Research On The Risk Assessment Of Information Systems And Quantitative Methods

With the development of the internet and information, the applications of information systems have been constantly expanding in all walks of life and showing more importance. On the other hand, no matter how perfect the security measures, the risk is always there, it is threatening the security of the system. Therefore, it is necessary to analysis and assess the risk of information system in order to protect the system and ensure the normal operation.Risk assessments of information systems have been studied for a long time and made many achievements in process,methods and tools. But, there are still have considerable controversies in the theory and practical where worthy of further study on.This paper proposed elements of risk assessment model based on the distribution and the dynamic nature of information systems that the relationships between factors influence the assessment process after study of a large number of relevant information for risk assessment. The model specific analysis the information system between the various risk factors for the successful completion of the assessment laid the foundation.After analysis of relationship between risk factors, The paper proposed three-dimensional evaluation model of information systems from resource protecting,process controlling and security achieving of information systems. Finally, We study on the processes and technologies of information system risk assessment.In the process of Information system to quantify the risk, it is difficult to determine the probability of risk event happens and the value of risk through effective data analysis because of the complexity of the system risk factors and uncertainly. Based on this, the paper uses the method of fuzzy comprehensive evaluation to calculate the risk probability and the impact values, and by example describes the process of the algorithm.Then, from the technical management of risk control measures, the system is divided into different security domains, to strengthen the system of risk management.At the end, we use a specific information system as an example to analyze risks of the information system using the risk assessment model and calculate values of risks using the method of fuzzy comprehensive evaluation.