Based On The Fuzzy Evaluation Of Military Information Security Risk Assessment Study

Information is an important resource for the society’s development, In the process of information alization of armed forces, according to plentiful building and board using of information system based on computer network, the military information is facing the more and more severe security menace. In order to protect the secufity of the military information systems, the information security management is very important. The risk assessment is one of the most important steps of risk management.First, the thesis makes the relative definitions of military information security risk and military information security risk assessment, analysis the characters of former in detail, and explain the process of the latter. On the other hand, it gives ail-round explanation about identification, assess and calculate of risk security,focusing on the process of security risk and the security risk assessment which computer network faces. Focuses on the risk calculation modelis macroscopic and is not a very strong sexual characteristics in "Information Security Risk Assessment Guide". Through hierarchical decomposition of the evaluation system, the system involved in the quantitative analysis of the various elements, and propose the risk calculation model of the overall framework. Then gives the presentation of a riskevent likelihood computing model based on fuzzy comprehensive evaluation.and uses analytic hierarchy process, through building a comparison judgment matrix to calculate the risk impact.At last, the thesis introduced the functions and characteristics of an Army emergency command information system, the quantification model of information security risk assessment was applied to a actual system to verify its feasibility. Investigated, including the risks’categories and their sizes,solutions to reduce and avoid those risks are also proposed. Therefore, the security requirements are further clarified for the system, and the key aspects of security protection are determined, and contribute to the Network and Information System’s effectiveness and long-term reliability.