Research On Risk Analysis Model Of Information Security Management System Based On ISO17799

With the enhancement of informationization degree, enterprise, government to individual depends on information system more strongly. Risk analysis to information system becomes an very important problem, and our country has attached importance to it highly. Along with the deepening research to risk analysis, many risk analysis methods appears, for example, P2DR model, PADIMEE model, OCTAVE, etc. Although they have their own merits and flaws, these methods can't combine with standard beautifully to apply to information security management. At this point, this article put forwards building risk analysis model of information security management system based on ISO17799.Combining risk analysis and risk control policy improves risk management implement. Firstly this article introduces domestic and foreign research actuality and existent problems, expatiates risk analysis related concepts, existing risk analysis methods, risk analysis tools, risk analysis related standards, related standards'merits and flaws, risk analysis models, risk analysis process, explains the meaning of building risk analysis model of information security management system based on ISO17799 in this foundation, and illuminates detailed this model.In risk policy aspect, this model brings concept of modularization. Fuzzy clustering law divides property entities into several weak coupling models. It makes for parallel evaluation, advances evaluation efficiency, reduce evaluation difficulty. In risk policy aspect, fuzzy clustering law clusters 133 control measures to each property entity according to the importance to corresponding protected entity, so that we can definitude control measure'importance degree to each evaluation entity, and the corresponding relation is settled. In this way, risk status is analyzed, and feasible advice is brought. It makes implementing and popularizing risk management becoming easier, non-professional doing risk management.In risk compute aspect, because of the risk analysis characteristic of non-necessity of obtaining exact figure to some initial data, mixing principle of qualitative and quantitative is brought to compute weight. According to weight, we can get risk comparative size. Original remark is acquired by expert marking method, and weight is computed by mixing principle of qualitative and quantitative to reduce the influence of subject factors.