Information Security Risk Assessment Model And Its Application In Railway System

With the rapid development of China’s computer network, the main business inmore and more areas is indispensable to the computer, which is also dependent oninformation systems to be implemented. So is it safe when we use the informationsystem? What are the conditions to the greatest degree of protection of informationsystem security? These issues are worthy of people’s consideration. As a result, theissue on the application of the system in terms of security has drawn everyone’sattention; therefore the use of the system must go through the premise security riskassessment.At present, the research achievement of this area in China are lagging behind theone in foreign countries, such as formal analysis and description, which can notaccurately analyze the risk and calculate the risk value algorithm. What’s more, theresult of the assessment is not intuitive. To solve this problem, this paper starts from theelements of information security and elements of information risk assessment in thesystem, to conduct a detailed analysis. Meanwhile, combined with the theory of fuzzymathematics and analytic hierarchy process to establish a quantitative model, it willovercome the person’s subjective judgment, selection, and preference for humanassessment results through the traditional risk assessment，in order to make the decisiontend to be more reasonable.In this paper, the author takes on the study and research on the theory ofinformation risk assessment, and the learning of assessment methods, put the theoryapplied to the actual development of the system, the evaluated system hierarchicallydecomposed and analyzed, to obtained an overall calculated framework to model,making the working process more objective and more effective, and the process of riskassessment results to be more specific，and more evidence-based.The main ideas are as follows:1. From an overall view, the author introduces the concept of information securityrisk assessment, elaborates its correlation method, emphatically states the analytichierarchy process, and the implementation process, also leads the" fuzzy mathematics theory" into the practical risk assessment work, so as to provide the quantitative form ofthe basis for decision-making.2. The author makes employments to the general framework of the integratedvalue.3. Through the simulation calculation, the author establishes calculation model. tobasic elements on the system "threat probability"," asset vulnerability" and" existingsecurity measures", based on possibility of the fuzzy comprehensive evaluation on therisk event.4. By taking “railway safety management information system" as an example, theauthor uses the comprehensive risk value calculation model for actual calculation of thecase assessment.