Information Security Risk Assessment Based On Fuzzy Influence Diagram

With the rapid development of information technology, information technology has been applied to all areas of society, information systems in government agencies, enterprises and research institutions and other organizations in the increasingly popular and is playing an increasingly important role. Information systems security has become the country's political, military and economic development must be solved. Information systems for effective information security risk assessment is the fundamental basis for management, but also within the field of information security one of the most important. Currently, the information security risk assessment has become an international information security research focus.Thesis on international information security risk assessment and management of research results and problems to comprehensive review, and on this basis, mainly to complete the following work and innovation: first, the mainstream of international risk assessment evaluation methods were compared to out of the analysis; Second, the research results at home and abroad, and our information security risk assessment and management practice, propose a combination of influence graph theory, easy-to information security risk assessment methodology. The method combines qualitative and quantitative methods of advantage, while the height from the system point of view of information system problems, the introduction of the idea of fuzzy logic provides a solution to complex problems in a comprehensive multi-factor assessment program, and analyze the main processes are described ; again, on the basis of extensive research, the establishment of a multi-level, multi-angle impact map based on fuzzy information security risk assessment model, and gives the evaluation algorithm; Finally, the model is applied to an actual business environment. go, given the practical application of the model process and results analysis. Thesis presents a model for information security risk assessment and management decision-making provides a new choice, has a certain practical value.