The Risk Analysis And Quantitative Evaluation Of Information System

Nowadays in the large scale network environment of open system interconnection, no matter what consummate security protection technology will be applied, risk always exists. It's advisable to apply the intelligent risk management during the whole network communication. And that the careful risk analysis for information security is the necessary precondition of the reliable and effective risk management. So the risk analysis and evaluation of information system has been paid more and more attention.In this dissertation, from the viewpoint of whole protection of information and its flow, information system was separated into three parts including subject, object and environment. Every part included different sub-parts and every sub-part was constructed by different components. So a relatively independent and relatively correlative hierarchy structure was composed of the component of information system. And then information system was divided into nine risk regions. The risk of information system was researched in these risk regions. Hereby almost all of current communication patterns were concluded and generalized into five typical communication patterns. It built a generally applicable resource data-base for information system, and also provided a reducible component set for the resource distribution of the special information system. Moreover it provided reference for building risk evaluation system of information system through the application of the general risk analysis method to information system.Based on the resource distribution model of information system, the risk of information system was defined according to the general definition of system risk. That is the risk of information system is the uncertainty of information system and its resources to obtain security characters (confidentiality, integrity, availability, ect.). Therefore the risk evaluation of information system is to follow concerned...