Research On Information Security Evaluation Based On Fuzzy Evaluation Method And Implementation

In the past few decades, information technology has been developing rapidly and has been entering into every aspect of humans'life and manufacture. Humans have been heavily depended on information technology to provide us with convenience. The level of information technology has become an important factor to measure comprehensive national strength. On the other hand, the issues of information security appear continually and seriously affect the people's normal work and live, which might even jeopardize national security. Therefore, many kinds of methods and standards to evaluate information security have been appearing in the world and a huge system of information security evaluation has been formed. These standards and methods are designed to apply to a special erea of information security evaluation. These methods and standards have some shortcomings, such as a long life cycle, complex evaluation steps and resource consumption.A new practical information security evaluation method , combination of quantitative and qualitative methods , mainly based on the most authoritative information security evalution standard CC, widely used AHP and fuzzy comprehensive evaluation method, is proposed in this paper,in order to evaluate the technical computing environment in CAEP. First, the CC security function components are revised to construct a hierarchical structure of security factors for the object being evaluated;then, through AHP,decision matrixes are constructed to calculate the weight of security factors in relation to the their upper one; then, membership vectors of every security factor in each layer are caculated and their last security levels are gotton by fuzzy comprehensive evaluation. Entropy theory is creatively used to decide the effectiveness of the membership vectors given by experts. Two new concepts, safe and unsafe components, are proposed in this paper and security measures can be taken to transform unsafe components to safe components. A real case is given in this paper to demonstrate the specific evaluation process of this method.At last, in order to use this method effectively, an evaluation aid system is designed by requirement analysis, overall design, database design, GUI design and core algorithm design.