| With the continuous advance of information technology and the popularization of Internet, information system has gradually been the important infrastructure in every social field. However, because of the particularity of information technology and the inherence of safety problem, the problem of system security becomes more and more important. Well risk evaluation to information system is the base of information system security, and a precondition for making reliable and effective prevention measure.This paper use the method which is based on system security engineering, comprises risk analysis, risk measurement, risk evaluation to assessment information system's risk. This paper analysis the risk factors of information system, then establishments the risk assessment's index system which contains the index system of risk occurrence probability and the possible loss caused by the risk, and analysis their effectiveness and credibility. On the basis of information security risk factor hierarchical structure, using the triangular fuzzy number to indicate the information experts' judgment, the fuzzy evaluation values are ranked with fuzzy complementary judgment method based on possibility degree, and get the weight of index system. In the risk evaluation, using the risk assessment method which based on Dempster-Shafer evidence theory to get Credibility of the function (Grade probability distribution), this method reduces the subjective and uncertainties opinions of experts.Finally, this paper uses the quantitative models into a Well-known hospital's hospital information system in zhejiang Province. Then use fuzzy comprehensive evaluation and Dempster-Shafer evidence theory to assessment the risk of this system respectively, Compare the results of the assessment, know that Dempster-Shafer evidence theory is more accurate and correct than fuzzy comprehensive evaluation. |
PDF Full Text Request