系统的安

全应用特征，做出与安全风险级别相对应的安全处理方式，达到减少相关系统脆弱点的目的。

关键词：风险评估；电力系统；层次分析法；模糊数学；A F-R A

中图分类号：TP391 文献标识码：A文章编号：1671-1122 (2017) 03-0086-05

中文引用格式：梁智强，林丹生.基于电力系统的信息安全风险评估机制研究[J].信息网络安全，2017

(4) ：86-90.

英文弓 I用格式：LIANG Zhiqiang，LIN Dansheng. Information Security Risk Assessment Mechanism Research Based on Power System[J]. Netinfo Security, 2017 (4): 86-90.

Information Security Risk Assessment Mechanism Research

Based on Power System

LIANG Zhiqiang, LIN Dansheng

{Electric Power Research Institute o f G uangdong Power Grid Corp Ltd, Guangzhou Guangdong510080, China)

A bstract:This paper is dedicated to design a brand new information security risk assessment model,aka

AF-RA model,based on AHP analysis algorithm utilized in risk assessment system and methods from fiissy

mathematics under the specific application condition o f electricity power system,to address the problems o f

relatively low accuracy,low efficiency and inadequate optimization o f information risk assessment mechanism

in classical electricity power system.This model w ill be explained and analyzed in depth in this paper.In this

models the probability o f t he system vulnerabilities being exploited is estimated through a hierarchical structure o f

vulnerabilities assessment subsystem,and then a threatening level mark is given from the expertise.The security

value o f primal points is calculated according to risk level o f the asset,threatening and vulnerability and the

overall risk o f H ie subject under assessment can be concluded based on this calculation result and synthesized risk

parameters.A t the output side o f t his model,security measures to eliminate the vulnerability o f correlated systems

can be arranged according to tiie security risk level concluded and the measures is prioritized by the significance o f

the total data information and core asset security,in accordance o f the specific characteristics o f electricity power

system security.

Key words:risk assessment;power system;AHP;fuzzy math;AF-RA

收稿日期：2017-3-11

作者简介：梁智强（1983—)，男，广东，高级工程师，硕士，主要研究方向为电力信息安全、电力调度自动化技术；林丹生（1986—)，男，广东, 工程师，硕士，主要研究方向为电力信息安全技术。

通信作者：梁智强bbql018@https://www.wendangku.net/doc/464115008.html,