| The study of the quantitative assessment method of different risks of network information is an important basic study in the information security. This is also one of the front subjects in IT field. Network security evaluation is also called dangerous degree appraisal of network or risk appraisal of risk, which aims at systematic security in the real world. According to scientific procedure and method, it carries on abundant qualitative analysis and quantitative analysis to the dangerous key element in the system, and makes effective safety measure. It dispels danger or reduce it to minimum extent danger.This paper described the current situation of network security, the current situation of network evaluation and the evaluation standard of the security of network information. Including TCSEC (Trusted Computer System Evaluation Criteria; commonly called the "Orange Book"), which is a standard for computer security issued by the US government; ITSEC(the Information Technology Security Evaluation Criteria), which is a standard for computer security that was issued by the Europe, CC(Common Criterion), which is a world standard for computer security; GB 17859-1999, which classified criteria for security protection of Computer information system in China. This paper surveyed several kinds of appraisal methods including Distance Comprehensive Appraisal Method, Grey Related Degree Appraiseal Method and Data Envelopment Analysis (DEA) method, and analysed the characteristic of each kind of appraisal method and scope of application.Many qualitative and uncertain factors of netwoek evaluation considered, this paper introduces emphatically about Fuzzy Synthesis Evaluation Method of network. How to discern , analyse and appraise by using of theory and method of system engineering the possibility happening about inherent or potential risk of network information security and the dangerous factor. The evaluation step about network synthesis security risk has been described. Based on hardware and software and external environment condition, synthesis Evaluation Index system can be established. Set up five first level indexes, such as the entity and environment security of the network, the organization and management system, safe practice measure, communication security of the network. Corresponding to each first level index and set up second index. This paper analysed the setting-up principle of the system weight of the index and weight normalization treatment method. I develop a network evaluation system according to the Fuzzy Synthesis Evaluation Methodof network security. This system can make fast and accurately quantitative appraisal and provide the safe grade on risk degree that the network exists.According to the one-level Fuzzy Evaluation Model, Multilevel Fuzzy Synthesis Evaluation Model of network security has been provided. Combining with the instance of network, the evaluation step of vetwork security by seing of evaluating model. The result of evaluation is in conformity with reality. |
PDF Full Text Request