Citation

Xiong W, Jin J, Tang J. China Saf. Sci. J. 2019; 29(8): 157-163.

Copyright

(Copyright © 2019, China Occupational Safety and Health Association, Publisher Gai Xue bao)

DOI

10.16265/j.cnki.issn1003-3033.2019.08.025

PMID

unavailable

Abstract

In order to effectively analyze and assess information security risk of SCADA systems and solve the problem of quantifying information security risk which is difficult for traditional methods. Firstly, three elements, threat, vulnerability and assets, were confirmed based on information safety risk evaluation model, and possible threats, vulnerability and assets were obtained through analyzing and deconstructing typical SCADA system structure. Secondly, AHP was used to determine the influence extent of different elements on SCADA systems. Then the judgment matrix and combination weight of the three elements to security risk were studied and threat-vulnerability-asset were combined and compared to obtain relatively quantifiable and comparable risk parameters. Finally, the method was applied to assess information security risk of a typical SCADA system.

RESULTS show that AHP has good operability in identifying weak points in system information security, and hierarchical construction can clearly show the internal relationship of a complex SCADA system, the finer the hierarchy is, the more accurate analysis would be, but overelaborate construction may lead to heavy dependence on experts' experience. © 2019 China Safety Science Journal

Language: zh