针对现有的企业安全风险管理中,风险处理方案的制定和管理措施的选择缺乏量化手段、手动风险分析方式耗时过长等问题,提出了一种基于马尔科夫逻辑网的信息安全风险管理方法。首先利用马尔科夫逻辑网对被评估系统组件及服务间依赖关系进行描述,进而利用马尔科夫逻辑网的边际推理模型来预估不同安全管理措施情况下的系统可用性值,从而为管理措施的选择提供了量化依据。案例研究表明,该方法能够为企业信息系统安全风险管理措施的选择提供可靠的量化依据,且方法实施简单易行。 In view of the existing enterprise security risk management, the lack of quantitative measures for the formulation of risk management solutions and the selection of management measures and the long time-consuming manual risk analysis methods, an information security risk management based on Markov logic network method. Firstly, Markov networks are used to describe the dependencies between the evaluated system components and services, then the marginal reasoning model of Markov logic network is used to estimate the system availability values ​​under different security management measures, Choice provides a quantitative basis. The case study shows that this method can provide a reliable quantitative basis for the selection of measures for the management of enterprise information security risk, and the method is simple and easy to implement.