The Technology Research And Software Realization Of The Information Security Risk Assessment Based On The Knowledge Base

Following the development of the information technology, the problem of the information field is getting more serious. This phenomenon has aroused extensive attention both at home and abroad. But studies discovered that there is no absolute security and completely risk, but only the security risk beyond the control of the security measures may lead to the occurrence of security incidents. Therefore, the safety management of information system is essentially become into management and control to the risk of information systems and the adoption of the risk control measures. It is feasible to balance the seriousness of the risk to an acceptable level through the analysis of risks and risk control measures. This organization and implementation work should be completed by the information security risk assessment. In fact, the process of risk assessment is a process to seek a balance between the security and the risk. It is necessarily not only to ensure the safe operation of information systems, but also to prevent the arising cost of the risk control measures. Therefore the risk assessment process is an dynamic, circulatory one of reducing of the system risk as well as an seeking balance process between information property risk and security measure costIn the paper, the author introduces the development and actuality of the information security risk assessment based on studying of the theory of security risk assessment, elaborates the risk assessment basic concept and the theory, analyses the traditional risk factor identification methods, the model and the aid, points out the insufficiency of the FTA in risk analysis and makes the improvement, enhances the accuracy of the appraisal result through introducing the grey system theory into the risk assessment, the grey system theory is used to solve those problems that"some information is clear, some is not clear". At the same time, the paper appraises the partial capability is be play of the aid in the assessment process and the author bring forward a fast and accurate risk assessment system which based on the knowledge base. Afterwards, on the foundations of these achievements, based on combining the research results and the practice, a software system for risk assessment based on knowledge base is developed and the risk information base and risk knowledge base is also established. These research results have already been applied to practice,and developed the information security of our country and confirmed the good feasibility.