企业信息安全评价体系的构建是研究企业信息安全的重难点，为方便宏观了解各行业、规模、地区的企业信息系统安全水平，基于界壳论，提出界壳综合实力概念，建立企业信息系统安全评价模型。首先，根据企业信息系统防护阶段构建三层界壳防护体系，即预防信息受损外层界壳、抵抗内外部攻击中间层界壳、系统更新与维护内层界壳。其次，利用主成分分析和界壳综合实力，确定各评价指标权重。最后，运用模糊综合评判法构建多维度企业信息系统安全评价模型。结果表明，企业属性为第三产业、大规模、华东时，信息安全系统界壳综合实力最强，各层系统界壳防护实力在同级比较时同样最强，即企业信息系统界壳综合实力最强，各层界壳防护能力同样较为突出。算例结果符合实际情况，说明了模型的有效性。

The construction of enterprise information security evaluation system is an important and difficult point in the study of enterprise information security. In order to understand the security level of enterprise information system in various industries, scales and regions at a macro level, based on the theory of boundaries, the concept of comprehensive strength of boundaries is put forward, and the security evaluation model of enterprise information system is established. Firstly, according to the protection stage of enterprise information system, a three-layer boundary shell protection system is constructed, that is, outer boundary shell to prevent information damage, intermediate boundary shell to resist internal and external attacks, system renewal and maintenance of inner boundary shell. Secondly, the weights of each evaluation index are determined by using principal component analysis and comprehensive strength of boundary shell. Finally, a multi-dimensional enterprise information system security evaluation model is constructed by using the fuzzy comprehensive evaluation method. The results show that when the enterprise attributes are tertiary industry, large-scale and East China, the comprehensive strength of information security system boundary shell is the strongest, and the protection strength of each layer system boundary shell is the strongest when compared with the same level, that is, the comprehensive strength of enterprise information system boundary shell is the strongest, and the protection ability of each layer boundary shell is also more prominent. The results of the example are in line with the actual situation, which shows the validity of the model.

无