Based On The The Orthogonal Risk Classification System Security Risk Assessment Of Key Technology Research

With the development of information technology, it brings convenence to people's daily lives as well as makes information security risk even harder. By evaluating the security risk of certain information system, it's security risk can be effectively prevented and controled. There are both quantitative and qualitative methods for information security risks assessment. In the traditional methods of quantitative analysis of security risks, prediction models are seleceted subjectively by analyzing the defect data, and then growth curve for security risks are fit by statistical methods.After several years of development, a variety of quantitative analysis model for security risk have been proposed, but due to the diversity and complexity of information systems, there is no model which is universally applicable, and the result of the different models often inconsistent with each other. Therefore, quantitative analysis of security risks need to address on the issue that how to choose a appropriate model to access the information security risk effectively. For this problem, this paper proposed a distance based approach for selection and ranking of medel prediction results, rather than choose a priori model subjectively. With this method, we can make full use of exist models, and then select the best fit model for certain dataset, so as to make prediction of security risks more effectively.In order to make insight analysis of defect growth curve, orthogonal defect classification method is introduced. By classifying the security risk according to the orthogonal defect classification rules, combining with the existing models, and using the distance based approach model evaluation method, we develop security risks growth curve model for different type of defects respectively, so as to make security risk assessment more effectively and with the rich results produced by this process, we can provide guidance for software development process.Finally, orthogonal defect classification method and growth curve are combined and form a relative assessment framework for security risks based on defect type, and by analyzing cases the necessity and correctness of this framework is verified.