Information Security Risk Management Of Highway Ennineering

The traditional highway project management often only focus on the project progress, cost, weight, safety management, although it has achieved a lot of valuable experience and achievements, but in the present case has been unable to meet the engineering development of high standards. Mainly due to the construction of highway engineering, information management is relatively lag caused a decline in the overall level of project management, information management, especially in the safety management of information are the most prominent. Information security management aims to ensure safety, all kinds of assets between different assets in engineering construction coordination work and the protection of assets information generation, transmission, storage and execution completed successfully. This paper stands in the view of information security, this paper presented a method for assessing a new information security management, to the highway engineering construction cycle of the main line, provides a new perspective for the management of project management.The classification framework based on six assets, assessment of all information security are based on the division of framework of six major assets, assets, assets classification to solve the problem of fuzzy evaluation in information security evaluation of boundary assets repeated evaluation. Use asset partitioning framework, the software and hardware that degree of correlation and little use, information technology, enterprise management culture, personnel management and so on overall in the same asset identification framework. Information security risk assessment in the ALE framework, the asset value depends on the actual workload:using WBS decomposition of the highway engineering project according to the construction period, the expert score for each work item, security value of each asset three attribute score. According to the coefficient of structure analysis of score of ratio of matrix to calculate the security attributes, solve the safety value of assets calculation. Risk assessment using Bayesian networks. Bayesian networks can excavate the small sample data, can consider the risk factors after the logic level, etc.Considering the two factors asset risk threat that asset vulnerability and vulnerability severity, combined with expert scoring matrix diagram and part of the actual sample data as the sample data of original evaluation of Bayesian network, calculate the probability distribution diagrams of various information security risk factors, the risk coefficient. Using grey system theory combined with the historical data investigation to avoid constructing probability evaluation model of complex, a simple and effective way to quickly determine the probability of risk prediction. Study on the risk assessment method for information security, to provide another perspective of highway engineering project management case can give managers, especially early decision-making project. Effectively reduce the information security risk management, improve the comprehensive management level.