@article{ref1,
title="Quantitative risk assessment method for information security of SCADA systems",
journal="China safety science journal (CSSJ)",
year="2019",
author="Xiong, W. and Jin, J. and Tang, J.",
volume="29",
number="8",
pages="157-163",
abstract="In order to effectively analyze and assess information security risk of SCADA systems and solve the problem of quantifying information security risk which is difficult for traditional methods. Firstly, three elements, threat, vulnerability and assets, were confirmed based on information safety risk evaluation model, and possible threats, vulnerability and assets were obtained through analyzing and deconstructing typical SCADA system structure. Secondly, AHP was used to determine the influence extent of different elements on SCADA systems. Then the judgment matrix and combination weight of the three elements to security risk were studied and threat-vulnerability-asset were combined and compared to obtain relatively quantifiable and comparable risk parameters. Finally, the method was applied to assess information security risk of a typical SCADA system. <br><br>RESULTS show that AHP has good operability in identifying weak points in system information security, and hierarchical construction can clearly show the internal relationship of a complex SCADA system, the finer the hierarchy is, the more accurate analysis would be, but overelaborate construction may lead to heavy dependence on experts' experience. © 2019 China Safety Science Journal<p /><p>Language: zh</p>",
language="zh",
issn="1003-3033",
doi="10.16265/j.cnki.issn1003-3033.2019.08.025",
url="http://dx.doi.org/10.16265/j.cnki.issn1003-3033.2019.08.025"
}