Font Size: a A A

Research On The Theories And Key Technologies Of Information System Security Evaluation

Posted on:2006-09-27Degree:DoctorType:Dissertation
Country:ChinaCandidate:F LiuFull Text:PDF
GTID:1118360155972157Subject:Computer Science and Technology
Abstract/Summary:PDF Full Text Request
With the coming of Information Age, mankind's desire for information system security has increased tremendously. It will be meaningful to give an answer about 'how' secure an information system is. Moreover, in a rapidly globalizing and increasingly uncertain world, taking correct security evaluation and decisions becomes essential for survival of the organization or indeed of the nation. But users cannot be expected to know exactly whether the security properties of the information system they use really fulfill their requirements. The impartial and competent security evaluation of the information system is needed. Despite many security evaluation metrics out there, none has been approved widely. To grasp these new challenges, the field of security evaluation itself has to develop and become more practical and relevant on the needs of the day. Therefore, this thesis's purpose is to describe author's initial results of research in security evaluation to improve the performance of security evaluation for information system.The current achievements of research in information security evaluation areas such as security evaluation criteria and methods both inland and overseas have been studied in Chapter 1.In Chapter 2, the problems that should be studied in security evaluation of information system have been demonstrated. And the research framework of this thesis is brought forward.The author has been engaged in the research on security evaluation method of information system and proposes an operational evaluation method-ISSUE (Information System SecUrity Evaluation). Also in Chapter 3, the design and implementation of security evaluation aid system-SEAS based on the proposed ISSUE is given.Assessing risk is one key element of a broader set of security evaluation activities. Although all elements of the security evaluation are important, risk assessments provide the foundation for other elements of the evaluation cycle. As risk probability is a key factor of risk, estimation of risk probability is an unavoidable challenge. In Chapter 4 the author put forward a risk probability assessment model and proposed an estimator of risk probability based historical data. One obvious criticism of this approach is that, past returns do not guarantee future performance. While this is undoubtedly true, pragmatism leads to the conclusion that knowledge of the past is better than no knowledge at all.As there are many decision-making problems in security evaluation, the theory and method of fuzzy multiple attributes group decision-making has been found to be theoretically appealing as well as useful in practice of security evaluation. Then a fuzzy interactive security group decision making support system is proposed in Chapter 5.In Chapter 6, some important problems of quantitative security evaluation areinvestigated. And the quantitative security evaluation technologies of information system have been proposed.Finally, the thesis; summarizes author's work and forecasts the future work.In summary, the author has studied thoroughly issues on security evaluation of information system and provides a theoretical and practical solution for progressing and improving security evaluation.
Keywords/Search Tags:Information System Security Evaluation, Security Risk Assessment, Risk Probability, Security Assurance, Security Decision-making, Fuzzy Multiple Attributes Group Decision-making, Quantitative Security Evaluation.
PDF Full Text Request
Related items