The Research On Network Security Risk Assessment And Risk Management

With the computer network development, the security of network is becoming increasingly remarkable. Risk analysis and evaluation for the information system of network, for controlling and managing the existing problems that they are found out from the network information system, it has became emphasis in the information age. In a system with hundreds of resource, frangibility, attacks and security decision-making considered, the quantified risk evaluation and automatic established network security decision-making has became especially important. It is based upon that the existing information system of the security risk appraisal method exists insufficiency, this article has proposed appraisal model which based on the fuzzy mathematics, and has realized the risk assessment parameter continual quantification. On the basis of network security risk management present situation, this paper proposed an improved algebraic project of network security risk management .It has implemented automatic controling of network security. Concrete work is described as follows:Firstly, several important concepts and factors of the risk assessment are elaborated. On the base of the existing appraisal method insufficiency, we introduced fuzzy mathematics appraisal method, established the fuzzy integrative evaluation model. After fully considering of the coupling among all the factors impacting on assessment, it is eliminated as far as possible because the appraised subjectivity and the discrete data brings deviation, the quantified Risk Assessment is implemented, obtained appraisal result which an entire direct-viewing user is easy to accept.Secondly, According to the requirements of the equation for risk Analysis, an assessment model is constructed, at the same time, the corresponding each module are designed. Considering the actual realization technology, the designed assessment model is simplified. discussed the concrete realization, needed technology, platform of the each appraisal factor and method .Successively, an improved and enhanced algebraic scheme is proposed. It has increased a rewriting system, and consummated the factors that risk analysis methods should be considered. Thus, it converts the network security risk decision into the solution of an algebraic equation. Risk management can be implemented by automatic principles.Finally, an algorithm for the best security decision-making choice is proposed, and it is implemented with VC++6.0. Correction and rationality of the proposition is proved by the executing results.