| Information security is an important problem in the development of world informatization. Our country developed our security criteria and formulated a plan of hierarchy protection for information products and systems to establish an evaluation and certification system in 2003. And, the supporting evaluation methods and tools are so cried for. However, the present research sticks on the security problem of the information products and system modules and ignores the fact that the security of the information systems is a dynamic process. According to this, the thesis studied the testing and assessment models and methods for the information systems to bring forward a feasible solution scheme.Firstly, based upon the security requirement of the hierarchy protection standard system and the information-centric concept of the McCumber Cube model, the thesis presented a new testing and assessment method not constrained by organizational or technical changes for the protection of the information systems. Also, the method deepened the concept of the model and ignored the influence of human factors to consolidate the operability and practicability.Secondly, the thesis analyzed the influence of human factors on the security of the information systems. The indexing set for the assessment was established according to the relationship between the log files and human psychological security feature. Also, an assessment method based on fuzzy AHP(Analytic Hierarchy Process) was presented in consideration of the uncertainty and fuzzy quality of the human risk degrees measurement. And, examples demonstrated the validity and practicability of the method.Finally, using the information-centric method and the human risk degrees method, the thesis bring forward a feasible solution scheme through three stages including the former prepare work, the analyzing process and the result reports referring.The achievement of this thesis can enhance the utility of security test and assessment work on the information systems. |
PDF Full Text Request