引用本文
  • 章秀,刘宝旭,龚晓锐,于冬松,赵蓓蓓.建立渗透测试型人才能力评估的综合评价模型[J].信息安全学报,已采用    [点击复制]
  • zhangxiu,liubaoxu,gongxiaorui,yudongsong,zhaobeibei.Establishing a Comprehensive Evaluation Model for the Competency Assessment of Pentesting Cybersecurity Talents[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 14129次   下载 14030  
建立渗透测试型人才能力评估的综合评价模型
章秀, 刘宝旭, 龚晓锐, 于冬松, 赵蓓蓓
0
(中国科学院信息工程研究所)
摘要:
网络安全人才的培养和选拔,离不开一把衡量人才的“尺子”。以通用漏洞评分系统作为参考范例,一个具备可操作性的评价模型,不能只是一个抽象的思考模型,而是应当包含准则、权重、量化取值方法、计算公式、得分和评级等6个要素,已有的研究在这些要素上都有不同程度的缺失。因此,本研究以多轮问卷调查的形式,综合运用了多种定性与定量评估方法,建立起了具备以上6个要素的渗透测试型人才能力评估的综合评价模型。研究首先通过文献阅读归纳和德尔菲法,形成了评价准则结构和准则项定义;然后,采用层次分析法、熵权法和组合赋权法,得到准则权重;并设计了基于隶属度矩阵标注任务的方法以获得准则量化取值;最后使用模糊综合评价法中相应的计算公式,得到人才的得分和评级。
关键词:  渗透测试型人才  综合评价模型  德尔菲法  层次分析法  熵权法  组合赋权法  模糊综合评价法
DOI:10.19363/J.cnki.cn10-1380/tn.2022.12.09
投稿时间:2020-08-22修订日期:2020-12-26
基金项目:
Establishing a Comprehensive Evaluation Model for the Competency Assessment of Pentesting Cybersecurity Talents
zhangxiu, liubaoxu, gongxiaorui, yudongsong, zhaobeibei
(Institute of Information Engineering, Chinese Academy of Sciences)
Abstract:
The cultivation and selection of talents are indispensable from a “ruler” for measuring them. Taking the CVSS as an example, an evaluation model with high operability can not just be an abstract model of thinking. Furthermore, there are six essential parts: metric or criterion, weight, method to map the criterion with a corresponding numerical value, computational formula, rating and score. Prior research lacks these parts to varying degrees. Therefore, in the form of multiple rounds of questionnaire surveys, this paper uses a variety of qualitative and quantitative evaluation methods to establish a comprehensive evaluation model with the above six essential parts for the competency assessment of pentesting cybersecurity talents. First, we summarize the criterion structure and definition by literature review combining with the Delphi method. Then, we apply the analytic hierarchy process, the entropy weight method and the combination weighting method to obtain the weight of criteria. Next, we design a method of labelling tasks based on the membership matrix to map the criterion with a corresponding numerical value. Finally, the rating and score are calculated by taking advantage of the computational formula in the fuzzy comprehensive evaluation method.
Key words:  pentesting cybersecurity talents  comprehensive evaluation model  the Delphi method  analytic hierarchy process  entropy weight method  combination weighting method  fuzzy comprehensive evaluation