Research On The Risk Assessment Model Of Information System Implement

With the rapid development of information technology, the national economy depends on the information and information system more and more. The information security issue tends to be seriously. Attention must be paid and enough solution be thought. The essence of the information security management is the management of risk because security and risk can never be separated. There is neither absolute security nor absolute risk. The so-called security information system is to reduce the risk to a certain degree gradually through adopting the best policy of management of risk. Risk assessment is the first step in approaching risk management, and it is an important means for ensuring information secure too. Its function has been recognized widely.What information security risk assessment does is, according to relational evaluating standards, the procedure of evaluating the vulnerability and the threat of information asset, along with the negative impact and the likelihood of harmful things. For the risk of information security, the vulnerability and the threat would be the reason, while the impact and the possibility would be the result. It is a new and very important issue to conduct the Information System Risk Analysis and Security Management in information construction, which has drawn the great attention of the government. The Information System Security Management does not involve only the management system or only the relevant techniques, but includes the relevant strategies, management and techniques.According to the characteristic of different exploder way, this article indicates every part of exploder of information system definitely and expounds assignments of system implement procedure effectively. Then based on the theoretical guidance of SSE-CMM and the idea of process improvement, the article described the characteristics of risk in the information systems implement procedure, gave the implementation elements of risk assessment and raised the indices risk level of information systems implement procedure in the context of the current risk assessment theory. The risk system of implement procedure is divided into three levels, and specific risk indicators like risk sources, the impact scope and preventive measures is described in detail, which provides a theoretical basis for risk assessment and controlling. On this basis, using the comprehensive evaluation based on multi-layer gray theories and Analytical Hierarchy Progress (AHP), this article described the calculation process of the risk assessment for implement procedure. According to the results of risk value, the key factors in process of information systems implement can be identified, it laid the foundation for targeted work of risk control. Based on an actual implement case, the final chapter provided example analysis which certificated the model.