Risk Assessment Mode Design And Study, And Its Realization In E-government System

E-government system is an important means to effectively make policy, manage and service, involving state secrets and high sensitivity of the core of government information, will inevitably encounter various hostile forces, terrorist groups, the destruction and disruption of attacks. In addition, the E-government system is based on the Internet, there are many potential safety problems, so that E-government system security is faced with severe challenges. E-government System Security has been already the important component of National Security, as to ensure the E-government System Security. It is the most important task of security construct to build E-government Information Security Guarantee system. Information Security Management is one of key link in the guarantee system. As the important content of Information Security Management, Risk Assessment plays an important role in each stage of building the information security administration. Now with that the Risk Assessment study going deep, various assessment methods have appeared. The risk assessment is a synthesis assessment process, establishing the simplification and effective assessment model is the foundation that smoothly completes the Risk Assessment.The paper discusses the development history and situation of the international and national Information Security Guarantee, introduces many popular risk assessment methods, like OCTAVE, SSE-CMM, Analytic Hierarchy Process(AHP), RMECA etc. Then analyzes the security demand of E-government System, emphasize the security demand differ with the ordinary information system. Based on the above analysis, summarizes risk in the physical security, network structure, system structure, application security, management.According to the above theoretical research, An E-government System information security risk assessment model based on fuzzy theory and OCTAVE method is established here with the theories and methods of systems science. First of all, we set base concept of fuzzy mathematics theory. Three level indexes system of the impossibility of threats was established, the critical degree of vulnerabilities was analyzed from the impact degree to the asset and the degree of being attacked. And the fuzzy comprehensive evaluation method was used to calculate membership degrees which relating to the weights of indexes and risk rank of security events. The algorithm combines the operability of the OCTAVE method with the accuracy of the fuzzy comprehensive evaluation method, provides an effective reference for the E-government System assessment. Finally, an E-government system example to prove that such a risk assessment model is feasible.