| With information security management system as its research target and based on exploring the definition, function and construction techniques of information security systems and analyzing and comparing security management models, this thesis presents a new information security management model. Based on this model, the research of this paper primarily focuses on the problems of information security risk assessment, information security policy and monitoring on information security and brings forward some methods to solve them. Basic concepts of risk assessment and procedures of risk assessment are introduced. Currently used qualitative and quantitative approaches to risk assessment are summarized. An integrated approach to information security risk assessment is proposed. An ART2-based dynamic risk management model is proposed by using of clustering technique and neural network knowledge. Based on summarizing the concepts, elements and structure of information security policy, O-Telos language is used to describe information security policy and an information security policy knowledge base is thus formed. In order to eliminate differentitation and conflicts among information security policies, a knowledge-based information security policy management model using Agent techniques is proposed. In order to solve the problem that information security devieces may produce false alarms and repetitive information, an agent-based information security monitoring system is designed by using the Agent techniques and clustering algorithm.
|
PDF Full Text Request