| Evaluation of the security of an information system is to evaluate a system to see it's security protection ability under a special operation environment and task. Although people began to study the project more than 10 years ago, there are still many problems to resolve.This thesis discusses a risk evaluation flow and method , combined with the level partition and risk evaluation, combined the practical requirement of an information security evaluation, and then this paper put forwards fuzzy comprehensive evaluation and arrangement analytical method to resolve the infection of man-made ingredient to level partition, when evaluating the security and capability of a information system or a security product, it is difficulty to build appliance data in practice, this paper introduces the idea to establish a evaluating testing kip to solve such problem; At the end, this paper sets forth in detail a scheme to realize an information system security evaluation assistant tool and the evaluation task quantity can be largely lessened when using this tool and the evaluation result will be more uniformly, repeatedly and comparatively. |
PDF Full Text Request