Quantitative Information Security Risk Assessment Model Study Based On SSE-CMM

Along with the information technology unceasing development, the information technology is already applied to each domain of society. The majority unit and enterprise have already established own information system, uses the information system to complete the daily work and to provide the service for customers, therefore the information system security to individual, unit and society becomes more and more importantly. The information system destruction can brings serious loss for the society and Individual, carries on the risk assessment to the information system can discover the risk the existence and the reason beforehand, provide the safe guard measure for the organization, causes the occurrence of risk to reduce smallest,therefore,the research of information system security appraisal is a important research topic current .At present, the research of information security risk assessment is mainly about appraisal standard and appraisal method. Based on the present risk assessment standard and method, this article has mainly completed below the work and innovation: First, through research of the international typical information security risk assessment standard and the risk assessment method, has made the improvement to the SSE-CMM model. Forms a integral risk assessment system through mading the SSE-CMM model and the OCTAVE method organic union; Next, has carried on the reduction and the improvement to the OCTAVE method, after the improvement, OCTAVE method even more suits our country information system risk assessment;Once more, proposed the SOARA risk assessment model above this foundation. In the SOARA model uses the level (AHP) parsing algorithm To realize risk assessment from the qualitative analysis to the quantitative analysis, causes the result of information system risk assessment more objective and fair; Finally, applies the SOARA model to information system of a unit. Through application, obtains the SOARA model is a suitable information system risk assessment model for our country national condition. The work of this article has the certain practical value regarding .