Management System For Information System Security Evaluation

Nowadays, with the global spread of information technology, the way of our lives, learning, work and play has been facilitated. At the same time, however, information system is faced with a growing number of security problems. Relative reports show that one net page is infected by virus every5seconds in average world wildly, one hacker event occurs every20seconds, showing that the security of information systems are under considerable threaten. By conducting the assessment of information systems, we can access the actual safety-secure ability of information system, helping customers have a clear understanding of the information system safety status, and giving out the suitable measures for the improvement and strengthening of our information system.Based on the domestic and international research of information systems security evaluation criteria, this paper provides a set of design for management system of information system security evaluation program. In the final part, through the application of develop framework of SSH, it develops an experimental methods for the layers of a J2EE-based management system of information system security evaluation program, and develops a prototype system.1. The index weight and expert weight analyze of the information system security evaluation:by the analytic hierarchy process and clustering analysis of group AHP, it analyses and calculates the index weights and expert weights.2. The design for the management system of information system security evaluation program:under the four principles of practicality, reliability, scalability, and ease of use, using B/S architecture and J2EE and SSH technology, through the method of the life cycle waterfall model, it designs management system of information system security evaluation program.3. The realization of management system of information system security evaluation program:the realization is from designing system by using My eclipse, Tomcat, Oracle and other software.All in all, the information system security assessment using the analytic hierarchy process and fuzzy statistical method, makes the safety assessment system with greater flexibility, strong operability, making the results of composite assessment more objective and accurate. And testing the system by evaluating the instance is feasible.