| With the rapid development of computers and internet technology, the problems of information security become more serious day by day. The foundation of the solution to these problems is Information Systems Security Assessment (ISSA). The nature of ISSA is Risk Management. Based on relevant ISSA standards, and by using scientific methods, it analyzes the possible threat to the internet and information assets. It may reduce the risk to an acceptable degree. The CORAS framework is a platform of Information System Security Assessment, which is a complete assessment system that includes multiple alternative risk analysis techniques. It analyzes the basic theories and methods, and has a tool. This paper studies the CORAS framework.Base on the analysis above, the paper talks about the improvement of CORAS framework, which forms A-CORAS assessment framework. The framework is led into with UML-Petri exchange, which helps to make up for the defects of CORAS by using Petri, in order to perfect the accuracy of CORAS. In CORAS framework, we use three kinds of information security risk assessment methods what based on belief network, based on AHP and fuzzy comprehensive and based on gray theory, and then we calculate the risk level.By case analysis, this paper tests and verifies feasibility of all the improvement methods, and also designs A-CORAS, the original information system security assessment. |
PDF Full Text Request