中文摘要：

把系统评价方法应用到信息安全管理测量的领域,依据ISO/IEC27004《信息安全管理测量》标准,为信息安全管理体系的测量提出一种层次分析法与多级模糊综合评价的集成模型。实例应用表明,该方法能把专家的主观定性判断转化为客观性较好的定量评价结果。在目前ISO/IEC27004尚未提供可操作性强的测量方法的状况下,不失为一种有效的综合评价方法。

英文摘要：

This paper presents a model integrating Analytical Hierarchy Process（AHP） and Fuzzy Comprehensive Evaluation （FCE） through application of system evaluation methods to＂Information Security Management Measures＂（ISMM） following ISO/IEC27004.An two-level index system is built in the model.Practical application cases show that such a method is capable of converting experts’subjective decision into quantitative results.Such a comprehensive evaluation method will prove effective and helpful under the current situation that ISO/IEC27004 has not yet provided a powerful operational measuring method.