Some Key Technology Research In The Information System Risk Assessment

As the rapid development of the economy and the technology, people's life and work are increasingly dependent on information technology services. People are experiencing the information revolution which impact on humanity of a far-reaching. The information systems are also becoming the key basic facilities of country building. At the same time the security risks, the information systems facing, are rising. Computer viruses, computer theft and the servers invaded, destroyed illegally have become increasingly common and complex. Any enterprise, information system may be faced with a wide range of security threats such as computer-aided fraud, spying, sabotage, fire, flood and so on. The security risks of the information systems are changing into the global issues for the state security from purely technical issues. How to effectively use various security measures, how to scientifically assess the security situation of the information systems and how to give effective safety scheme have become serious problems.Information security involves many aspects; its control is a complex process. Risk assessment for risk control provides the foundation. For the main problems of the information systems security assessment, this paper summarizes a conceptual framework. And on the basis, combining quantitative and qualitative methods, the paper does research for the information system security assessment theory and the key technology. For uncertainty complexity of the information system security issues, the paper combines AHP, fuzzy math, multi-attribute decision-making and group decision-making methods with information system security assessment, which can help for further enhance the objectivity, science and accuracy of information systems safety assessment results.The paper does the following research for the information system security risk assessment: 1. Outline and summarize for the development status of information security structure theory and the evaluation criteria.2. The chapter outlines for the related concept of risk assessment, including assessment content, assessment function, assessment methods and assessment principles. And the chapter introduces some basic concepts that often be used in information system risk assessment, which make us have an integrity comprehension on the risk assessment framework, and does foundation for behind chapters.3. Risk assessment process, this chapter analyses risks, threats, vulnerabilities and assets, and also detailed analyses their relations between them mutual influence and constraint. The chapter provides that the assessor should fully consider of its own characteristics when assess the different systems. And make targeted assessment plan, calculate the risk level that more accords with the actual situation of systems.4. This chapter focuses on the AHP application in risk assessment, the step of AHP, the deficiency of AHP, the improve ways commonly used, the deficiency of the improve ways, the improve ways that this paper provides. And finally this paper gives better weight of decision-making, preparing for the next chapter's study.5. This chapter outlines the multi-attribute decision-making and fuzzy multi-attribute decision-making. And then this chapter focuses on researching fuzzy group decision-making. This chapter does detailed study on how to quantify the index value of the property, how to make sure consistency for the different form preference information and how to ensure the fuzzy numbers algorithm and membership function and so on. The chapter does fuzzy comprehensive evaluation. The chapter finally gives comprehensive sequence, getting the best scheme or getting the pros and cons of the order. The chapter makes sure the order be scientific, objective, and reflect the view of the majority, as far as possible.The meaning of the paper is through interdisciplinary research such as the information security, the AHP, the decision-making theory and fuzzy math and so on to build an information system security assessment theoretical framework, doing in-depth research for the key technology. The paper introduces new ideas for the information system security assessment study. And the paper explores the new approach for enhancing the information system security assessment results. The paper also extends and deepens the content of the information system security assessment, which has an important significance for improving the accuracy and the efficiency of the security assessment.